Author
Bingrui Foo, Yu-Sung Wu, Saurabh Bagchi, Gene Spafford, and Blake Matheny
Abstract
Distributed systems with multiple interacting services, such as distributed e-commerce systems, are suitable targets for
malicious attacks because of the potential financial impact. Intrusion detection in such systems has been an active area of
research, while the problem of containment has received relatively less attention. Containment seeks to localize the effect of
the intrusion to some parts of the system while allowing the other parts to continue to provide service. In this paper, we
present the design and implementation of an Adaptive Intrusion Tolerant System, ADEPTS, for automatically containing
intrusions in a distributed system. ADEPTS uses a directed acyclic graph of intrusion goals, called I-DAG, and a graph of
service interactions, called SNet, as the underlying representations in the system. The containment action in ADEPTS initially
has the goal of preventing the spread of the intrusion by modifying its path of escalation in the I-DAG. Failing that, it adopts a more drastic response of modifying the interactions of the services in the SNet. There is also a feedback mechanism for the
effectiveness of a deployed response and uses that in guiding future choices. ADEPTS is demonstrated on a distributed e-
commerce system and evaluated using a survivability metric whose value depends on the operational services in the face of an intrusion.
Keywords
automated intrusion response, intrusion containment, e-commerce system, survivability, distributed services
