ADEPTS: Adaptive Intrusion Containment in Distributed Service Environments

Page Content

Download

Download PDF Document
PDF

Author

Bingrui Foo, Yu-Sung Wu, Saurabh Bagchi, Gene Spafford, and Blake Matheny

Tech report number

CERIAS TR 2005-01

Entry type

article

Abstract

Distributed systems with multiple interacting services, such as distributed e-commerce systems, are suitable targets for malicious attacks because of the potential financial impact. Intrusion detection in such systems has been an active area of research, while the problem of containment has received relatively less attention. Containment seeks to localize the effect of the intrusion to some parts of the system while allowing the other parts to continue to provide service. In this paper, we present the design and implementation of an Adaptive Intrusion Tolerant System, ADEPTS, for automatically containing intrusions in a distributed system. ADEPTS uses a directed acyclic graph of intrusion goals, called I-DAG, and a graph of service interactions, called SNet, as the underlying representations in the system. The containment action in ADEPTS initially has the goal of preventing the spread of the intrusion by modifying its path of escalation in the I-DAG. Failing that, it adopts a more drastic response of modifying the interactions of the services in the SNet. There is also a feedback mechanism for the effectiveness of a deployed response and uses that in guiding future choices. ADEPTS is demonstrated on a distributed e- commerce system and evaluated using a survivability metric whose value depends on the operational services in the face of an intrusion.

Download

PDF

Date

2004 – 12

Institution

Purdue University

Key alpha

Bagchi

School

Purdue University

Affiliation

CERIAS

Publication Date

2004-12-01

Keywords

automated intrusion response, intrusion containment, e-commerce system, survivability, distributed services

Subject

Automated intrusion response

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.