Site Navigation

ADEPTS: Adaptive Intrusion Containment in Distributed Service Environments

Page Content

Get BibTex-formatted data

Author

Bingrui Foo, Yu-Sung Wu, Saurabh Bagchi, Gene Spafford, and Blake Matheny

Tech report number

CERIAS TR 2005-01

Entry type

article

Abstract

Distributed systems with multiple interacting services, such as distributed e-commerce systems, are suitable targets for malicious attacks because of the potential financial impact. Intrusion detection in such systems has been an active area of research, while the problem of containment has received relatively less attention. Containment seeks to localize the effect of the intrusion to some parts of the system while allowing the other parts to continue to provide service. In this paper, we present the design and implementation of an Adaptive Intrusion Tolerant System, ADEPTS, for automatically containing intrusions in a distributed system. ADEPTS uses a directed acyclic graph of intrusion goals, called I-DAG, and a graph of service interactions, called SNet, as the underlying representations in the system. The containment action in ADEPTS initially has the goal of preventing the spread of the intrusion by modifying its path of escalation in the I-DAG. Failing that, it adopts a more drastic response of modifying the interactions of the services in the SNet. There is also a feedback mechanism for the effectiveness of a deployed response and uses that in guiding future choices. ADEPTS is demonstrated on a distributed e- commerce system and evaluated using a survivability metric whose value depends on the operational services in the face of an intrusion.

Download

PDF

Date

2004 – 12

URL

http://shay.ecn.purdue.edu/~dc ... s/adepts_ccs04_submit.pdf

Institution

Purdue University

Key alpha

Bagchi

School

Purdue University

Affiliation

CERIAS

Publication Date

2004-12-01

Keywords

automated intrusion response, intrusion containment, e-commerce system, survivability, distributed services

Subject

Automated intrusion response

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Article{ Bagchi,
	title = "ADEPTS: Adaptive Intrusion Containment in Distributed Service Environments ",
	author = "Bingrui Foo, Yu-Sung Wu, Saurabh Bagchi, Gene Spafford, and Blake Matheny",
	year = "2004",
	month = "12",
	institution = "Purdue University",
	school = "Purdue University",
	abstract = "Distributed systems with multiple interacting services, such as distributed e-commerce systems, are suitable targets for 
malicious attacks because of the potential financial impact. Intrusion detection in such systems has been an active area of 
research, while the problem of containment has received relatively less attention. Containment seeks to localize the effect of 
the intrusion to some parts of the system while allowing the other parts to continue to provide service. In this paper, we 
present  the  design  and  implementation  of  an  Adaptive  Intrusion  Tolerant  System, ADEPTS,  for  automatically  containing 
intrusions  in  a  distributed  system.  ADEPTS  uses  a  directed  acyclic  graph  of  intrusion  goals,  called  I-DAG,  and  a  graph  of 
service interactions, called SNet, as the underlying representations in the system. The containment action in ADEPTS initially 
has the goal of preventing the spread of the intrusion by modifying its path of escalation in the I-DAG. Failing that, it adopts a more drastic response of modifying the interactions of the services in the SNet. There is also a feedback mechanism for the 
effectiveness  of  a  deployed  response  and  uses that in guiding future choices. ADEPTS  is  demonstrated  on  a  distributed  e-
commerce system and evaluated using a survivability metric whose value depends on the operational services in the face of an intrusion.  ",
	affiliation = "CERIAS",
	keywords = "automated intrusion response, intrusion containment, e-commerce system, survivability, distributed services",
	subject = "Automated intrusion response",
	url = "http://shay.ecn.purdue.edu/~dcsl/Publications/papers/adepts_ccs04_submit.pdf",
}

Current News

Blog

Footer

RSS Feeds

Combined XML Feed News XML Feed Events XML Feed Weblogs XML Feed Security Seminar Podcast Twitter: @cerias, @ceriasarchive, #cerias

CERIAS, Purdue University / Recitation Building / 656 Oval Drive / West Lafayette IN 47907-2086
phone (765)494-7841 / fax (765)496-3181

Copyright © 2013, Purdue University, all rights reserved. Purdue University is an equal access/equal opportunity university.
If you have trouble accessing this page because of a disability, please contact the CERIAS webmaster at webmaster@cerias.purdue.edu. Some content on this site may require the use of a special plug-in or application. Please visit our plug-ins page for links to download these applications.
Privacy Policy

Intranet Site