@inproceedings{5bce8befd77140119eb98b7270d06fe6,
title = "COTS diversity based intrusion detection and application to web servers",
abstract = "It is commonly accepted that intrusion detection systems (IDS) are required to compensate for the insufficient security mechanisms that are available on computer systems and networks. However, the anomaly-based IDSes that have been proposed in the recent years present some drawbacks, e.g., the necessity to explicitly define a behaviour reference model. In this paper, we propose a new approach to anomaly detection, based on the design diversity, a technique from the dependability field that has been widely ignored in the intrusion detection area. The main advantage is that it provides an implicit, and complete reference model, instead of the explicit model usually required. For practical reasons, we actually use Components-off-the-shelf (COTS) diversity, and discuss on the impact of this choice. We present an architecture using COTS-diversity, and then apply it to web servers. We also provide experimental results that confirm the expected properties of the built IDS, and compare them with other IDSes.",
keywords = "Anomaly detection, COTS diversity, Design diversity, Intrusion detection",
author = "Eric Totel and Fr{\'e}d{\'e}ric Majorczyk and Ludovic M{\'e}",
year = "2006",
month = jan,
day = "1",
doi = "10.1007/11663812\_3",
language = "English",
isbn = "3540317783",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "43--62",
booktitle = "Recent Advances in Intrusion Detection - 8th International Symposium, RAID 2005, Revised Papers",
note = "8th International Symposium on Recent Advances in Intrusion Detection, RAID 2005 ; Conference date: 07-09-2005 Through 09-09-2005",
}