A dependable intrusion detection architecture based on agreement services

Michel Hurfin; Jean Pierre Le Narzul; Frédéric Majorczyk; Ludovic Mé; Ayda Saidane; Eric Totel; Frédéric Tronel

doi:10.1007/978-3-540-49823-0_27

A dependable intrusion detection architecture based on agreement services

Michel Hurfin
, Jean Pierre Le Narzul
, Frédéric Majorczyk
, Ludovic Mé
, Ayda Saidane
, Eric Totel
, Frédéric Tronel

IRISA
ENST Bretagne
Supelec

Résultats de recherche: Le chapitre dans un livre, un rapport, une anthologie ou une collection › Contribution à une conférence › Revue par des pairs

Résumé

In this paper, we show that the use of diversified COTS servers allows to detect intrusions corresponding to unknown attacks. We present an architecture that ensures both confidentiality and integrity at the COTS server level and we extend it to enhance availability. Replication techniques implemented on top of agreement services are used to avoid any single point of failure. On the one hand we assume that COTS servers are complex softwares that contain some vulnerabilities and thus may exhibit arbitrary behaviors. While on the other hand other basic components of the proposed architecture are simple enough to be exhaustively verified. That's why we assume that they can only suffer from crash failures. The whole system is assumed to be asynchronous and furthermore messages can be lost. In the particular case of Web servers connected to databases, we identify the properties that have to be maintained and the alarms that have to be raised. We describe in details how the different replicated levels interact together and, for each level, we precise the reasons that have led us to use a particular agreement service. Performance evaluations are conducted to measure the quality of service of the Intrusion Detection System (quantity of false positives and lack of false negatives) and the additional cost induced by the mechanisms used to ensure the availability of this secure architecture.

langue originale	Anglais
titre	Stabilization, Safety, and Security of Distributed Systems - 8th International Symposium, SSS 2006. Proceedings
Editeur	Springer Verlag
Pages	378-394
Nombre de pages	17
ISBN (imprimé)	3540490183, 9783540490180
Les DOIs	https://doi.org/10.1007/978-3-540-49823-0_27
état	Publié - 1 janv. 2006
Modification externe	Oui
Evénement	8th International Symposium on Self-Stabilizing Systems, SSS 2006 - Dallas, TX, États-Unis Durée: 17 nov. 2006 → 19 nov. 2006

Série de publications

Nom	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	4280 LNCS
ISSN (imprimé)	0302-9743
ISSN (Electronique)	1611-3349

Une conférence

Une conférence	8th International Symposium on Self-Stabilizing Systems, SSS 2006
Pays/Territoire	États-Unis
La ville	Dallas, TX
période	17/11/06 → 19/11/06

Accès au document

10.1007/978-3-540-49823-0_27

Autres fichiers et liens

Lien vers la publication dans Scopus

Contient cette citation

Hurfin, M., Narzul, J. P. L., Majorczyk, F., Mé, L., Saidane, A., Totel, E., & Tronel, F. (2006). A dependable intrusion detection architecture based on agreement services. Dans Stabilization, Safety, and Security of Distributed Systems - 8th International Symposium, SSS 2006. Proceedings (p. 378-394). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol 4280 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-540-49823-0_27

Hurfin, Michel ; Narzul, Jean Pierre Le ; Majorczyk, Frédéric et al. / A dependable intrusion detection architecture based on agreement services. Stabilization, Safety, and Security of Distributed Systems - 8th International Symposium, SSS 2006. Proceedings. Springer Verlag, 2006. p. 378-394 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{ab8ed3bc1dde4290844c29fe7aa3f6f1,

title = "A dependable intrusion detection architecture based on agreement services",

abstract = "In this paper, we show that the use of diversified COTS servers allows to detect intrusions corresponding to unknown attacks. We present an architecture that ensures both confidentiality and integrity at the COTS server level and we extend it to enhance availability. Replication techniques implemented on top of agreement services are used to avoid any single point of failure. On the one hand we assume that COTS servers are complex softwares that contain some vulnerabilities and thus may exhibit arbitrary behaviors. While on the other hand other basic components of the proposed architecture are simple enough to be exhaustively verified. That's why we assume that they can only suffer from crash failures. The whole system is assumed to be asynchronous and furthermore messages can be lost. In the particular case of Web servers connected to databases, we identify the properties that have to be maintained and the alarms that have to be raised. We describe in details how the different replicated levels interact together and, for each level, we precise the reasons that have led us to use a particular agreement service. Performance evaluations are conducted to measure the quality of service of the Intrusion Detection System (quantity of false positives and lack of false negatives) and the additional cost induced by the mechanisms used to ensure the availability of this secure architecture.",

keywords = "Agreement protocols, COTS, Dependability, Diversity, Intrusion detection",

author = "Michel Hurfin and Narzul, \{Jean Pierre Le\} and Fr{\'e}d{\'e}ric Majorczyk and Ludovic M{\'e} and Ayda Saidane and Eric Totel and Fr{\'e}d{\'e}ric Tronel",

year = "2006",

month = jan,

day = "1",

doi = "10.1007/978-3-540-49823-0\_27",

language = "English",

isbn = "3540490183",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "378--394",

booktitle = "Stabilization, Safety, and Security of Distributed Systems - 8th International Symposium, SSS 2006. Proceedings",

note = "8th International Symposium on Self-Stabilizing Systems, SSS 2006 ; Conference date: 17-11-2006 Through 19-11-2006",

}

Hurfin, M, Narzul, JPL, Majorczyk, F, Mé, L, Saidane, A, Totel, E & Tronel, F 2006, A dependable intrusion detection architecture based on agreement services. Dans Stabilization, Safety, and Security of Distributed Systems - 8th International Symposium, SSS 2006. Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), VOL. 4280 LNCS, Springer Verlag, p. 378-394, 8th International Symposium on Self-Stabilizing Systems, SSS 2006, Dallas, TX, États-Unis, 17/11/06. https://doi.org/10.1007/978-3-540-49823-0_27

A dependable intrusion detection architecture based on agreement services. / Hurfin, Michel; Narzul, Jean Pierre Le; Majorczyk, Frédéric et al.
Stabilization, Safety, and Security of Distributed Systems - 8th International Symposium, SSS 2006. Proceedings. Springer Verlag, 2006. p. 378-394 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol 4280 LNCS).

Résultats de recherche: Le chapitre dans un livre, un rapport, une anthologie ou une collection › Contribution à une conférence › Revue par des pairs

TY - GEN

T1 - A dependable intrusion detection architecture based on agreement services

AU - Hurfin, Michel

AU - Narzul, Jean Pierre Le

AU - Majorczyk, Frédéric

AU - Mé, Ludovic

AU - Saidane, Ayda

AU - Totel, Eric

AU - Tronel, Frédéric

PY - 2006/1/1

Y1 - 2006/1/1

N2 - In this paper, we show that the use of diversified COTS servers allows to detect intrusions corresponding to unknown attacks. We present an architecture that ensures both confidentiality and integrity at the COTS server level and we extend it to enhance availability. Replication techniques implemented on top of agreement services are used to avoid any single point of failure. On the one hand we assume that COTS servers are complex softwares that contain some vulnerabilities and thus may exhibit arbitrary behaviors. While on the other hand other basic components of the proposed architecture are simple enough to be exhaustively verified. That's why we assume that they can only suffer from crash failures. The whole system is assumed to be asynchronous and furthermore messages can be lost. In the particular case of Web servers connected to databases, we identify the properties that have to be maintained and the alarms that have to be raised. We describe in details how the different replicated levels interact together and, for each level, we precise the reasons that have led us to use a particular agreement service. Performance evaluations are conducted to measure the quality of service of the Intrusion Detection System (quantity of false positives and lack of false negatives) and the additional cost induced by the mechanisms used to ensure the availability of this secure architecture.

AB - In this paper, we show that the use of diversified COTS servers allows to detect intrusions corresponding to unknown attacks. We present an architecture that ensures both confidentiality and integrity at the COTS server level and we extend it to enhance availability. Replication techniques implemented on top of agreement services are used to avoid any single point of failure. On the one hand we assume that COTS servers are complex softwares that contain some vulnerabilities and thus may exhibit arbitrary behaviors. While on the other hand other basic components of the proposed architecture are simple enough to be exhaustively verified. That's why we assume that they can only suffer from crash failures. The whole system is assumed to be asynchronous and furthermore messages can be lost. In the particular case of Web servers connected to databases, we identify the properties that have to be maintained and the alarms that have to be raised. We describe in details how the different replicated levels interact together and, for each level, we precise the reasons that have led us to use a particular agreement service. Performance evaluations are conducted to measure the quality of service of the Intrusion Detection System (quantity of false positives and lack of false negatives) and the additional cost induced by the mechanisms used to ensure the availability of this secure architecture.

KW - Agreement protocols

KW - COTS

KW - Dependability

KW - Diversity

KW - Intrusion detection

UR - https://www.scopus.com/pages/publications/33845518354

U2 - 10.1007/978-3-540-49823-0_27

DO - 10.1007/978-3-540-49823-0_27

M3 - Conference contribution

AN - SCOPUS:33845518354

SN - 3540490183

SN - 9783540490180

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 378

EP - 394

BT - Stabilization, Safety, and Security of Distributed Systems - 8th International Symposium, SSS 2006. Proceedings

PB - Springer Verlag

T2 - 8th International Symposium on Self-Stabilizing Systems, SSS 2006

Y2 - 17 November 2006 through 19 November 2006

ER -

Hurfin M, Narzul JPL, Majorczyk F, Mé L, Saidane A, Totel E et al. A dependable intrusion detection architecture based on agreement services. Dans Stabilization, Safety, and Security of Distributed Systems - 8th International Symposium, SSS 2006. Proceedings. Springer Verlag. 2006. p. 378-394. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-540-49823-0_27

A dependable intrusion detection architecture based on agreement services

Résumé

Série de publications

Une conférence

Accès au document

Autres fichiers et liens

Empreinte digitale

Contient cette citation