Despite the increased focus on security, complex networked systems remain vulnerable to attacks. Intrusion Tolerance is an emerging paradigm for developing systems, which continue to operate correctly, and provide acceptable services even in the face of an intrusion. The effectiveness of this approach is strongly dependent on the efficiency of the adopted detection and diagnosis mechanisms. In this work, we propose an architectural framework, which collects information at several architectural levels, using multiple security probes, which are deployed as a distributed architecture, to perform event correlation and diagnosis analysis of intrusion symptoms. The experimental results show that the use of different security information sources can improve the detection and the diagnosis of attacks

Achieving Security by Intrusion-Tolerance Based on Event Correlation

FICCO, Massimo
2010

Abstract

Despite the increased focus on security, complex networked systems remain vulnerable to attacks. Intrusion Tolerance is an emerging paradigm for developing systems, which continue to operate correctly, and provide acceptable services even in the face of an intrusion. The effectiveness of this approach is strongly dependent on the efficiency of the adopted detection and diagnosis mechanisms. In this work, we propose an architectural framework, which collects information at several architectural levels, using multiple security probes, which are deployed as a distributed architecture, to perform event correlation and diagnosis analysis of intrusion symptoms. The experimental results show that the use of different security information sources can improve the detection and the diagnosis of attacks
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11591/231344
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact