Premium
Intrusion detection and tolerance: A global scheme
Author(s) -
Djemaiel Yacine,
Rekhis Slim,
Boudriga Noureddine
Publication year - 2008
Publication title -
international journal of communication systems
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.344
H-Index - 49
eISSN - 1099-1131
pISSN - 1074-5351
DOI - 10.1002/dac.895
Subject(s) - computer science , intrusion detection system , host (biology) , intrusion tolerance , scheme (mathematics) , intrusion , computer security , host based intrusion detection system , system call , intrusion prevention system , computer network , operating system , ecology , mathematical analysis , mathematics , geochemistry , biology , geology
Protecting implemented security mechanisms and trusting their output (e.g. log files) when the host, under which they are deployed, is compromised, is among the major challenges that have to be faced. To fulfil this need, recent advances in security have considered the design of storage‐based intrusion detection system, which detect intrusions by looking at the low‐level disk requests patterns. However, these systems neither tolerate intrusions, nor do they distinguish whether the disk requests are generated by legitimate or malicious processes; and consequently, they generate a lot of false negative and positive alerts. In this paper, we present a Cooperative Intrusion Detection and Tolerance System, called CIDTS, which takes advantage of the information that are available at the network, host operating system, and storage level to better detect intrusion attempts in their early stages, even when the host is compromised. To allow cooperation, the disk communication interface that transports requests between the storage level and the host level isextended to forward information about the processes that generate the request. The paper also provides intrusion tolerance capabilities and provides techniques to support investigation activities. Copyright © 2007 John Wiley & Sons, Ltd.