Paper Info
Title
Anomaly Detection With Diagnosis In Diversified Systems Using Information Flow Graphs
Abstract
Design diversity is a well-known method to ensure fault tolerance. Such a method has also been applied successfully in various projects to provide intrusion detection and tolerance. Two types of approaches have been investigated: the comparison of the outputs of the diversified services without any knowledge of the internals of the server (black box approach) or an intrusive observation of the activities that occur on the diversified servers (gray box approach). Previous work on black-box approaches have shown that some types of attacks cannot be detected. In this paper, we introduce a gray-box approach, on the one hand to increase the detection coverage, and on the other hand to add some diagnosis capability to the IDS. Our gray-box approach is based on the comparison of information flow graphs generated by the activities on the servers.
Year
DOI
Venue
2008
10.1007/978-0-387-09699-5_20
PROCEEDINGS OF THE IFIP TC 11/ 23RD INTERNATIONAL INFORMATION SECURITY CONFERENCE
Keywords
Field
DocType
anomaly detection, design diversity, COTS diversity, anomaly diagnosis, graph similarity
Black box (phreaking),Anomaly detection,Data mining,Information flow (information theory),Computer science,Server,Anomaly-based intrusion detection system,Fault tolerance,Gray box testing,Intrusion detection system
Conference
Citations 
PageRank 
References 
6
0.57
8
Authors
4
Name
Order
Citations
PageRank
Frédéric Majorczyk1446.04
Eric Totel2569.73
Mé Ludovic315614.53
Ayda Saidane4507.20