Abstract | ||
---|---|---|
System protection mechanisms such as access controls can be fooledby authorized but malicious users, masqueraders, and misfeasors.Intrusion detection techniques are therefore used to supplementthem. However, damage could have occurred before an intrusion isdetected. In many computing systems the requirement for a highdegree of soundness of intrusion reporting can yield poorperformance in detecting intrusions and cause long detectionlatency. As a result, serious damage can be caused either becausemany intrusions are never detected or the average detection latencyis too long. The process of bounding the damage caused byintrusions during intrusion detection is referred to as intrusionconfinement. We justify the necessity for intrusion confinementduring detection by using a probabilistic analysis model, andpropose a general solution to achieve intrusion confinement. Thekey idea of the solution is to isolate likely suspicious actionsbefore a definite determination of intrusion is reported. We alsopresent two concrete isolation protocols in the database and filesystem contexts, respectively, to evaluate the feasibility of thegeneral solution, which can be applied to many types of informationsystems. |
Year | Venue | Keywords |
---|---|---|
1999 | Journal of Computer Security - Special issue on database security | intrusion confinement,information systems,thegeneral solution,general solution,information system,becausemany intrusion,serious damage,intrusion reporting,intrusion detection technique,long detectionlatency,average detection,intrusion detection,probabilistic analysis,access control |
DocType | Volume | Issue |
Conference | 8 | 4 |
ISSN | Citations | PageRank |
1571-5736 | 30 | 2.19 |
References | Authors | |
17 | 3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Peng Liu | 1 | 239 | 15.80 |
Sushil Jajodia | 2 | 9375 | 1839.16 |
Catherine McCollum | 3 | 186 | 27.58 |