Title :
Towards survivable intrusion detection system
Author :
Yu, Dong ; Frincke, Deborah
Author_Institution :
Center for Secure & Dependable Software, Idaho Univ., USA
Abstract :
Intrusion detection systems (IDS) are increasingly a key part of system defense, often operating under a high level of privilege to achieve their purposes. Therefore, the ability of an IDS to withstand attack is important in a production system. In this paper, we address the issue of survivable IDS. We begin by categorizing potential vulnerabilities in a generic IDS and classifying methods used to enhance IDS survivability. We then propose an efficient fault tolerance based Survivable IDS (SIDS) along with a systematic way to transform an original IDS architecture into this survivable architecture. Key components of SIDS include: a dual-functionality forward-ahead (DFFA) structure, backup communication paths, component recycling, system reconfiguration, and an anomaly detector. Use of the SIDS transformation should result in an improvement in IDS survivability at low cost.
Keywords :
security of data; IDS architecture; anomaly detector; backup communication paths; component recycling; dual-functionality forward-ahead; fault tolerance-based survivable IDS; intrusion detection system; key components; survivable architecture; system defense; system reconfiguration; Costs; Data analysis; Detectors; Fault tolerant systems; Independent component analysis; Intrusion detection; Performance analysis; Production systems; Recycling; Security;
Conference_Titel :
System Sciences, 2004. Proceedings of the 37th Annual Hawaii International Conference on
Print_ISBN :
0-7695-2056-1
DOI :
10.1109/HICSS.2004.1265702
