Diversity Based Detection of Security Anomalies (slides)

Abstract: Detecting and preventing attacks before they compromise a system can be done using acceptance testing, redundancy based mechanisms, and using external consistency checking such external monitoring and watchdog processes. Diversity- based adjudication, is a step towards an oracle that uses knowable behavior of a healthy system. That approach, un- der best circumstances, is able to detect even zero-day at- tacks. In this approach we use functionally equivalent but in some way diverse components and we compare their output vectors and reactions for a given input vector. This paper discusses practical relevance of this approach in the context of recent web-service attacks.