Intrusion Tolerance 2015

Intrusion tolerance refers to a fault-tolerant design approach to defending communications, computer and other information systems against malicious attack. Rather than detecting all anomalies, tolerant systems only identify those intrusions which lead to security failures. The topic relates to the Science of Security issues of resilience and composability. This collection cites publications of interest addressing new methods of building secure fault tolerant systems. All were presented in 2015.

Zuo Chen; Xue Li; Bin Lv; Mengyuan Jia, “A Self-Adaptive Wireless Sensor Network Coverage Method for Intrusion Tolerance Based on Particle Swarm Optimization and Cuckoo Search,” in Trustcom/BigDataSE/ISPA, 2015 IEEE, vol.1, no., pp. 1298-1305, 20-22 Aug. 2015. doi:10.1109/Trustcom.2015.521

Abstract: The sensor network coverage optimization process is vulnerable to be attacked or invaded. Therefore, in the case of wireless sensor network under attacks but also able to ensure secure communications and efficient and reliable coverage is a major problem. In this paper, we through the combination of trust management model and heuristic optimization Particle Swarm Optimization and Cuckoo Search, proposed a sensor network security coverage method based on trust management of intrusion tolerance. This method evaluate the trust value of the nodes through their behavior at first, and then adjust the perception radius and decision-making radius. Finally, combine PSO and CS serial optimization in order to achieve the intrusion tolerance for efficient adaptive coverage. By comparing the simulation with a range WSN covering mechanism, this method has certain advantages over the performance of the algorithm, and in the case of the invasion can effectively protect the safety of the overlay network. The simulation results show the effectiveness of the algorithm.

Keywords: particle swarm optimisation; search problems; telecommunication network management; telecommunication security; trusted computing; wireless sensor networks; CS serial optimization; Cuckoo search; PSO; WSN covering mechanism; cuckoo search; decision-making radius; heuristic optimization particle swarm optimization; intrusion tolerance; overlay network; perception radius; reliable coverage; secure communications; self-adaptive wireless sensor network coverage method; sensor network coverage optimization process; sensor network security coverage method; trust management model; Approximation algorithms; Clustering algorithms; Monitoring; Optimization; Reliability; Security; Wireless sensor networks; invasive tolerant; network coverage; trust value; wireless sensor network (ID#: 15-8324)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7345429&isnumber=7345233

Nascimento, D.; Correia, M., “Shuttle: Intrusion Recovery for PaaS,” in Distributed Computing Systems (ICDCS), 2015 IEEE 35th International Conference on, vol., no., pp. 653-663, June 29 2015-July 2 2015. doi:10.1109/ICDCS.2015.72

Abstract: The number of applications being deployed using the Platform as a Service (PaaS) cloud computing model is increasing. Despite the security controls implemented by cloud service providers, we expect intrusions to strike such applications. We present Shuttle, a novel intrusion recovery service. Shuttle recovers from intrusions in applications deployed in PaaS platforms. Our approach allows undoing changes to the state of PaaS applications due to intrusions, without loosing the effect of legitimate operations performed after the intrusions take place. We combine a record-and-replay approach with the elasticity provided by cloud offerings to recover applications deployed on various instances and backed by distributed databases. The service loads a database snapshot taken before the intrusion and replays subsequent requests, as much in parallel as possible, while continuing to execute incoming requests. We present an experimental evaluation of Shuttle on Amazon Web Services. We show Shuttle can replay 1 million requests in 10 minutes and that it can duplicate the number of requests replayed per second by increasing the number of application servers from 1 to 3.

Keywords: Web services; cloud computing; distributed databases; security of data; Amazon Web services; PaaS platforms; Shuttle; application servers; cloud computing model; cloud service providers; database snapshot; distributed databases; intrusion recovery service; platform as a service; record-and-replay approach; security controls; time 10 min; Computational modeling; Distributed databases; Elasticity; Security; Servers; Software; Cloud Computing; Dependability; Distributed Database Systems; Intrusion Recovery; Intrusion Tolerance; Platform as a Service (ID#: 15-8325)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7164950&isnumber=7164877

Ghabri, A.; Bellalouna, M., “Wireless Sensor Networks Modeling as a Probabilistic Combinatorial Optimization Problem,” in Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD), 2015 16th IEEE/ACIS International Conference on, vol., no., pp. 1-5, 1-3 June 2015. doi:10.1109/SNPD.2015.7176277

Abstract: The wireless sensor networks are considered as a new technology that has appeared due to technological advances in the field of development of powerful processors, wireless communication protocols and smart sensors. Because of their sensitivity, several research projects have been conducted for the purpose of finding solutions to wireless sensor networks in the presence of intrusions and failures. In fact, a sensor network must be able to maintain its functionality without interruptions caused by the failures of sensors. This problem of fault tolerance has seen a great significance among various fields of research in these networks. The main idea presented in this paper is that the combinatorial optimization provides applicable methods in the context of wireless sensor networks and the function to be optimized can be the function that calculates the consumed energy during communications, or the covered distance, or the routing path cost during data transmission to the sink. Fault tolerant protocols and approaches must then be employed to ensure reliability and to allow us choosing the best paths in order to route information from the source to the collector. In this paper, a theoretical modeling of a probabilistic combinatorial optimization problem through wireless sensors networks is explored.

Keywords: combinatorial mathematics; data communication; fault tolerance; optimisation; probability; routing protocols; telecommunication network reliability; telecommunication power management; wireless sensor networks; data transmission reliability; energy consumption; fault tolerance problem; fault tolerant protocol; probabilistic combinatorial optimization problem; routing path; sensor failure; smart sensor intrusion; wireless communication protocol; wireless sensor network model; Fault tolerance; Fault tolerant systems; Optimization; Probabilistic logic; Routing; Routing protocols; Wireless sensor networks; function; intrusions; modeling; optimization; (ID#: 15- 8326)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7176277&isnumber=7176160

Godefroy, Erwan; Totel, Eric; Hurfin, Michel; Majorczyk, Frédéric, “Generation and Assessment of Correlation Rules to Detect Complex Attack Scenarios,” in Communications and Network Security (CNS), 2015 IEEE Conference on, vol., no., pp. 707-708, 28-30 Sept. 2015. doi:10.1109/CNS.2015.7346896

Abstract: Information systems can be targeted by different types of attacks. Some of them are easily detected (like an DDOS targeting the system) while others are more stealthy and consist in successive attacks steps that compromise different parts of the targeted system. The alarm referring to detected attack steps are often hidden in a tremendous amount of notifications that include false alarms. Alert correlators use correlation rules (that can be explicit, implicit or semi-explicit [3]) in order to solve this problem by extracting complex relationships between the different generated events and alerts. On the other hand, providing maintainable, complete and accurate correlation rules specifically adapted to an information system is a very difficult work. We propose an approach that, given proper input information, can build a complete and system dependant set of correlation rules derived from a high level attack scenario. We then evaluate the applicability of this method by applying it to a real system and assessing the fault tolerance in a simulated environment in a second phase.

Keywords: Correlation; Correlators; Intrusion detection; Knowledge based systems; Observers; Sensors; Software; Alert correlation; Security and protection (ID#: 15-8327)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7346896&isnumber=7346791

Chen, Ing-Ray; Mitchell, Robert; Cho, Jin-Hee, “On Modeling of Adversary Behavior and Defense for Survivability of Military MANET Applications,” in Military Communications Conference, MILCOM 2015 - 2015 IEEE, vol., no., pp. 629-634, 26-28 Oct. 2015. doi:10.1109/MILCOM.2015.7357514

Abstract: In this paper we develop a methodology and report preliminary results for modeling attack/defense behaviors for achieving high survivability of military mobile ad hoc networks (MANETs). Our methodology consists of 3 steps. The first step is to model adversary behavior of capture attackers and inside attackers which can dynamically and adaptively trigger the best attack strategies while avoiding detection and eviction. The second step is to model defense behavior of defenders utilizing intrusion detection and tolerance strategies to reactively and proactively counter dynamic adversary behavior. We leverage game theory to model attack/defense dynamics with the players being the attackers/defenders, the actions being the attack/defense strategies identified, and the payoff for each outcome being related to system survivability. The 3rd and final step is to identify and apply proper solution techniques that can effectively and efficiently analyze attack/defense dynamics as modeled by game theory for guiding the creation of effective defense strategies for assuring high survivability in military MANETs. The end product is a tool that is capable of analyzing a myriad of attacker behaviors and seeing the effectiveness of countering adaptive defense strategies which incorporate attack/defense dynamics.

Keywords: Adaptation models; Analytical models; Game theory; Intrusion detection; Mathematical model; Mobile ad hoc networks; Vehicle dynamics; adversary modeling; defense behavior modeling; mobile ad hoc networks; reliability; survivability (ID#: 15-8328)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7357514&isnumber=7357245

Eskandari, R.; Shajari, M.; Asadi, A., “Automatic Signature Generation for Polymorphic Worms by Combination of Token Extraction and Sequence Alignment Approaches,” in Information and Knowledge Technology (IKT), 2015 7th Conference on, vol., no., pp. 1-6, 26-28 May 2015. doi:10.1109/IKT.2015.7288733

Abstract: As modern worms spread quickly; any countermeasure based on human reaction is barely fast enough to thwart the threat. Moreover, because polymorphic worms could generate mutated instances, they are more complex than non-mutating ones. Currently, the content-based signature generation of polymorphic worms is a challenge for network security. Several signature classes have been proposed for polymorphic worms. Although previously proposed schemes consider patterns such as 1-byte invariants and distance restrictions, they could not handle neither large payloads nor the big size pool of worm instances. Moreover, they are prone to noise injection attack. We proposed a method to combine two approaches of creating a polymorphic worm signature in a new way that avoid the limitation of both approaches. The proposed signature generation scheme is based on token extraction and multiple sequence alignment, widely used in Bioinformatics. This approach provides speed, accuracy, and flexibility in terms of noise tolerance. The evaluations demonstrate these claims.

Keywords: invasive software; automatic signature generation scheme; content-based signature generation; noise injection attack; polymorphic worm signature; sequence alignment approach; token extraction; Bioinformatics; Biomedical monitoring; Computers; Grippers; Intrusion detection; Monitoring; Protocols; Automatic signature generation; Multiple sequence alignment; Polymorphic worm; Regular expressions (ID#: 15-8329)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7288733&isnumber=7288662

 

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications.