This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
36th Annual Hawaii International Conference on System Sciences (HICSS'03) - Track 9
Big Island, Hawaii
January 06-January 09
ISBN: 0-7695-1874-5
James C. Reynolds, Teknowledge Corporation
James Just, Teknowledge Corporation
Larry Clough, Teknowledge Corporation
Ryan Maglich, Teknowledge Corporation
We have built a system for protecting Internet services to securely connected, known users. It implements a generate-and-test approach for on-line attack identification and uses similarity rules for generalization of attack signatures. We can immediately protect the system from many variants of previously unknown attacks without debilitating waits for anti-virus updates or software patches. Unique to our approach is the use of diverse process pairs not only for isolation benefits but also for detection. The architecture uses the comparison of outputs from diverse applications to provide a significant and novel intrusion detection capability. With this technique, we gain the benefits of n-version programming without its controversial disadvantages. The isolation of intrusions is mainly achieved with an out-of-band control system that separates the primary and backup system. It also initiates attack diagnosis and blocking, and recovery, which is accelerated by continual repair.
Citation:
James C. Reynolds, James Just, Larry Clough, Ryan Maglich, "On-Line Intrusion Detection and Attack Prevention Using Diversity, Generate-and-Test, and Generalization," hicss, vol. 9, pp.335b, 36th Annual Hawaii International Conference on System Sciences (HICSS'03) - Track 9, 2003
Usage of this product signifies your acceptance of the Terms of Use.