This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Survivable Monitoring in Dynamic Networks
September 2006 (vol. 5 no. 9)
pp. 1242-1254
Christian Scheideler, IEEE Computer Society
We present a monitoring system for a dynamic network in which a set of domain nodes shares the responsibility for producing and storing monitoring information about a set of visitors. This information is stored persistently when the set of domain nodes grows and shrinks. Such a system can be used to store traffic or other logs for auditing or can be used as a subroutine for many applications to allow significant increases in functionality and reliability. The features of our system include authenticating visitors, monitoring their traffic through the domain, and storing this information in a persistent, efficient, and searchable manner. The storage process is O(\log n){\hbox{-}}{\rm competitive} in the number of network messages with respect to an optimal offline algorithm; we show that this is as good as any online algorithm can achieve and significantly better than many commonly used strategies for distributed load balancing.

[1] J.P. Anderson, “Computer Security Threat Monitoring and Surveillance,” technical report, James P. Anderson Co., Apr. 1980.
[2] G. Ateniese, M. Steiner, and G. Tsudik, “New Multi-Party Authentication Services and Key Agreement Protocols,” IEEE J. Selected Areas in Comm., 2000.
[3] A. Bakker, E. Amade, G. Ballintijn, I. Kuz, P. Verkaik, I. van der Wijk, M. van Steen, and A. Tanenbaum, “The Globe Distribution Network,” Proc. 2000 USENIX Ann. Conf. (FREENIX Track), pp. 141-152, 2000.
[4] J.S. Balasubramaniyan, J.O. Garcia-Fernandez, D. Isacoff, E. Spafford, and D. Zamboni, “An Architecture for Intrusion Detection Using Autonomous Agents,” Technical Report 98/05, Purdue Univ., 2005.
[5] C. Batten, K. Barr, A. Saraf, and S. Trepetin, “pStore: A Secure Peer-to-Peer Backup System,” technical report, MIT Laboratory for Computer Science, Dec. 2001.
[6] M. Bellare, R. Canetti, and H. Krawczyk, “Keying Hash Functions for Message Authentication,” Proc. 16th Ann. Int'l Cryptology Conf. Advances in Cryptology, 1996.
[7] J. Cannady and J. Harrell, “A Comparative Analysis of Current Intrusion Detection Technologies,” Proc. Fourth Technology for Information Security Conf. (TISC '96), May 1996.
[8] Y. Chen, J. Edler, A. Goldberg, A. Gottlieb, S. Sobti, and P. Yianilos, “A Prototype Implementation of Archival Intermemory,” Proc. Fourth ACM Conf. Digital Libraries, pp. 28-37, 1999.
[9] I. Clarke, O. Sandberg, B. Wiley, and T.W. Hong, “Freenet: A Distributed Anonymous Information Storage and Retrieval System,” Proc. ICSI Workshop Design Issues in Anonymity and Unobservability, 2000, http:/freenet.sourceforge.net.
[10] L.P. Cox and B.D. Noble, “Pastiche: Making Backup Cheap and Easy,” Proc. Fifth USENIX Symp. Operating Systems Design and Implementation, Dec. 2002.
[11] F. Dabek, M.F. Kaashoek, D. Karger, R. Morris, and I. Stoica, “Wide-Area Cooperative Storage with CFS,” Proc. 18th ACM Symp. Operating Systems Principles, Oct. 2001.
[12] S. Elnikety, M. Lillibridge, M. Burrows, and W. Zwaenepoel, “Cooperative Backup System,” Proc. USENIX Conf. File and Storage Technologies, Jan. 2002.
[13] M. Goodrich and R. Tamassia, Data Structures and Algorithms in Java, second ed. John Wiley and Sons, 2001.
[14] J. Hochberg, K. Jackson, C. Stallings, J.F. McClary, D. DuBois, and J. Ford, “NADIR: An Automated System for Detecting Network Intrusion and Misuse,” Computers & Security, vol. 12, no. 3, 1993.
[15] S. Ioannidis, A. Keromytis, S. Bellovin, and J. Smith, “Implementing a Distributed Firewall,” Proc. Conf. Computer and Comm. Security, 2000.
[16] R. Janakiraman, M. Waldvogel, and Q. Zhang, “Indra: A Peer-to-Peer Approach to Network Intrusion Detection and Prevention,” Proc. 2003 IEEE WET ICE Workshop Enterprise Security, June 2003.
[17] A.K. Jones and R.S. Sielken, “Computer System Intrusion Detection: A Survey,” technical report, Computer Science Dept., Univ. of Virginia, 2000.
[18] R.A. Kemmer, “NSTAT: A Model-Based Real-Time Network Intrusion Detection System,” Technical Report TRCS97-18, Univ. of California-Santa Barbara, Nov. 1997.
[19] S. Kumar and E. Spafford, “An Application of Pattern Matching in Intrusion Detection,” Technical Report CSD-TR-94-013, Purdue Univ., June 1994.
[20] J. Kubiatowicz, D. Bindel, Y. Chen, S. Czerwinski, P. Eaton, D. Geels, R. Gummadi, S. Rhea, H. Weatherspoon, W. Weimer, C. Wells, and B. Zhao, “OceanStore: An Architecture for Global-Scale Persistent Storage,” Proc. Ninth Int'l Conf. Architectural Support for Programming Languages and Operating Systems (ASPLOS 2000), pp. 190-201, 2000.
[21] G. Liepens and H. Vaccaroo, “Intrusion Detection: Its Role and Validation,” Computer & Security, vol. 11, pp. 347-355, 1992.
[22] T.F. Lunt, “A Survey of Intrusion Detection Techniques,” Computer & Security, vol. 12, pp. 405-418, 1993.
[23] Nat'l Institute for Standards and Technology (NIST), Secure Hash Standard, FIPS 180-1, 1993, http://www.itl.nist.gov/fipspubsfip180-1.htm .
[24] Ohaha, Smart Decentralized Peer-to-Peer Sharing, http://www. ohaha.comdesign.html, 2003.
[25] G. Pandurangan, P. Raghavan, and E. Upfal, “Building Low-Diameter Peer-to-Peer Networks,” Proc. 42nd IEEE Symp. Foundations of Computer Science (FOCS '01), 2001.
[26] P.A. Porras and P.G. Neumann, “EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances,” Proc. 19th Nat'l Information System Security Conf. (NISSC), 1997.
[27] M. Rabin, “Efficient Dispersal of Information for Security, Load Balancing, and Fault Tolerance,” J. ACM, vol. 36, no. 2, pp. 335-348, 1989.
[28] S. Rhea, C. Wells, P. Eaton, D. Geels, B. Zhao, H. Weatherspoon, and J. Kubiatowicz, “Maintenance-Free Global Data Storage,” IEEE Internet Computing, vol. 5, no. 5, pp. 40-49, Sept./Oct. 2001.
[29] C. Riley and C. Scheideler, “Guaranteed Broadcasting Using SPON: Supervised Peer Overlay Network,” technical report, Johns Hopkins Univ., 2003, http://www.cs.jhu.edu/~chrisr/papersspon_tr.ps.gz .
[30] A. Rowstron and P. Druschel, “Pastry: Scalable, Distributed Object Location and Routing for Large-Scale Peer-to-Peer Systems,” Proc. IFIP/ACM Int'l Conf. Distributed Systems Platforms, Nov. 2001.
[31] A. Rowstron and P. Druschel, “Storage Management and Caching in PAST, a Large-Scale, Persistent Peer-to-Peer Storage Utility,” Proc. 18th Symp. Operating Systems Principles (SOSP '01), pp. 188-201, 2001.
[32] S.E. Smaha and J. Winslow, “Misuse Detection Tools,” Computer Security J., vol. 10, no. 1, pp. 39-49, 1994.
[33] S.R. Snapp, J. Brentano, G.V. Dias, T.L. Goan, L.T. Heberlein, C. Ho, K.N. Levitt, B. Mukherjee, S.E. Smaha, T. Grance, D.M. Teal, and D. Mansur, “DIDS (Distributed Intrusion Detection System)-Motivation, Architecture, and an Early Prototype,” Proc. 14th Nat'l Computer Security Conf., Oct. 1991.
[34] S. Staniford-Chen, S. Cheung, R. Crawford, M. Dilger, J. Frank, J. Hoagland, K. Levitt, C. Wee, R. Yip, and D. Zerkle, “GrIDS-A Graph Based Intrusion Detection System for Large Networks,” Proc. 20th Nat'l Information System Security Conf. (NISSC), Oct. 1996.
[35] M. Steiner, G. Tsudik, and M. Waidner, “Key Agreement in Dynamic Peer Groups,” IEEE Trans. Parallel and Distributed Systems, 2000.
[36] I. Stoica, R. Morris, D. Karger, M.F. Kaashoek, and H. Balakrishnan, “Chord: A Scalable Peer-to-Peer Lookup Service for Internet Applications,” Proc. 2001 Conf. Applications, Technologies, Architectures, and Protocols for Computer Comm. (SIGCOMM 2001), pp. 149-160, 2001.
[37] M. Turoff, “Past and Future Emergency Response Information Systems,” Comm. ACM, vol. 45, no. 4, pp. 29-32, Apr. 2002.
[38] G. White, E. Fisch, and U. Pooch, “Cooperating Security Managers: A Peer-Based Intrusion Detection System,” IEEE Network, vol. 10, no. 1, 1994.

Index Terms:
Monitoring, audit logs, survivable storage, network intrusion detection, emergency communication.
Citation:
Giuseppe Ateniese, Chris Riley, Christian Scheideler, "Survivable Monitoring in Dynamic Networks," IEEE Transactions on Mobile Computing, vol. 5, no. 9, pp. 1242-1254, Sept. 2006, doi:10.1109/TMC.2006.138
Usage of this product signifies your acceptance of the Terms of Use.