A Replication- and Checkpoint-Based Approach for Anomaly-Based Intrusion Detection and Recovery

I
ICDCSW
2005
Second International Workshop on Security in Distributed Computing Systems (SDCS) (ICDCSW'05)
Abstract - A Replication- and Checkpoint-Based Approach for Anomaly-Based Intrusion Detection and Recovery

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Adnan Agbaria Articles by Roy Friedman

Second International Workshop on Security in Distributed Computing Systems (SDCS) (ICDCSW'05)

Columbus, Ohio, USA

June 06-June 10

ISBN: 0-7695-2328-5

	ASCII Text	x
	Adnan Agbaria, Roy Friedman, "A Replication- and Checkpoint-Based Approach for Anomaly-Based Intrusion Detection and Recovery," Distributed Computing Systems Workshops, International Conference on, vol. 2, pp. 137-143, Second International Workshop on Security in Distributed Computing Systems (SDCS) (ICDCSW'05), 2005.

	BibTex	x
	@article{ 10.1109/ICDCSW.2005.21, author = {Adnan Agbaria and Roy Friedman}, title = {A Replication- and Checkpoint-Based Approach for Anomaly-Based Intrusion Detection and Recovery}, journal ={Distributed Computing Systems Workshops, International Conference on}, volume = {2}, year = {2005}, issn = {1545-0678}, pages = {137-143}, doi = {http://doi.ieeecomputersociety.org/10.1109/ICDCSW.2005.21}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Distributed Computing Systems Workshops, International Conference on TI - A Replication- and Checkpoint-Based Approach for Anomaly-Based Intrusion Detection and Recovery SN - 1545-0678 SP137 EP143 A1 - Adnan Agbaria, A1 - Roy Friedman, PY - 2005 KW - null VL - 2 JA - Distributed Computing Systems Workshops, International Conference on ER -

Adnan Agbaria, University of Illinois at Urbana-Champaign

Roy Friedman, Technion - Israel Institute of Technology

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ICDCSW.2005.21

The common approach to detecting anomaly-based intrusion is by replicating the computation and running a Byzantine agreement protocol among all replicas. However, Byzantine agreement incurs high communication overhead and also requires the use of more than 2t replicas in order to overcome t such failures. However, for many applications, and in particular scientific computation, it is possible to achieve the same goal with much lower average communication and replication overheads. This paper presents a new approach for detecting an intrusion by combining checkpoint/restart with replication. The main benefit of the approach is that we replicate the execution into only t + 1 replicas, and invoke a Byzantine agreement only if we suspect an anomalous behavior that could be observed using checkpointing techniques. If a failure occurs, it is detected using any Byzantine agreement protocol that can agree on a recent valid system?s state. Such a Byzantine agreement protocol also identifies the compromised nodes and eliminates them, so the computation can proceed with only t+1 replicas until the next failure occurs.

Citation:

Adnan Agbaria, Roy Friedman, "A Replication- and Checkpoint-Based Approach for Anomaly-Based Intrusion Detection and Recovery," icdcsw, vol. 2, pp.137-143, Second International Workshop on Security in Distributed Computing Systems (SDCS) (ICDCSW'05), 2005

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.