A Replication- and Checkpoint-Based Approach for Anomaly-Based Intrusion Detection and Recovery

Columbus, Ohio, USA June 06-June 10

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/ICDCSW.2005.21

Second International Workshop on Secu ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Adnan Agbaria Articles by Roy Friedman

	ASCII Text	x
	Adnan Agbaria, Roy Friedman, "A Replication- and Checkpoint-Based Approach for Anomaly-Based Intrusion Detection and Recovery," Distributed Computing Systems Workshops, International Conference on, vol. 2, pp. 137-143, Second International Workshop on Security in Distributed Computing Systems (SDCS) (ICDCSW'05), 2005.

	BibTex	x
	@article{ 10.1109/ICDCSW.2005.21, author = {Adnan Agbaria and Roy Friedman}, title = {A Replication- and Checkpoint-Based Approach for Anomaly-Based Intrusion Detection and Recovery}, journal ={Distributed Computing Systems Workshops, International Conference on}, volume = {2}, year = {2005}, issn = {1545-0678}, pages = {137-143}, doi = {http://doi.ieeecomputersociety.org/10.1109/ICDCSW.2005.21}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Distributed Computing Systems Workshops, International Conference on TI - A Replication- and Checkpoint-Based Approach for Anomaly-Based Intrusion Detection and Recovery SN - 1545-0678 SP137 EP143 A1 - Adnan Agbaria, A1 - Roy Friedman, PY - 2005 KW - null VL - 2 JA - Distributed Computing Systems Workshops, International Conference on ER -

Adnan Agbaria, University of Illinois at Urbana-Champaign

Roy Friedman, Technion - Israel Institute of Technology

The common approach to detecting anomaly-based intrusion is by replicating the computation and running a Byzantine agreement protocol among all replicas. However, Byzantine agreement incurs high communication overhead and also requires the use of more than 2t replicas in order to overcome t such failures. However, for many applications, and in particular scientific computation, it is possible to achieve the same goal with much lower average communication and replication overheads. This paper presents a new approach for detecting an intrusion by combining checkpoint/restart with replication. The main benefit of the approach is that we replicate the execution into only t + 1 replicas, and invoke a Byzantine agreement only if we suspect an anomalous behavior that could be observed using checkpointing techniques. If a failure occurs, it is detected using any Byzantine agreement protocol that can agree on a recent valid system?s state. Such a Byzantine agreement protocol also identifies the compromised nodes and eliminates them, so the computation can proceed with only t+1 replicas until the next failure occurs.

Citation:

Adnan Agbaria, Roy Friedman, "A Replication- and Checkpoint-Based Approach for Anomaly-Based Intrusion Detection and Recovery," icdcsw, vol. 2, pp.137-143, Second International Workshop on Security in Distributed Computing Systems (SDCS) (ICDCSW'05), 2005

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.