An Edit-Distance Algorithm to Detect Correlated Attacks in Distributed Systems
| Main Author: | Sule Simsek |
|---|---|
| Format: | Article eJournal |
| Bahasa: | eng |
| Terbitan: |
, 2008
|
| Subjects: | |
| Online Access: |
https://zenodo.org/record/1085002 |
Daftar Isi:
- Intrusion detection systems (IDS)are crucial components of the security mechanisms of today-s computer systems. Existing research on intrusion detection has focused on sequential intrusions. However, intrusions can also be formed by concurrent interactions of multiple processes. Some of the intrusions caused by these interactions cannot be detected using sequential intrusion detection methods. Therefore, there is a need for a mechanism that views the distributed system as a whole. L-BIDS (Lattice-Based Intrusion Detection System) is proposed to address this problem. In the L-BIDS framework, a library of intrusions and distributed traces are represented as lattices. Then these lattices are compared in order to detect intrusions in the distributed traces.