Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
A model-based approach to self-protection in computing system
Chen Q., Abdelwahed S., Erradi A.  CAC 2013 (Proceedings of the 2013 ACM Cloud and Autonomic Computing Conference, Miami, FL, Aug 5-9, 2013)1-10.2013.Type:Proceedings
Date Reviewed: Dec 16 2013

An autonomous security management system that aims to detect, analyze, and react to attacks in an automated fashion is the focus of this paper.

To accomplish this, the authors use a variety of sensors. An anomaly-based intrusion detection system (IDS) monitors parameters such as central processing unit (CPU) load, memory, and network statistics to detect previously unknown attacks, while a traditional signature-based IDS checks for attacks that do not have a noticeable impact on performance. Furthermore, the system uses a future exploits forecaster running an autoregressive integrated moving average (ARIMA) model to predict the future state of the system based on environmental parameters, system state, security parameters, and control inputs. Suspicious flows are routed to a virtual machine called the “front VM” where their effects can be studied to determine whether the flow is malicious. When an attack is identified, the system selects and deploys possible defensive measures using a multiobjective analysis controller (MAC).

The measures include common controls such as intrusion prevention systems, packet filtering, and server replication/scaling, but more drastic measures such as server disconnection or shutdown are available if the need arises. To select the appropriate reaction to a given threat, the MAC uses criteria such as execution speed, packet rate recovery, and CPU utilization recovery to rank alternatives.

Evaluation of the autonomous system using user datagram protocol (UDP) floods, simple SQL injection (detected by a signature-based IDS), and memory exhaustion attacks show that, although the protection time is not yet ideal, the system reacts appropriately to these situations.

The proposed system might work well to defend against denial of service attacks because the filter can be specifically adapted to the traffic pattern. Other attacks (such as attacks on web-based content management systems) might be missed if a signature is not yet available and no other anomalies, such high system load, are present.
Reviewer:  Edgar R. Weippl Review #: CR141813 (1402-0132)
Bookmark and Share
  Featured Reviewer  
 
Security and Protection (C.2.0 ... )
 
 
Unauthorized Access (K.6.5 ... )
 
Would you recommend this review?
yes
no
Other reviews under "Security and Protection": Date
Introduction to data security and controls (2nd ed.)
Edward R. I., QED Information Sciences, Inc., Wellesley, MA, 1991. Type: Book (9780894353864)		 Aug 1 1992
Security for computer networks: an introduction to data security in teleprocessing and electronic funds transfer
Davies D., Price W., John Wiley & Sons, Inc., New York, NY, 1984. Type: Book (9780471900634)		 Oct 1 1985
The development and proof of a formal specification for a multilevel secure system
Glasgow J., Macewen G. ACM Transactions on Computer Systems 5(2): 151-184, 1987. Type: Article		 Oct 1 1987
more...
E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use | Privacy Policy