Diversity-based Detection of Security Anomalies

Submitted by vouk on Wed, 09/17/2014 - 6:32pm

Title	Diversity-based Detection of Security Anomalies
Publication Type	Conference Paper
Year of Publication	2014
Authors	Venkatakrishnan, Roopak, Vouk, Mladen A.
Conference Name	Proceedings of the 2014 Symposium and Bootcamp on the Science of Security
Publisher	ACM
Conference Location	Raleigh, NC, USA
ISBN Number	978-1-4503-2907-1
Keywords	ACM CCS, attack detection, CPS Technologies, cyber security, diversity, Foundations, Intrusion Detection Systems, Intrusion/Anomaly Detection and Malware Mitigation, redundancy in security, science of security, Systems Engineering, Testing, Validation and Verification, web services
Abstract	Detecting and preventing attacks before they compromise a system can be done using acceptance testing, redundancy based mechanisms, and using external consistency checking such external monitoring and watchdog processes. Diversity-based adjudication, is a step towards an oracle that uses knowable behavior of a healthy system. That approach, under best circumstances, is able to detect even zero-day attacks. In this approach we use functionally equivalent but in some way diverse components and we compare their output vectors and reactions for a given input vector. This paper discusses practical relevance of this approach in the context of recent web-service attacks.
URL	http://doi.acm.org/10.1145/2600176.2600205
DOI	10.1145/2600176.2600205
Citation Key	Venkatakrishnan:2014:DDS:2600176.2600205

Groups: