Sciweavers

SEC
2008

Anomaly Detection with Diagnosis in Diversified Systems using Information Flow Graphs

14 years 1 months ago
Anomaly Detection with Diagnosis in Diversified Systems using Information Flow Graphs
Design diversity is a well-known method to ensure fault tolerance. Such a method has also been applied successfully in various projects to provide intrusion detection and tolerance. Two types of approaches have been investigated: the comparison of the outputs of the diversified services without any knowledge of the internals of the server (black box approach) or an intrusive observation of the activities that occur on the diversified servers (gray box approach). Previous work on black-box approaches have shown that some types of attacks cannot be detected. In this paper, we introduce a gray-box approach, on the one hand to increase the detection coverage, and on the other hand to add some diagnosis capability to the IDS. Our gray-box approach is based on the comparison of information flow graphs generated by the activities on the servers.
Frédéric Majorczyk, Eric Totel, Ludo
Added 30 Oct 2010
Updated 30 Oct 2010
Type Conference
Year 2008
Where SEC
Authors Frédéric Majorczyk, Eric Totel, Ludovic Mé, Ayda Saïdane
Comments (0)