Masakazu Fujii, Kenichi Takahashi, Y. Hori, K. Sakurai
{"title":"支持第三方入侵检测","authors":"Masakazu Fujii, Kenichi Takahashi, Y. Hori, K. Sakurai","doi":"10.1109/FTDCS.2008.32","DOIUrl":null,"url":null,"abstract":"Intrusions are one of the most important issues in the current Internet environment. Therefore, a lot of researchers and companies elaborated countermeasure techniques such as intrusion detection systems (IDS) and intrusion prevention systems (IPS). These systems detect intrusions and prevent attackers from succeeding in their intrusion attempts. They usually rely on pattern matching and therefore, work efficiently on known-attacks. However, they do not work efficiently on unknown-attacks such as zero-day attacks and targeted attacks. This means, we should assume that our machines can be corrupted anytime. Therefore, we should consider what we can do under this assumption for a next generation security framework. In this paper, we propose a new intrusion detection methodology using the support of other machines. In our proposal, when an attacker tries to attack other machines from a corrupted machine that the attacker has already intruded, other machines notify it to the administrator of the corrupted machine. Then, the attacker may lose the corrupted machine. Therefore, the attacker restrains itself from imprudently attacking other machines. This will suppress the propagation of corrupted machines in the Internet.","PeriodicalId":414800,"journal":{"name":"2008 12th IEEE International Workshop on Future Trends of Distributed Computing Systems","volume":"25 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-10-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Intrusion Detection Using Third-Parties Support\",\"authors\":\"Masakazu Fujii, Kenichi Takahashi, Y. Hori, K. Sakurai\",\"doi\":\"10.1109/FTDCS.2008.32\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Intrusions are one of the most important issues in the current Internet environment. Therefore, a lot of researchers and companies elaborated countermeasure techniques such as intrusion detection systems (IDS) and intrusion prevention systems (IPS). These systems detect intrusions and prevent attackers from succeeding in their intrusion attempts. They usually rely on pattern matching and therefore, work efficiently on known-attacks. However, they do not work efficiently on unknown-attacks such as zero-day attacks and targeted attacks. This means, we should assume that our machines can be corrupted anytime. Therefore, we should consider what we can do under this assumption for a next generation security framework. In this paper, we propose a new intrusion detection methodology using the support of other machines. In our proposal, when an attacker tries to attack other machines from a corrupted machine that the attacker has already intruded, other machines notify it to the administrator of the corrupted machine. Then, the attacker may lose the corrupted machine. Therefore, the attacker restrains itself from imprudently attacking other machines. This will suppress the propagation of corrupted machines in the Internet.\",\"PeriodicalId\":414800,\"journal\":{\"name\":\"2008 12th IEEE International Workshop on Future Trends of Distributed Computing Systems\",\"volume\":\"25 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-10-21\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2008 12th IEEE International Workshop on Future Trends of Distributed Computing Systems\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/FTDCS.2008.32\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 12th IEEE International Workshop on Future Trends of Distributed Computing Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/FTDCS.2008.32","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Intrusions are one of the most important issues in the current Internet environment. Therefore, a lot of researchers and companies elaborated countermeasure techniques such as intrusion detection systems (IDS) and intrusion prevention systems (IPS). These systems detect intrusions and prevent attackers from succeeding in their intrusion attempts. They usually rely on pattern matching and therefore, work efficiently on known-attacks. However, they do not work efficiently on unknown-attacks such as zero-day attacks and targeted attacks. This means, we should assume that our machines can be corrupted anytime. Therefore, we should consider what we can do under this assumption for a next generation security framework. In this paper, we propose a new intrusion detection methodology using the support of other machines. In our proposal, when an attacker tries to attack other machines from a corrupted machine that the attacker has already intruded, other machines notify it to the administrator of the corrupted machine. Then, the attacker may lose the corrupted machine. Therefore, the attacker restrains itself from imprudently attacking other machines. This will suppress the propagation of corrupted machines in the Internet.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
