A generic software architecture for deception-based intrusion detection and response systems
Authors
Uzuncaova, Engin
Advisors
Michael, James Bret
Riehle, Richard
Second Readers
Subjects
Date of Issue
2003-03
Date
Publisher
Monterey, California. Naval Postgraduate School
Language
Abstract
Today, intrusion detection systems provide for detecting intrusive patterns of interaction. Although the responses of such systems are typically limited to primitive actions, they can be supplemented with deception-based strategies. We propose a generic software architecture combining intrusion detection and deceptive response capabilities in a uniform structure. Detecting and responding to attacks are realized via runtime instrumentation of kernel-based modules. The architecture provides for dynamically adjusting system performance to maintain continuity and integrity of both legitimate services and security activities.
Type
Thesis
Description
Series/Report No
Department
Computer Science
Software Engineering
Organization
Identifiers
NPS Report Number
Sponsors
Funding
Format
xvi, 67 p. : ill. ;
Citation
Distribution Statement
Approved for public release; distribution is unlimited.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.