A generic software architecture for deception-based intrusion detection and response systems

Download
Author
Uzuncaova, Engin
Date
2003-03Advisor
Michael, James Bret
Riehle, Richard
Metadata
Show full item recordAbstract
Today, intrusion detection systems provide for detecting intrusive patterns of interaction. Although the responses of such systems are typically limited to primitive actions, they can be supplemented with deception-based strategies. We propose a generic software architecture combining intrusion detection and deceptive response capabilities in a uniform structure. Detecting and responding to attacks are realized via runtime instrumentation of kernel-based modules. The architecture provides for dynamically adjusting system performance to maintain continuity and integrity of both legitimate services and security activities.