TY - GEN
T1 - An event-driven architecture for fine grained intrusion detection and attack aftermath mitigation
AU - Peng, Jianfeng
AU - Feng, Chuan
AU - Qiao, Haiyan
AU - Rozenblit, Jerzy
PY - 2007
Y1 - 2007
N2 - In today's computing environment, unauthorized accesses and misuse of critical data can be catastrophic to personal users, businesses, emergency services, and even national defense and security. To protect computers from the ever-increasing threat of intrusion, we propose an event-driven architecture that provides fine grained intrusion detection and decision support capability. Within this architecture, an incoming event is scrutinized by the Subject-Verb-Object multipoint monitors. Deviations from normal behavior detected by SVO monitors will trigger different alarms, which are sent to subsequent fusion and verification modules to reduce the false positive rate. The system then performs impact analysis by studying real-time system metrics, collected through the Windows Management Instrumentation interface. We add to the system the capability to assist the administrator in taking effective actions to mitigate the aftermath of an intrusion.
AB - In today's computing environment, unauthorized accesses and misuse of critical data can be catastrophic to personal users, businesses, emergency services, and even national defense and security. To protect computers from the ever-increasing threat of intrusion, we propose an event-driven architecture that provides fine grained intrusion detection and decision support capability. Within this architecture, an incoming event is scrutinized by the Subject-Verb-Object multipoint monitors. Deviations from normal behavior detected by SVO monitors will trigger different alarms, which are sent to subsequent fusion and verification modules to reduce the false positive rate. The system then performs impact analysis by studying real-time system metrics, collected through the Windows Management Instrumentation interface. We add to the system the capability to assist the administrator in taking effective actions to mitigate the aftermath of an intrusion.
UR - http://www.scopus.com/inward/record.url?scp=34250201509&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=34250201509&partnerID=8YFLogxK
U2 - 10.1109/ECBS.2007.18
DO - 10.1109/ECBS.2007.18
M3 - Conference contribution
AN - SCOPUS:34250201509
SN - 0769527728
SN - 9780769527727
T3 - Proceedings of the International Symposium and Workshop on Engineering of Computer Based Systems
SP - 55
EP - 60
BT - Proceedings - 14th Annual IEEE International Conference and Workshops on the Engineering of Computer-Based Systems, ECBS 2007
T2 - 14th Annual IEEE International Conference and Workshops on the Engineering of Computer-Based Systems, ECBS 2007
Y2 - 26 March 2007 through 29 March 2007
ER -