Integrated access control and intrusion detection for web servers

Ryutov, Tatyana; Neuman, Clifford; Kim, Dongho; Zhou, Li

doi:10.1109/tpds.2003.1233707

Cited by 48 publications

(21 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The approach to integrated security used by Ryutov et al [7,8] is based the notion of an advanced security policy that can specify allowed activities, detect abuse and respond to intrusions. Each of these tasks (access control, intrusion detection and intrusion response) is performed by a single, multi-phase policy evaluator.…”

Section: Threat Assessmentmentioning

confidence: 99%

Context-Sensitive Access Control Policy Evaluation and Enforcement Using Vulnerability Exploitation Data

Rasheed

2013

IJCNIS

View full text Add to dashboard Cite

Abstract-Conventional approaches for adapting security enforcement in the face of attacks rely on administrators to make policy changes that will limit damage to the system. Paradigm shifts in the capabilities of attack tools demand supplementary strategies that can also adjust policy enforcement dynamically. We extend the current research by proposing an approach for integrating real-time security assessment data into access control systems. Critical application scenarios are tested to examine the impact of using risk data in policy evaluation and enforcement.

show abstract

Section: Threat Assessmentmentioning

confidence: 99%

Context-Sensitive Access Control Policy Evaluation and Enforcement Using Vulnerability Exploitation Data

Rasheed

2013

IJCNIS

View full text Add to dashboard Cite

show abstract

“…Most existing IDSes reside on a single host, only examining application-level [1] and system-level [2] logs, as such detailed information can identify attacks on individual machines. However, today's fast propagating viruses/ worms (e.g., SQL Slammer worm) can infect most of the vulnerable machines in the Internet within 10 min [5] or even less than 30 s with some highly virulent techniques [6,7].…”

Section: First Scalability To High-speed Networkmentioning

confidence: 99%

“…However, spoofed DoS attacks will still cause collisions in TRW-AC, and leave the real port scans undetected. 1 The existing schemes can detect specific types of attacks, but will perform poorly when facing a mixture of attacks as in the real world. People may attempt to combine TRW-AC and CPM to detect both scans and SYN flooding attacks.…”

Section: Related Work On Intrusion Detection Systemsmentioning

confidence: 99%

“…We have designed, implemented and evaluated a variant of the sketch, namely the k-ary sketch [42], and described how to detect heavy changes in massive data streams with small memory consumption, constant update/query complexity, and accurate estimation guarantees [42]. The k-ary sketch is similar to the count sketch 1 As the authors mentioned in [22], when the connection cache size of 1 million entries reaches about 20% full, each new scan attempt has a 20% chance of not being recorded because it aliases with an already-established connection. Actually, during spoofed DoS attacks, such collisions can become even worse.…”

Section: K-ary Sketchmentioning

confidence: 99%

“…With the rapid growth of network bandwidth and fast emergence of new attacks, viruses and worms, existing network intrusion detection systems (IDS) [1][2][3][4] are insufficient due to lack of the following features.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

HiFIND: A high-speed flow-level intrusion detection approach with DoS resiliency

Gao

Chen

2010

Computer Networks

View full text Add to dashboard Cite

a b s t r a c tGlobal-scale attacks like worms and botnets are increasing in frequency, severity and sophistication, making it critical to detect outbursts at routers/gateways instead of end hosts. In this paper, leveraging data streaming techniques such as the reversible sketch, we design HiFIND, a High-speed Flow-level Intrusion Detection system. In contrast to existing intrusion detection systems, HiFIND: (i) is scalable to flow-level detection on high-speed networks; (ii) is DoS resilient; (iii) can distinguish SYN flooding and various port scans (mostly for worm propagation) for effective mitigation; (iv) enables aggregate detection over multiple routers/gateways; and (v) separates anomalies to limit false positives in detection. Both theoretical analysis and evaluation with several router traces show that HiFIND achieves these properties. To the best of our knowledge, HiFIND is the first online DoS resilient flow-level intrusion detection system for high-speed networks (e.g. OC192), even for the worst-case traffic of 40-byte-packet streams with each packet forming a flow.

show abstract

Intrusion Detection System for Securing Geographical Information System Web Servers

Park

Jin

Kim

2005

Web and Wireless Geographical Information Systems

View full text Add to dashboard Cite

Integrated access control and intrusion detection for web servers

Cited by 48 publications

References 4 publications

Context-Sensitive Access Control Policy Evaluation and Enforcement Using Vulnerability Exploitation Data

Context-Sensitive Access Control Policy Evaluation and Enforcement Using Vulnerability Exploitation Data

HiFIND: A high-speed flow-level intrusion detection approach with DoS resiliency

Intrusion Detection System for Securing Geographical Information System Web Servers

Contact Info

Product

Resources

About