Metrics-based investigation of distributed intrusion detection and attack surface reduction

Thumbnail Image
CS-TR-5014.pdf(209.44 KB)
No. of downloads: 696
Publication or External Link
Stuckman, Jeff
Purtilo, James
Two distinct but related projects --- titled "Improved product assurance through automatic trace generation and analysis" and "Improved cyber security via decentralized intrusion detection and dynamic reconfiguration" respectively --- have been under way in this laboratory, both with support from Office of Naval Research, which the authors gratefully acknowledge. The purpose of this report is to frame the even broader goal we envision, which is ultimately to understand how to not just measure properties of a running system which characterize its susceptibility to vulnerabilities in the eyes of potential intruders, but also to dynamically adjust the running system so as to either reduce or remove those vulnerabilities. What is of greatest concern in a running system is not the vulnerabilities we already know about --- after all, they would likely have been repaired at the point of discovery --- but rather the vulnerability that only an intruder understands. Our hypothesis is that static analysis together with measurements at run time may telegraph suggestions for dynamic reconfiguration which might repel an intruder, without loss of service by the system, long enough for operators to identify and understand whatever might have been the specific defect that had been probed. The present report updates our statement of the long term research goals and presents our status on the two projects under way.