Jump to content

Intrusion tolerance

Add links
From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by 207.158.143.240 (talk) at 18:19, 14 June 2017 (Undid revision 763203375 by MrOllie (talk). This is not reference spam but categorizes the kinds of intrusion tolerant systems and the major DARPA funding in the field.). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Intrusion tolerance is a fault-tolerant design approach to defending information systems against malicious attack. Abandoning the conventional aim of preventing all intrusions, intrusion tolerance instead calls for triggering mechanisms that prevent intrusions from leading to a system security failure. Intrusion response is a key component of intrusion tolerance, in which an automated response is launched to a detected intrusion. Surveys of intrusion tolerance and intrusion response techniques can be found at the following links [1] and.[2] The survey categorizes the response systems as either static or dynamic (or adaptive). Static systems are simple in nature and have a static mapping from the symptom of an intrusion to the response that should be taken. For example, when a packet with a malware sample is intercepted, blacklist the IP address from which the packet was sent. Dynamic systems are more complex and learn from the context and there is no fixed mapping from symptom to response action. For example, the initial response to the malware-laden packet may be to slow down further connection attempts and after some time blacklist the IP address and then blacklist the subnet that the IP address belongs to.

Projects in the intrusion tolerance area include the MAFTIA project (Malicious- and Accidental-Fault Tolerance for Internet Applications), which developed concepts and prototyped architectures. In the US, DARPA had a successful program in 2001-04 timeframe called OASIS[3] which developed ways to enable critical computers to operate through a cyber attack, degrade gracefully if necessary, and allow real-time, controlled trade-offs between system performance and system security through such techniques as redundancy and diversity of operating systems.

See also

References

  1. ^ Bagchi, Saurabh (2008). "Intrusion Response Systems: A Survey" (PDF). Morgan Kaufmann.
  2. ^ Natalia, Stakhanova,; Samik, Basu,; S., Wong, Johnny (1 January 2006). "A Taxonomy of Intrusion Response Systems". {{cite journal}}: Cite journal requires |journal= (help)CS1 maint: extra punctuation (link) CS1 maint: multiple names: authors list (link)
  3. ^ Lala, Jaynarayan (June 28, 2002). "DARPA's Path to Self-Regenerative Systems" (PDF). Retrieved September 8, 2016.
Retrieved from "https://en.wikipedia.org/w/index.php?title=Intrusion_tolerance&oldid=785656004"