12,000

We have over 12,000 students, from over 100 countries, within one of the safest campuses in the UK

93%

93% of Lancaster students go into work or further study within six months of graduating

Home > Research > Publications & Outputs > A Semi-autonomic Framework for Intrusion Tolera...
View graph of relations

« Back

A Semi-autonomic Framework for Intrusion Tolerance in Heterogeneous Networks

Research output: Contribution in Book/Report/ProceedingsPaper

Published

Publication date10/2008
Host publicationSelf-Organizing Systems: Third International Workshop, IWSOS 2008, Vienna, Austria, December 10-12, 2008. Proceedings
EditorsKarin Anna Hummel, James P.G. Sterbenz
Place of publicationBerlin
PublisherSpringer
Pages230-241
Number of pages12
ISBN (Print)978-3-540-92156-1
Original languageEnglish

Conference

ConferenceThird International Workshop on Self-Organising Systems
CountryAustria
CityVienna
Period10/12/0812/12/08

Publication series

NameLecture Notes in Computer Science
PublisherSpringer
Volume5343
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

ConferenceThird International Workshop on Self-Organising Systems
CountryAustria
CityVienna
Period10/12/0812/12/08

Abstract

A suitable strategy for network intrusion tolerance—detecting intrusions and remedying them—depends on aspects of the domain being protected, such as the kinds of intrusion faced, the resources available for monitoring and remediation, and the level at which automated remediation can be carried out. The decision to remediate autonomically will have to consider the relative costs of performing a potentially disruptive remedy in the wrong circumstances and leaving it up to a slow, but more accurate, human operator. Autonomic remediation also needs to be withdrawn at some point â a phase of recovery to the normal network state. In this paper, we present a framework for deploying domain-adaptable intrusion-tolerance strategies in heterogeneous networks. Functionality is divided into that which is fixed by the domain and that which should adapt, in order to cope with heterogeneity. The interactions between detection and remediation are considered in order to make a stable recovery decision. We also present a model for combining diverse sources of monitoring to improve accurate decision making, an important pre-requisite to automated remediation.

Related projects