Fine-grained tracking of Grid infections

Previous distributed anomaly detection efforts have operated on summary statistics gathered from each node. This has the advantage that the audit trail is limited in size since event sets can be succinctly represented. While this minimizes the bandwidth consumed and helps scale the detection to a large number of nodes, it limits the infrastructure's ability to identify the source of anomalies. We describe three optimizations that together allow fine-grained tracking of the sources of anomalous activity in a Grid, thereby facilitating precise responses. We demonstrate the scheme's scalability in terms of storage and network bandwidth overhead with an implementation on nodes running BOINC. The results generalize to other types of Grids as well.

[1]  Thomas Engel,et al.  Collusion Detection for Grid Computing , 2009, 2009 9th IEEE/ACM International Symposium on Cluster Computing and the Grid.

[2]  Angelos D. Keromytis,et al.  Application communities: using monoculture for dependability , 2005 .

[3]  Gary McGraw,et al.  Risk Analysis in Software Design , 2004, IEEE Secur. Priv..

[4]  A. Sali 100,000 protein structures for the biologist , 1998, Nature Structural Biology.

[5]  Bernard J. Jansen Click Fraud , 2008, Computer.

[6]  Wu-chun Feng,et al.  Optimizing 10-Gigabit Ethernet for Networks of Workstations, Clusters, and Grids: A Case Study , 2003, ACM/IEEE SC 2003 Conference (SC'03).

[7]  David A. Wagner,et al.  MOPS: an infrastructure for examining security properties of software , 2002, CCS '02.

[8]  Ian T. Foster,et al.  A security architecture for computational grids , 1998, CCS '98.

[9]  Michael D. Smith,et al.  Exploiting temporal consistency to reduce false positives in host-based, collaborative detection of worms , 2006, WORM '06.

[10]  Vinod Yegneswaran,et al.  An Inside Look at Botnets , 2007, Malware Detection.

[11]  Stephanie Forrest,et al.  Intrusion Detection Using Sequences of System Calls , 1998, J. Comput. Secur..

[12]  Matt Bishop,et al.  About Penetration Testing , 2007, IEEE Security & Privacy.

[13]  Ian T. Foster,et al.  Grid Services for Distributed System Integration , 2002, Computer.

[14]  Yuichi Nakamura,et al.  Building Web Services with Java: Making Sense of XML, SOAP, WSDL, and UDDI , 2001 .

[15]  Burton H. Bloom,et al.  Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[16]  John C. Mitchell,et al.  Client-Side Defense Against Web-Based Identity Theft , 2004, NDSS.

[17]  Miron Livny,et al.  Condor and the Grid , 2003 .

[18]  Miron Livny,et al.  Condor-a hunter of idle workstations , 1988, [1988] Proceedings. The 8th International Conference on Distributed.

[19]  Barry W. Boehm,et al.  Software Engineering Economics , 1993, IEEE Transactions on Software Engineering.

[20]  Annie I. Antón,et al.  Misuse and Abuse Cases : Getting Past the Positive , 2022 .

[21]  Dawn Song,et al.  Malware Detection (Advances in Information Security) , 2006 .

[22]  David P. Anderson,et al.  BOINC: a system for public-resource computing and storage , 2004, Fifth IEEE/ACM International Workshop on Grid Computing.

[23]  Li Fan,et al.  Summary cache: a scalable wide-area web cache sharing protocol , 2000, TNET.

[24]  Ivan Janciak,et al.  UK e-Science All Hands Meeting , 2009 .

[25]  David P. Anderson,et al.  SETI@home-massively distributed computing for SETI , 2001, Comput. Sci. Eng..

[26]  Adam J. Oliner,et al.  Community Epidemic Detection with Syzygy , 2009 .

[27]  Bernd Freisleben,et al.  A Streaming Intrusion Detection System for Grid Computing Environments , 2009, 2009 11th IEEE International Conference on High Performance Computing and Communications.

[28]  Thorsten von Eicken,et al.  技術解説 IEEE Computer , 1999 .

[29]  S. Jajodia,et al.  Information Security: An Integrated Collection of Essays , 1994 .

[30]  Vinod Yegneswaran,et al.  BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation , 2007, USENIX Security Symposium.

[31]  David A. Wagner Static Analysis and Software Assurance , 2001, SAS.

[32]  Steven M. Bellovin,et al.  Limitations of the Kerberos authentication system , 1990, CCRV.

[33]  Andrei Broder,et al.  Network Applications of Bloom Filters: A Survey , 2004, Internet Math..

[34]  Ian T. Foster,et al.  Globus: a Metacomputing Infrastructure Toolkit , 1997, Int. J. High Perform. Comput. Appl..

[35]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[36]  Cees T. A. M. de Laat,et al.  Native 10 Gigabit Ethernet experiments over long distances , 2005, Future Gener. Comput. Syst..

[37]  Valentin Cristea,et al.  Correlation of Intrusion Detection Information in Grid Environments , 2010, 2010 International Conference on Complex, Intelligent and Software Intensive Systems.