A distributed dynamic self-immunity security architecture

Computer network crimes present trends such as the simplification of attack tools, contraposition of attack purposes, and systematization of attack modes. This paper proposes the distributed dynamic self-immunity security architecture (DDSSA) to protect against these new trends. Through a dynamic cycle of detection, collection, decision making, policy distribution, and response, DDSSA can solve these security problems efficiently.

[1]  Kai Hwang,et al.  Micro-firewalls for dynamic network security with distributed intrusion detection , 2001, Proceedings IEEE International Symposium on Network Computing and Applications. NCA 2001.

[2]  Eugene H. Spafford,et al.  An architecture for intrusion detection using autonomous agents , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[3]  Deborah A. Frincke,et al.  Intrusion and Misuse Detection in Large-Scale Systems , 2002, IEEE Computer Graphics and Applications.

[4]  H. S. Teng,et al.  Adaptive real-time anomaly detection using inductively generated sequential patterns , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[5]  Ming-Yuh Huang,et al.  A large scale distributed intrusion detection framework based on attack strategy analysis , 1999, Comput. Networks.

[6]  James Cannady,et al.  Artificial Neural Networks for Misuse Detection , 1998 .

[7]  Günter Karjoth,et al.  Secure Mobile Agent-Based Merchant Brokering in Distributed Marketplaces , 2000, ASA/MA.

[8]  E. Wilhite Distributed Network Defense , 2001 .

[9]  James A. Mahaffey,et al.  Multiple Self-Organizing Maps for Intrusion Detection , 2000 .

[10]  R.K. Cunningham,et al.  Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[11]  Naji Habra,et al.  ASAX: Software Architecture and Rule-Based Language for Universal Audit Trail Analysis , 1992, ESORICS.

[12]  Richard Lippmann,et al.  The 1999 DARPA off-line intrusion detection evaluation , 2000, Comput. Networks.

[13]  Eugene H. Spafford,et al.  A PATTERN MATCHING MODEL FOR MISUSE INTRUSION DETECTION , 1994 .