A3: An Environment for Self-Adaptive Diagnosis and Immunization of Novel Attacks

This paper describes an ongoing research effort aiming to use adaptation to defend individual applications against novel attacks. Application focused adaptive security spans adaptive use of security mechanisms in both the host and the network. The work presented in this paper is developing key infrastructure capabilities and supporting services including mandatory mediation of application I/O, record and replay of channel interaction, and VMI-based monitoring and analysis of execution that will facilitate replay-based diagnosis and patch derivation for attacks that succeed and go unnoticed until a known undesired condition manifests. After describing the basics, we present the results from our initial evaluation and outline the next steps.

[1]  Sushil Jajodia,et al.  Moving Target Defense - Creating Asymmetric Uncertainty for Cyber Threats , 2011, Moving Target Defense.

[2]  Mark Handley,et al.  Wedge: Splitting Applications into Reduced-Privilege Compartments , 2008, NSDI.

[3]  Franklin Webber,et al.  The DPASA Survivable JBI — A High-Water Mark in Intrusion-Tolerant Systems , 2007 .

[4]  Luís E. T. Rodrigues,et al.  Lightweight cooperative logging for fault replication in concurrent programs , 2012, IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012).

[5]  Xi Wang,et al.  Intrusion Recovery Using Selective Re-execution , 2010, OSDI.

[6]  J. Rutkowska Qubes OS Architecture , 2010 .

[7]  William H. Sanders,et al.  An architecture for adaptive intrusion‐tolerant applications , 2006, Softw. Pract. Exp..

[8]  D. Paul Benjamin,et al.  Using a Cognitive Architecture to Automate Cyberdefense Reasoning , 2008, 2008 Bio-inspired, Learning and Intelligent Systems for Security.

[9]  Ian H. Witten,et al.  WEKA: a machine learning workbench , 1994, Proceedings of ANZIIS '94 - Australian New Zealnd Intelligent Information Systems Conference.

[10]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[11]  Neha Narula,et al.  Native Client: A Sandbox for Portable, Untrusted x86 Native Code , 2009, IEEE Symposium on Security and Privacy.

[12]  Michael Franz,et al.  Compiler-Generated Software Diversity , 2011, Moving Target Defense.

[13]  Michael Atighetchi,et al.  Adaptive cyberdefense for survival and intrusion tolerance , 2004, IEEE Internet Computing.

[14]  David J. Musliner,et al.  FUZZBUSTER: A System for Self-Adaptive Immunity from Cyber Threats , 2012, ICAS 2012.

[15]  J. Ross Quinlan,et al.  C4.5: Programs for Machine Learning , 1992 .

[16]  Mike Hibler,et al.  Advanced Adaptive Application (A3) Environment: initial experience , 2011, Middleware '11.