A Generic Software Architecture for Deception-Based Intrusion Detection and Response Systems
NAVAL POSTGRADUATE SCHOOL MONTEREY CA
Pagination or Media Count:
Today, intrusion detection systems provide for detecting intrusive patterns of interaction. Although the responses of such systems are typically limited to primitive actions, they can be supplemented with deception-based strategies. We propose a generic software architecture combining intrusion detection and deceptive response capabilities in a uniform structure. Detecting and responding to attacks are realized via runtime instrumentation of kernel-based modules. The architecture provides for dynamically adjusting system performance to maintain continuity and integrity of both legitimate services and security activities.
- Computer Systems Management and Standards