Li-hua Yin,Bin-xing Fang,Xiang-zhan Yu

DOI: https://doi.org/10.1007/11610496_66

2006-01-01

Abstract:Intrusion tolerance is capability of Internet systems withstanding attacks and intrusions under unsafe environment. This paper presents the architecture of an intrusion tolerant system using group communication. A distributed group membership algorithm is described which introduces a strategy detecting failure in local servers and announcing them to remote servers to avoid the side effects of remote failure detection. The paper also points out that stability of failure detector is a necessary condition but not sufficient condition of algorithm cease. On analyzing the essential of block, block detection and avoidance mechanism is designed. Finally, we have developed a group membership prototype system on WAN condition. Experiment results show the algorithm has well performance in complicated Internet condition.

Yufeng Chen,Zhengtao Xiang,Yabo Dong,Dongming Lu

DOI: https://doi.org/10.1109/ical.2008.4636301

2008-01-01

Abstract:Worms not only infect vulnerable hosts, but also occupy a large amount of network bandwidth, which affects the normal operation of the network seriously. To achieve the worm detection and automatic quarantine in real time, a cooperation system of worm detection and quarantine is designed and implemented. The worm detection subsystem is implemented based on Bro and can detect worms in real time with our algorithm, which based on the failure probability of FCC and of heavy-tailed property. The worm quarantine subsystem can quarantine worm hosts automatically with ARP-spoofing. The cooperation between detection subsystem, quarantine subsystem and manager is achieved based on SNMP protocol. The system can be deployed easily with little effect on LAN. Experimental results show that the system can detect and quarantine worm hosts effectively.

Baojun Zhang,Xuezeng Pan,Jiebing Wang

DOI: https://doi.org/10.1109/fskd.2007.348

2007-01-01

Abstract:The current network is complicated due to the high- throughput and the multiformity of actions. A hybrid intru- sion detection system (HIDSFCN) is proposed in this study to satisfy the current network. It combines the advantages of all kinds of IDS and put forwards our own solvents to those key problems in current research. Experiment results demonstrate that our HIDSFCN is of high performance and good practicability.

Yong-mei GAO,Ji-yi WU,Ling-di PING

DOI: https://doi.org/10.3969/j.issn.1673-629X.2009.08.039

2009-01-01

Abstract:Owing to many new characteristics such as central-less control and multi-hop communication,the security situation is more rigorous than that in the traditional Ad hoc network.Especially,when the number of nodes increase,the difficulty of building network,network availability and network security will be influenced badly.After the particular analysis of Sergio Marti's Watchdog and Pathrater arithmetic,intrusion detection system called SuperWatchdog,as the improved solution,was introduced to overcome the weakness of Watchdog.The main feature of the proposed system is its ability to discover malicious nodes which can partition the network by falsely reporting other nodes as misbehaving and then proceeds to protect the network.Simulation results show that our system decrease the overhead greatly,though it does not increase the throughput obviously.

Lu Yiwen,Zhang Guixu

DOI: https://doi.org/10.3969/j.issn.1000-386X.2009.01.016

2009-01-01

Abstract:Different from the traditional firewall and intrusion detection techniques,intrusion tolerance focuses on the survivability of system on condition that intrusion is somehow inevitable,thus preferably meeting the design requirements of the survivable system.A scheme based on intrusion tolerance for system design is proposed,which guarantees the continuity of key services by fault-tolerant techniques,and meanwhile,obtains the tradeoff between confidentiality and availability of key data by proactive secret sharing,so that the system can process high survivability under attacks and faults.

Sisi Duan,Karl Levitt,Hein Meling,Sean Peisert,Haibin Zhang

DOI: https://doi.org/10.1109/srds.2014.28

2014-01-01

Abstract:Building robust network services that can withstand a wide range of failure types is a fundamental problem in distributed systems. The most general approach, called Byzantine fault tolerance, can mask arbitrary failures. Yet it is often considered too costly to deploy in practice, and many solutions are not resilient to performance attacks. To address this concern we leverage two key technologies already widely deployed in cloud computing infrastructures: replicated state machines and intrusion detection systems. First, we have designed a general framework for constructing Byzantine failure detectors based on an intrusion detection system. Based on such a failure detector, we have designed and built a practical Byzantine fault-tolerant protocol, which has costs comparable to crash-resilient protocols like Paxos. More importantly, our protocol is particularly robust against several key attacks such as flooding attacks, timing attacks, and fairness attacks, that are typically not handled well by Byzantine fault masking procedures.

Qingtao Wu,Bin Hua,Ruijuan Zheng,Mingchuan Zhang

DOI: https://doi.org/10.4028/www.scientific.net/amm.44-47.3259

2011-01-01

Abstract:Intrusion tolerance has been a key technology of system survivability. To cope with the absence of self-adaptability on existent intrusion tolerance system, an intrusion tolerant model based on autonomic computing is proposed, in which the reliability of the network connection is analyzed in real time to generate the initial reliability by an autonomic feedback mechanism, and the classification between suspicious information and confident information is guaranteed for implementing the tolerance on suspicious connections through the dynamic reliability optimization. The simulation results show that the intrusion tolerant model with autonomic feedback mechanism is desirable for enhancing the system's self-adaptive performance, making it highly promising for further study.

Hao Fu,Ming Cai,Wenmin Zhu,Zhongdong Huang,Jinxiang Dong

DOI: https://doi.org/10.1109/CSCWD.2007.4281405

2007-01-01

Abstract:Hybrid P2P technique recently has become more and more popular for collaborative systems. However, reliability is issue of major importance in the server end of these systems. TMR technique for Collaborative System (CS-TMR) is presented in this paper to improve the server reliability. This software schema incorporates three homogeneous microcomputers and provides the fault-tolerant function through package interfaces to server applications. As it is COS-based, the method is more general-purpose, and programmers need not pay too much attention to the fault tolerance technology in detail. This method helps the collaborative server work in normal and degraded (duple or even single modular) modes, and can tolerate transient or permanent faults. Meanwhile, due to the importance of the server in hybrid P2P server, server application upgrade is impossible without server stop. A novel seamless software upgrade method is brought forward through the intelligent state-transition-control in CS-TMR package to reduce the cost of software upgrade.

Guanding Yu

2005-01-01

Abstract:A distributed IP spoof detection system in Intranet is proposed, which can efficiently detect IP spoof behaviors in Intranet. Current techniques of defending IP spoof are analyzed. Aimed at characteristics of Intranet, the design of the system is introduced in detail. The determination method of IP spoof and the design of the monitor, which is a key component of the system, are presented. The implementation of data capture model is also presented. From the experimentation result, it is concluded that the system has the characteristics of high accuracy and real-time performance, but little data traffic. It can be generalized in Intranet of different scales and in other network security systems.

Yixin Jiang,Chuang Lin,Minghui Shi,Xuemin (Sherman) Shen,Xiaowen Chu

DOI: https://doi.org/10.1016/j.comcom.2007.04.012

IF: 5.047

2007-01-01

Computer Communications

Abstract:In this paper, a novel authentication protocol is proposed, which satisfies both security and reliability requirements for group communications in ad hoc networks. The security features include identity anonymity and location intracability, periodic one-way session key and pseudonym identity refreshment with implicit authentication, dynamic joining and leaving an in-progress communication session, and data encryption. The reliability features include efficient Denial of Service tolerance for broadcasting refreshment messages, fault-tolerance for recovering lost refreshment messages, robustness for resisting the clock skews among member nodes and seamless key switch without disrupting ongoing data transmissions. The performance and security analysis show that the communication and computation overhead of the proposed protocol is similar to the existing one, while the security can be enhanced significantly. The simulation results demonstrate the robustness of the proposed protocol under severe Denial of Service attack and poor wireless channel quality.

Fang Zhou,Hua Sun,Xuefeng Zheng

DOI: https://doi.org/10.1109/NSWCTC.2010.250

2010-01-01

Abstract:To improve the ability of system providing service when encounter malicious invasion, a new model of tolerance invasion system is given based on dynamic threshold encryption. The real-time detection of the model is realized by the Collaboration between servers and hosts. The sensitive data in the system apply dynamic threshold encryption, and can change their share with the distribution. The model has such as distribution, self-adaptability, fault tolerance, dynamic and expansibility features to ensure that the system has a higher level of safety.

Yixin Jiang,Minghui Shi,Xuemin (Sherman) Shen,Chuang Lin,Xiaowen Chu

DOI: https://doi.org/10.1201/9781420068405.ch21

2009-01-01

Abstract:In this chapter, a novel authentication protocol is proposed, which satisfies both security and reliability requirements for group communications in ad hoc networks. The security features include identity anonymity and intracability, one-way session key/identity refreshment, and data privacy. The reliability features include efficient denial-of-service (DoS) tolerance for forged refreshment messages and fault tolerance for lost messages recovery. The theoretical and the simulative results demonstrate that the proposed protocol is robust and efficient under severe DoS attack and poor wireless channel quality.

Dalia Nashat,Xiaohong Jiang,Michitaka Kameyama

DOI: https://doi.org/10.1587/transcom.e93.b.1113

2010-01-01

IEICE Transactions on Communications

Abstract:The Distributed Denial of Service attack (DDoS) is one of the major threats to network security that exhausts network bandwidth and resources. Recently, an efficient approach Live Baiting was proposed for detecting the identities of DDoS attackers in web service using low state overhead without requiring either the models of legitimate requests nor anomalous behavior. However, Live Baiting has two limitations. First, the detection algorithm adopted in Live Baiting starts with a suspects list containing all clients, which leads to a high false positive probability especially for large web service with a huge number of clients. Second, Live Baiting adopts a fixed threshold based on the expected number of requests in each bucket during the detection interval without the consideration of daily and weekly traffic variations. In order to address the above limitations, we first distinguish the clients activities (Active and Non-Active clients during the detection interval) in the detection process and then further propose a new adaptive threshold based on the Change Point Detection method, such that we can improve the false positive probability and avoid the dependence of detection on sites and access patterns. Extensive trace-driven simulation has been conducted on real Web trace to demonstrate the detection efficiency of the proposed scheme in comparison with the Live Baiting detection scheme.

Shibo He,Jiming Chen,Yuanchao Shu,Xianbin Cui,Kun Shi,Chunjuan Wei,Zhiguo Shi

DOI: https://doi.org/10.1109/twc.2021.3089039

IF: 10.4

2021-01-01

IEEE Transactions on Wireless Communications

Abstract:Information barrier coverage has been widely adopted to prevent unauthorized invasion of important areas in Internet of Things. As sensors are typically placed outdoors, they are susceptible to getting faulty. Previous works assumed that faulty sensors are easy to recognize, e.g., they may stop functioning or output apparently deviant sensory data. In practice, there exist multiple types of fault that sensors may have during operation. It is, thereby, difficult to recognize faulty sensors as well as their invalid output and attain accurate intrusion detection. We, in this paper, propose a novel fault-tolerant intrusion detection algorithm (TrusDet) based on trust management to address this challenging issue. TrusDet comprises of three steps: i) sensor-level detection, ii) sink-level decision by collective voting, and iii) trust management and fault determination. In the Step i) and ii), TrusDet divides the surveillance area into a set of fine-grained subareas and exploits temporal and spatial correlation of sensory output among sensors in different subareas to yield a more accurate and robust performance of information barrier coverage. In the Step iii), TrusDet builds a trust management based framework to determine the confidence level of sensors being faulty. We implement TrusDet on HC-SR501 infrared sensors, and design hardware and software to build a practical detection system. Extensive experimental results and simulation results validate the information coverage model and demonstrate that TrusDet has a very low false alarm rate.

LI Fang-tao,ZHU Xiao-yan,MENG Li-rong

DOI: https://doi.org/10.3969/j.issn.1000-7024.2006.22.037

2006-01-01

Abstract:An integrated database security architecture is proposed.The encryption/authentication component,making use of cryp-tographic knowledge,not only makes the database integrity and confidentiality,but also have the function of detecting and correcting the single error.The single error correction tolerate the transfer's intrusion,and this enables the outer-level intrusion-tolerance.Inner intrusion-tolerant component provides an intrusion-tolerance based database security structure.The flexibility and the ability of protecting from attacks are improved.This system has the functions of not only intrusion-tolerance,but also encryption and authe-ntication.So it can apply to fields where the higher security level is needed.

Yuanzhuo Wang,Chuang Lin,Yang Yang,Junjie Lv,Yang Qu

DOI: https://doi.org/10.1109/GCC.2006.4

2006-01-01

Abstract:Grid services allow the services to be seen as a seamless information processing system that the user can access from any location, the Grid resources are often distributed, autonomic, heterogeneous and dynamic, and they are accessible through the Internet, when users and cooperant servers communicate with a server. Distributed Denial-of-service can make the service requests become hard to implement. An intrusion tolerant mechanism against the attack is formalized for Grid services based on the mechanism design analysis of game theory in this paper. The problems that the attackers could use the authentic IP addresses of the zombies to hide the source of attacks and to increase the computational ability and the likelihood to filter out legitimate traffic are effectively settled under the mechanism. The condition for the legitimate clients being served successfully is further deduced to give an instruction for clients.

L Zhao,X Ke,MW Xu,LZ Fu,JP Wu

DOI: https://doi.org/10.1109/iccnmc.2003.1243062

2003-01-01

Abstract:With the rapid development of Internet, the need of high availability of data services on Internet becomes more urgent. But as one of the most useful protocol on Internet, TCP protocol software can not solve the high availability due to the failure of hardware or software on Server/Client. In this paper, we propose a new method that can implement fault tolerance TCP to improve the high availability of data transmission. First, we analyze some existing methods of fault tolerant TCP; Then based on the characteristic of present server architecture, we put forward our new method of fault tolerant TCP. At last, we describe in detail how to implement and test our method Experimental results show that our fault-tolerant TCP can offer high available and high effective communication support for reliable data service on Internet.

Wei-Fa Liao,Hung-Min Sun,Wei Wu

DOI: https://doi.org/10.1109/dasc-picom-datacom-cyberscitec.2016.159

2016-01-01

Abstract:In recent years, Cloud computing has become increasingly popular. Many companies have replaced traditional hosting to cloud hosting. Cloud providers are responsible for tenant isolation, if a tenant (virtual machine) is infected, other tenants will be affected. Because the virtual network environment is very complex, the traditional intrusion detection systems can only detect attacks from external networks, but can not effectively detect the internal traffic (virtual network). In order to full defend from a threat, we need to redesign the architecture of the intrusion detection system. In this thesis, we propose a flexible distributed architecture for intrusion detection, and uses software-defined networking technology for defensive purposes. In addition, our system collects alerts from different nodes, and analyzes their correlation to generate security rules to achieve the effect of a joint defense. To make the administrator more effective in management purposes, we also provide a web-based management center to reduce the burden on administrators. Finally, we analyze the performance of the proposed system with an original system. The results show that our system adds slightly overhead, and it can effectively block the malicious flow.

Chengzhe Lai,Dong Zheng,Qinglan Zhao,Xiaohong Jiang

DOI: https://doi.org/10.1016/j.vehcom.2018.01.004

IF: 6.7

2018-01-01

Vehicular Communications

Abstract:Recently, the envisioned integration between vehicular ad-hoc network (VANET) and cellular network can accommodate rich applications since integrated VANET-Cellular network enables mobile operators to provide vehicle users with seamless data access to the operators' services. In integrated VANET-Cellular networks, the clustering algorithms associating vehicles into groups can provide high performance data transmission service and have been widely studied. However, in most of the existing literature, the security issues in such a scenario cannot be taken into full consideration, which may decrease the reliability of the system, mainly including: 1) How to efficiently and securely set up and maintain a group; and 2) How to perform the secure group access management. For this end, we propose a secure group management framework in integrated VANET-Cellular networks, which consists of two schemes, i.e., SEGM-I and SEGM-II. SEGM-I is proposed for the fixed trusted member scenario, and SEGM-II is designed for a general case, i.e., dynamic untrusted member scenario. The SEGM can be divided into two phases: group setup and maintenance phase, and group access authentication phase. During group setup and maintenance phase, SEGM-II can dynamically maintain the group by using contributory group key agreement, supporting group joining, group leaving, group merging, and group partition. During group access authentication phase, we propose a lightweight group access authentication protocol based on message authentication code (MAC) aggregation technique with DoS attacks resistance. The proposed SEGM is communication-efficient and secure against hostile eavesdroppers as well as various other attacks specific to group settings. Finally, performance evaluations demonstrate its efficiency in terms of group management and access authentication overhead.

Yuchen Zhao,Qiao Li,Qidong Shi,Tong Wang

DOI: https://doi.org/10.1109/IECON51785.2023.10311671

2023-01-01

Abstract:Time-Triggered Protocol (TTP) bus is a kind of multiple accessing bus with fault-tolerance mechanism for real-time communications, e.g. for distributed control systems. Fault-tolerance for the Group Membership service of TTP/C can be comprehensively verified by running a suite of simulation models, which designed and operated with the TTP's distributed clock synchronization mechanism, and implemented under MAT-LAB/Simulink/SimEvents environment. The original membership fault-tolerant service (MFS) algorithm can provide fault-tolerant service guarantees for nodes that access the bus in exclusive time slots regardless sharing slots. On the other side, an improved membership fault-tolerant service (IMFS) algorithm is presented to guarantee nodes with bus access in multiplexed time slots and is designed to be compatible with nodes with bus access in exclusive time slots. During bus accessing, the IMFS algorithm can rejoin any node that has a transient failure in the membership within a bounded time interval; the IMFS algorithm can also block any node that occurs a permanent failure while keeping the other nodes' normal bus accessing. Case studies and simulation results show that our IMFS algorithm is compatible with the MFS algorithm, either with multiplexed time slots or without it, and has lower amount of packet losses.