Skip to Main content Skip to Navigation
Conference papers

Inferring a Distributed Application Behavior Model for Anomaly Based Intrusion Detection

Eric Totel 1 Mouna Hkimi 1 Michel Hurfin 1 Mourad Leslous 1 Yvan Labiche 2
1 CIDRE - Confidentialité, Intégrité, Disponibilité et Répartition
CentraleSupélec, Inria Rennes – Bretagne Atlantique , IRISA-D1 - SYSTÈMES LARGE ÉCHELLE
Abstract : As distributed computations become more and more common in highly distributed environments like the cloud, intrusion detection systems have to follow these paradigms. Anomaly based intrusion detection systems in distributed sys- tems usually rely on a total order of the observed events. However, such hypothesis is often too strong, as in a highly distributed environment the order of the observed events is partially unknown. This paper demonstrates it is possible to infer a distributed application behavior model for intrusion detection, relying only on event partial ordering. The originality of the proposed approach is to tackle the problem by combining two types of models that are usually used separately: an automaton modeling the distributed computation, and a list of temporal properties that the computation must comply with. Finally, we apply the approach on two examples, and assess the method on a real distributed application.
Document type :
Conference papers
Complete list of metadatas

https://hal.inria.fr/hal-01334596
Contributor : Eric Totel <>
Submitted on : Tuesday, June 21, 2016 - 9:24:19 AM
Last modification on : Friday, July 10, 2020 - 4:21:17 PM

Identifiers

Citation

Eric Totel, Mouna Hkimi, Michel Hurfin, Mourad Leslous, Yvan Labiche. Inferring a Distributed Application Behavior Model for Anomaly Based Intrusion Detection. 12th European Dependable Computing Conference, Sep 2016, Gothenburg, Sweden. ⟨10.1109/edcc.2016.13⟩. ⟨hal-01334596⟩

Share

Metrics

Record views

615