- Library Home /
- Search Collections /
- Open Collections /
- Browse Collections /
- UBC Theses and Dissertations /
- A trust-based model for collaborative intrusion response
Open Collections
UBC Theses and Dissertations
UBC Theses and Dissertations
A trust-based model for collaborative intrusion response Singh, Kapil Kumar
Abstract
Intrusion detection systems (JDS) are quickly becoming a standard component of a network security infrastructure. Most IDS developed to date emphasize detection; response is mainly concentrated on blocking a part of the network after an intrusion has been detected. This mechanism can help in temporarily stopping the intrusion, but such a limited response means that attacking is free for the attacker. The idea behind our approach is to frustrate the intruder by attacking back. This requires developing a sense of trust in the network for the attacked host and establishing proof of the attack so the attack-back action can be justified. In an environment of trust, a more effective collaborative action can be taken by the network entities. To develop this trust model, we propose a protocol that uses encryption and digital signatures over the network logs. The protocol allows the attacked host to prove to the attacker's edge router that it has been attacked. The model is quite flexible, and based on the level of trust developed for the host, an appropriate countermeasure is taken. Besides attack-back, other possible responses could be blocking a part of the network and use of network puzzles to limit the attacker's access to network resources. We also define a heuristic algorithm for selecting the appropriate response based on the level of trust developed for the victim. We believe that the attack-back approach would certainly demoralize novice attackers, and even expert attackers will think twice before attacking again. In addition, the protocol prevents a host from pretending that it has been attacked. We are building a system that can handle a majority of known attacks (signature-based). We are also exploring the idea of adding a third trusted party into the system in order to provide countermeasure action for novel attacks (anomaly-based).
Item Metadata
Title |
A trust-based model for collaborative intrusion response
|
Creator | |
Publisher |
University of British Columbia
|
Date Issued |
2005
|
Description |
Intrusion detection systems (JDS) are quickly becoming a standard component of a network
security infrastructure. Most IDS developed to date emphasize detection; response is
mainly concentrated on blocking a part of the network after an intrusion has been detected.
This mechanism can help in temporarily stopping the intrusion, but such a limited response
means that attacking is free for the attacker. The idea behind our approach is to frustrate
the intruder by attacking back. This requires developing a sense of trust in the network
for the attacked host and establishing proof of the attack so the attack-back action can be
justified. In an environment of trust, a more effective collaborative action can be taken by
the network entities.
To develop this trust model, we propose a protocol that uses encryption and digital
signatures over the network logs. The protocol allows the attacked host to prove to the
attacker's edge router that it has been attacked. The model is quite flexible, and based on
the level of trust developed for the host, an appropriate countermeasure is taken. Besides
attack-back, other possible responses could be blocking a part of the network and use of network
puzzles to limit the attacker's access to network resources. We also define a heuristic
algorithm for selecting the appropriate response based on the level of trust developed for
the victim.
We believe that the attack-back approach would certainly demoralize novice attackers,
and even expert attackers will think twice before attacking again. In addition, the
protocol prevents a host from pretending that it has been attacked. We are building a system
that can handle a majority of known attacks (signature-based). We are also exploring
the idea of adding a third trusted party into the system in order to provide countermeasure
action for novel attacks (anomaly-based).
|
Genre | |
Type | |
Language |
eng
|
Date Available |
2009-12-15
|
Provider |
Vancouver : University of British Columbia Library
|
Rights |
For non-commercial purposes only, such as research, private study and education. Additional conditions apply, see Terms of Use https://open.library.ubc.ca/terms_of_use.
|
DOI |
10.14288/1.0051329
|
URI | |
Degree | |
Program | |
Affiliation | |
Degree Grantor |
University of British Columbia
|
Graduation Date |
2005-11
|
Campus | |
Scholarly Level |
Graduate
|
Aggregated Source Repository |
DSpace
|
Item Media
Item Citations and Data
Rights
For non-commercial purposes only, such as research, private study and education. Additional conditions apply, see Terms of Use https://open.library.ubc.ca/terms_of_use.