Evaluating the impact of intrusion detection deficiencies on the cost-effectiveness of attack recovery

Hai Wang, Peng Liu, Lunqun Li

Research output: Contribution to journalArticle

5 Citations (Scopus)

Abstract

Traditional secure database systems rely on preventive controls and are very limited in surviving malicious attacks because of intrusion detection deficiencies. ITDB, a Intrusion Tolerant Database prototype system, has been proposed, which can detect intrusions, repair the damage caused by intrusions in a timely manner. In this paper, we evaluate ITDB using TPC-C benchmark. The performance measurements show that ITDB system is cost-effective within reasonable False Alarm Rate and Detection Latency ranges. Our experiment results also indicate that ITDB can achieve good survivability without being seriously affected by various intrusion detection deficiencies. It can provide essential database services in the presence of attacks, and maintain the desired essential (security) properties such as integrity and performance.

Original languageEnglish (US)
Pages (from-to)146-157
Number of pages12
JournalLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume3225
StatePublished - Dec 1 2004

Fingerprint

Cost-effectiveness
Intrusion detection
Intrusion Detection
Cost effectiveness
Recovery
Attack
Survivability
False Alarm Rate
Performance Measurement
Database Systems
Integrity
Repair
Latency
Damage
Prototype
Benchmark
Evaluate
Costs
Range of data
Experiment

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

@article{66b395c2d689412d9055ce7984e789e3,
title = "Evaluating the impact of intrusion detection deficiencies on the cost-effectiveness of attack recovery",
abstract = "Traditional secure database systems rely on preventive controls and are very limited in surviving malicious attacks because of intrusion detection deficiencies. ITDB, a Intrusion Tolerant Database prototype system, has been proposed, which can detect intrusions, repair the damage caused by intrusions in a timely manner. In this paper, we evaluate ITDB using TPC-C benchmark. The performance measurements show that ITDB system is cost-effective within reasonable False Alarm Rate and Detection Latency ranges. Our experiment results also indicate that ITDB can achieve good survivability without being seriously affected by various intrusion detection deficiencies. It can provide essential database services in the presence of attacks, and maintain the desired essential (security) properties such as integrity and performance.",
author = "Hai Wang and Peng Liu and Lunqun Li",
year = "2004",
month = "12",
day = "1",
language = "English (US)",
volume = "3225",
pages = "146--157",
journal = "Lecture Notes in Computer Science",
issn = "0302-9743",
publisher = "Springer Verlag",

}

TY - JOUR

T1 - Evaluating the impact of intrusion detection deficiencies on the cost-effectiveness of attack recovery

AU - Wang, Hai

AU - Liu, Peng

AU - Li, Lunqun

PY - 2004/12/1

Y1 - 2004/12/1

N2 - Traditional secure database systems rely on preventive controls and are very limited in surviving malicious attacks because of intrusion detection deficiencies. ITDB, a Intrusion Tolerant Database prototype system, has been proposed, which can detect intrusions, repair the damage caused by intrusions in a timely manner. In this paper, we evaluate ITDB using TPC-C benchmark. The performance measurements show that ITDB system is cost-effective within reasonable False Alarm Rate and Detection Latency ranges. Our experiment results also indicate that ITDB can achieve good survivability without being seriously affected by various intrusion detection deficiencies. It can provide essential database services in the presence of attacks, and maintain the desired essential (security) properties such as integrity and performance.

AB - Traditional secure database systems rely on preventive controls and are very limited in surviving malicious attacks because of intrusion detection deficiencies. ITDB, a Intrusion Tolerant Database prototype system, has been proposed, which can detect intrusions, repair the damage caused by intrusions in a timely manner. In this paper, we evaluate ITDB using TPC-C benchmark. The performance measurements show that ITDB system is cost-effective within reasonable False Alarm Rate and Detection Latency ranges. Our experiment results also indicate that ITDB can achieve good survivability without being seriously affected by various intrusion detection deficiencies. It can provide essential database services in the presence of attacks, and maintain the desired essential (security) properties such as integrity and performance.

UR - http://www.scopus.com/inward/record.url?scp=35048868537&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=35048868537&partnerID=8YFLogxK

M3 - Article

AN - SCOPUS:35048868537

VL - 3225

SP - 146

EP - 157

JO - Lecture Notes in Computer Science

JF - Lecture Notes in Computer Science

SN - 0302-9743

ER -