XLRF: A cross-layer intrusion recovery framework for damage assessment and recovery plan generation

Eunjung Yoon; Peng Liu

doi:10.1007/978-3-319-02726-5_15

XLRF: A cross-layer intrusion recovery framework for damage assessment and recovery plan generation

Eunjung Yoon, Peng Liu

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

1 Scopus citations

Abstract

Recovering mission-critical systems from intrusion is very challenging, where fast and accurate damage assessment and recovery is vital to ensure business continuity. Existing intrusion recovery approaches mostly focus on a single abstraction layer. OS level recovery cannot fully meet the correctness criteria defined by business process semantics, while business workflow level recovery usually results in non-executable recovery plans. In this paper, we propose a cross-layer recovery framework, called XRLF, for fast and effective post-intrusion diagnosis and recovery of compromised systems using the dependencies captured at different levels of abstraction; business workflow level and OS level. The goal of our approach is two-fold: first, to bridge the semantic gap between workflow-level and system-level recovery, thus enable comprehensive intrusion analysis and recovery; second, to automate damage assessment and recovery plan generation, thus expedite the recovery process, an otherwise time-consuming and error-prone task.

Original language	English (US)
Title of host publication	Information and Communications Security - 15th International Conference, ICICS 2013, Proceedings
Pages	194-212
Number of pages	19
DOIs	https://doi.org/10.1007/978-3-319-02726-5_15
State	Published - Dec 1 2013
Event	15th International Conference on Information and Communications Security, ICICS 2013 - Beijing, China Duration: Nov 20 2013 → Nov 22 2013

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	8233 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	15th International Conference on Information and Communications Security, ICICS 2013
Country/Territory	China
City	Beijing
Period	11/20/13 → 11/22/13

All Science Journal Classification (ASJC) codes

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/978-3-319-02726-5_15

Cite this

Yoon, E., & Liu, P. (2013). XLRF: A cross-layer intrusion recovery framework for damage assessment and recovery plan generation. In Information and Communications Security - 15th International Conference, ICICS 2013, Proceedings (pp. 194-212). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8233 LNCS). https://doi.org/10.1007/978-3-319-02726-5_15

Yoon, Eunjung ; Liu, Peng. / XLRF : A cross-layer intrusion recovery framework for damage assessment and recovery plan generation. Information and Communications Security - 15th International Conference, ICICS 2013, Proceedings. 2013. pp. 194-212 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{40db3bb5f7924051849bbc99dccff1f9,

title = "XLRF: A cross-layer intrusion recovery framework for damage assessment and recovery plan generation",

abstract = "Recovering mission-critical systems from intrusion is very challenging, where fast and accurate damage assessment and recovery is vital to ensure business continuity. Existing intrusion recovery approaches mostly focus on a single abstraction layer. OS level recovery cannot fully meet the correctness criteria defined by business process semantics, while business workflow level recovery usually results in non-executable recovery plans. In this paper, we propose a cross-layer recovery framework, called XRLF, for fast and effective post-intrusion diagnosis and recovery of compromised systems using the dependencies captured at different levels of abstraction; business workflow level and OS level. The goal of our approach is two-fold: first, to bridge the semantic gap between workflow-level and system-level recovery, thus enable comprehensive intrusion analysis and recovery; second, to automate damage assessment and recovery plan generation, thus expedite the recovery process, an otherwise time-consuming and error-prone task.",

author = "Eunjung Yoon and Peng Liu",

year = "2013",

month = dec,

day = "1",

doi = "10.1007/978-3-319-02726-5_15",

language = "English (US)",

isbn = "9783319027258",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

pages = "194--212",

booktitle = "Information and Communications Security - 15th International Conference, ICICS 2013, Proceedings",

note = "15th International Conference on Information and Communications Security, ICICS 2013 ; Conference date: 20-11-2013 Through 22-11-2013",

}

Yoon, E & Liu, P 2013, XLRF: A cross-layer intrusion recovery framework for damage assessment and recovery plan generation. in Information and Communications Security - 15th International Conference, ICICS 2013, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 8233 LNCS, pp. 194-212, 15th International Conference on Information and Communications Security, ICICS 2013, Beijing, China, 11/20/13. https://doi.org/10.1007/978-3-319-02726-5_15

XLRF: A cross-layer intrusion recovery framework for damage assessment and recovery plan generation. / Yoon, Eunjung; Liu, Peng.
Information and Communications Security - 15th International Conference, ICICS 2013, Proceedings. 2013. p. 194-212 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8233 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - XLRF

T2 - 15th International Conference on Information and Communications Security, ICICS 2013

AU - Yoon, Eunjung

AU - Liu, Peng

PY - 2013/12/1

Y1 - 2013/12/1

N2 - Recovering mission-critical systems from intrusion is very challenging, where fast and accurate damage assessment and recovery is vital to ensure business continuity. Existing intrusion recovery approaches mostly focus on a single abstraction layer. OS level recovery cannot fully meet the correctness criteria defined by business process semantics, while business workflow level recovery usually results in non-executable recovery plans. In this paper, we propose a cross-layer recovery framework, called XRLF, for fast and effective post-intrusion diagnosis and recovery of compromised systems using the dependencies captured at different levels of abstraction; business workflow level and OS level. The goal of our approach is two-fold: first, to bridge the semantic gap between workflow-level and system-level recovery, thus enable comprehensive intrusion analysis and recovery; second, to automate damage assessment and recovery plan generation, thus expedite the recovery process, an otherwise time-consuming and error-prone task.

AB - Recovering mission-critical systems from intrusion is very challenging, where fast and accurate damage assessment and recovery is vital to ensure business continuity. Existing intrusion recovery approaches mostly focus on a single abstraction layer. OS level recovery cannot fully meet the correctness criteria defined by business process semantics, while business workflow level recovery usually results in non-executable recovery plans. In this paper, we propose a cross-layer recovery framework, called XRLF, for fast and effective post-intrusion diagnosis and recovery of compromised systems using the dependencies captured at different levels of abstraction; business workflow level and OS level. The goal of our approach is two-fold: first, to bridge the semantic gap between workflow-level and system-level recovery, thus enable comprehensive intrusion analysis and recovery; second, to automate damage assessment and recovery plan generation, thus expedite the recovery process, an otherwise time-consuming and error-prone task.

UR - http://www.scopus.com/inward/record.url?scp=84893802258&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84893802258&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-02726-5_15

DO - 10.1007/978-3-319-02726-5_15

M3 - Conference contribution

AN - SCOPUS:84893802258

SN - 9783319027258

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 194

EP - 212

BT - Information and Communications Security - 15th International Conference, ICICS 2013, Proceedings

Y2 - 20 November 2013 through 22 November 2013

ER -

Yoon E, Liu P. XLRF: A cross-layer intrusion recovery framework for damage assessment and recovery plan generation. In Information and Communications Security - 15th International Conference, ICICS 2013, Proceedings. 2013. p. 194-212. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-02726-5_15

XLRF: A cross-layer intrusion recovery framework for damage assessment and recovery plan generation

Abstract

Publication series

Other

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this