XLRF: A cross-layer intrusion recovery framework for damage assessment and recovery plan generation

Eunjung Yoon, Peng Liu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

Recovering mission-critical systems from intrusion is very challenging, where fast and accurate damage assessment and recovery is vital to ensure business continuity. Existing intrusion recovery approaches mostly focus on a single abstraction layer. OS level recovery cannot fully meet the correctness criteria defined by business process semantics, while business workflow level recovery usually results in non-executable recovery plans. In this paper, we propose a cross-layer recovery framework, called XRLF, for fast and effective post-intrusion diagnosis and recovery of compromised systems using the dependencies captured at different levels of abstraction; business workflow level and OS level. The goal of our approach is two-fold: first, to bridge the semantic gap between workflow-level and system-level recovery, thus enable comprehensive intrusion analysis and recovery; second, to automate damage assessment and recovery plan generation, thus expedite the recovery process, an otherwise time-consuming and error-prone task.

Original languageEnglish (US)
Title of host publicationInformation and Communications Security - 15th International Conference, ICICS 2013, Proceedings
Pages194-212
Number of pages19
DOIs
StatePublished - Dec 1 2013
Event15th International Conference on Information and Communications Security, ICICS 2013 - Beijing, China
Duration: Nov 20 2013Nov 22 2013

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume8233 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other15th International Conference on Information and Communications Security, ICICS 2013
CountryChina
CityBeijing
Period11/20/1311/22/13

Fingerprint

Damage Assessment
Cross-layer
Recovery
Work Flow
Industry
Framework
Semantics
Business Process
Correctness
Fold

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Yoon, E., & Liu, P. (2013). XLRF: A cross-layer intrusion recovery framework for damage assessment and recovery plan generation. In Information and Communications Security - 15th International Conference, ICICS 2013, Proceedings (pp. 194-212). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8233 LNCS). https://doi.org/10.1007/978-3-319-02726-5_15
Yoon, Eunjung ; Liu, Peng. / XLRF : A cross-layer intrusion recovery framework for damage assessment and recovery plan generation. Information and Communications Security - 15th International Conference, ICICS 2013, Proceedings. 2013. pp. 194-212 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{40db3bb5f7924051849bbc99dccff1f9,
title = "XLRF: A cross-layer intrusion recovery framework for damage assessment and recovery plan generation",
abstract = "Recovering mission-critical systems from intrusion is very challenging, where fast and accurate damage assessment and recovery is vital to ensure business continuity. Existing intrusion recovery approaches mostly focus on a single abstraction layer. OS level recovery cannot fully meet the correctness criteria defined by business process semantics, while business workflow level recovery usually results in non-executable recovery plans. In this paper, we propose a cross-layer recovery framework, called XRLF, for fast and effective post-intrusion diagnosis and recovery of compromised systems using the dependencies captured at different levels of abstraction; business workflow level and OS level. The goal of our approach is two-fold: first, to bridge the semantic gap between workflow-level and system-level recovery, thus enable comprehensive intrusion analysis and recovery; second, to automate damage assessment and recovery plan generation, thus expedite the recovery process, an otherwise time-consuming and error-prone task.",
author = "Eunjung Yoon and Peng Liu",
year = "2013",
month = "12",
day = "1",
doi = "10.1007/978-3-319-02726-5_15",
language = "English (US)",
isbn = "9783319027258",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
pages = "194--212",
booktitle = "Information and Communications Security - 15th International Conference, ICICS 2013, Proceedings",

}

Yoon, E & Liu, P 2013, XLRF: A cross-layer intrusion recovery framework for damage assessment and recovery plan generation. in Information and Communications Security - 15th International Conference, ICICS 2013, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 8233 LNCS, pp. 194-212, 15th International Conference on Information and Communications Security, ICICS 2013, Beijing, China, 11/20/13. https://doi.org/10.1007/978-3-319-02726-5_15

XLRF : A cross-layer intrusion recovery framework for damage assessment and recovery plan generation. / Yoon, Eunjung; Liu, Peng.

Information and Communications Security - 15th International Conference, ICICS 2013, Proceedings. 2013. p. 194-212 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8233 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - XLRF

T2 - A cross-layer intrusion recovery framework for damage assessment and recovery plan generation

AU - Yoon, Eunjung

AU - Liu, Peng

PY - 2013/12/1

Y1 - 2013/12/1

N2 - Recovering mission-critical systems from intrusion is very challenging, where fast and accurate damage assessment and recovery is vital to ensure business continuity. Existing intrusion recovery approaches mostly focus on a single abstraction layer. OS level recovery cannot fully meet the correctness criteria defined by business process semantics, while business workflow level recovery usually results in non-executable recovery plans. In this paper, we propose a cross-layer recovery framework, called XRLF, for fast and effective post-intrusion diagnosis and recovery of compromised systems using the dependencies captured at different levels of abstraction; business workflow level and OS level. The goal of our approach is two-fold: first, to bridge the semantic gap between workflow-level and system-level recovery, thus enable comprehensive intrusion analysis and recovery; second, to automate damage assessment and recovery plan generation, thus expedite the recovery process, an otherwise time-consuming and error-prone task.

AB - Recovering mission-critical systems from intrusion is very challenging, where fast and accurate damage assessment and recovery is vital to ensure business continuity. Existing intrusion recovery approaches mostly focus on a single abstraction layer. OS level recovery cannot fully meet the correctness criteria defined by business process semantics, while business workflow level recovery usually results in non-executable recovery plans. In this paper, we propose a cross-layer recovery framework, called XRLF, for fast and effective post-intrusion diagnosis and recovery of compromised systems using the dependencies captured at different levels of abstraction; business workflow level and OS level. The goal of our approach is two-fold: first, to bridge the semantic gap between workflow-level and system-level recovery, thus enable comprehensive intrusion analysis and recovery; second, to automate damage assessment and recovery plan generation, thus expedite the recovery process, an otherwise time-consuming and error-prone task.

UR - http://www.scopus.com/inward/record.url?scp=84893802258&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84893802258&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-02726-5_15

DO - 10.1007/978-3-319-02726-5_15

M3 - Conference contribution

AN - SCOPUS:84893802258

SN - 9783319027258

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 194

EP - 212

BT - Information and Communications Security - 15th International Conference, ICICS 2013, Proceedings

ER -

Yoon E, Liu P. XLRF: A cross-layer intrusion recovery framework for damage assessment and recovery plan generation. In Information and Communications Security - 15th International Conference, ICICS 2013, Proceedings. 2013. p. 194-212. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-319-02726-5_15