An event-driven architecture for fine grained intrusion detection and attack aftermath mitigation

Jianfeng Peng, Chuan Feng, Haiyan Qiao, Jerzy W Rozenblit

Research output: Chapter in Book/Report/Conference proceedingConference contribution

4 Citations (Scopus)

Abstract

In today's computing environment, unauthorized accesses and misuse of critical data can be catastrophic to personal users, businesses, emergency services, and even national defense and security. To protect computers from the ever-increasing threat of intrusion, we propose an event-driven architecture that provides fine grained intrusion detection and decision support capability. Within this architecture, an incoming event is scrutinized by the Subject-Verb-Object multipoint monitors. Deviations from normal behavior detected by SVO monitors will trigger different alarms, which are sent to subsequent fusion and verification modules to reduce the false positive rate. The system then performs impact analysis by studying real-time system metrics, collected through the Windows Management Instrumentation interface. We add to the system the capability to assist the administrator in taking effective actions to mitigate the aftermath of an intrusion.

Original languageEnglish (US)
Title of host publicationProceedings of the International Symposium and Workshop on Engineering of Computer Based Systems
Pages55-60
Number of pages6
DOIs
StatePublished - 2007
Event14th Annual IEEE International Conference and Workshops on the Engineering of Computer-Based Systems, ECBS 2007 - Tucson, AZ, United States
Duration: Mar 26 2007Mar 29 2007

Other

Other14th Annual IEEE International Conference and Workshops on the Engineering of Computer-Based Systems, ECBS 2007
CountryUnited States
CityTucson, AZ
Period3/26/073/29/07

Fingerprint

Emergency services
Intrusion detection
Real time systems
Fusion reactions
Industry

ASJC Scopus subject areas

  • Hardware and Architecture
  • Software

Cite this

Peng, J., Feng, C., Qiao, H., & Rozenblit, J. W. (2007). An event-driven architecture for fine grained intrusion detection and attack aftermath mitigation. In Proceedings of the International Symposium and Workshop on Engineering of Computer Based Systems (pp. 55-60). [4148919] https://doi.org/10.1109/ECBS.2007.18

An event-driven architecture for fine grained intrusion detection and attack aftermath mitigation. / Peng, Jianfeng; Feng, Chuan; Qiao, Haiyan; Rozenblit, Jerzy W.

Proceedings of the International Symposium and Workshop on Engineering of Computer Based Systems. 2007. p. 55-60 4148919.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Peng, J, Feng, C, Qiao, H & Rozenblit, JW 2007, An event-driven architecture for fine grained intrusion detection and attack aftermath mitigation. in Proceedings of the International Symposium and Workshop on Engineering of Computer Based Systems., 4148919, pp. 55-60, 14th Annual IEEE International Conference and Workshops on the Engineering of Computer-Based Systems, ECBS 2007, Tucson, AZ, United States, 3/26/07. https://doi.org/10.1109/ECBS.2007.18
Peng J, Feng C, Qiao H, Rozenblit JW. An event-driven architecture for fine grained intrusion detection and attack aftermath mitigation. In Proceedings of the International Symposium and Workshop on Engineering of Computer Based Systems. 2007. p. 55-60. 4148919 https://doi.org/10.1109/ECBS.2007.18
Peng, Jianfeng ; Feng, Chuan ; Qiao, Haiyan ; Rozenblit, Jerzy W. / An event-driven architecture for fine grained intrusion detection and attack aftermath mitigation. Proceedings of the International Symposium and Workshop on Engineering of Computer Based Systems. 2007. pp. 55-60
@inproceedings{263a8dda776048ae8043c821c4ad2ba6,
title = "An event-driven architecture for fine grained intrusion detection and attack aftermath mitigation",
abstract = "In today's computing environment, unauthorized accesses and misuse of critical data can be catastrophic to personal users, businesses, emergency services, and even national defense and security. To protect computers from the ever-increasing threat of intrusion, we propose an event-driven architecture that provides fine grained intrusion detection and decision support capability. Within this architecture, an incoming event is scrutinized by the Subject-Verb-Object multipoint monitors. Deviations from normal behavior detected by SVO monitors will trigger different alarms, which are sent to subsequent fusion and verification modules to reduce the false positive rate. The system then performs impact analysis by studying real-time system metrics, collected through the Windows Management Instrumentation interface. We add to the system the capability to assist the administrator in taking effective actions to mitigate the aftermath of an intrusion.",
author = "Jianfeng Peng and Chuan Feng and Haiyan Qiao and Rozenblit, {Jerzy W}",
year = "2007",
doi = "10.1109/ECBS.2007.18",
language = "English (US)",
isbn = "0769527728",
pages = "55--60",
booktitle = "Proceedings of the International Symposium and Workshop on Engineering of Computer Based Systems",

}

TY - GEN

T1 - An event-driven architecture for fine grained intrusion detection and attack aftermath mitigation

AU - Peng, Jianfeng

AU - Feng, Chuan

AU - Qiao, Haiyan

AU - Rozenblit, Jerzy W

PY - 2007

Y1 - 2007

N2 - In today's computing environment, unauthorized accesses and misuse of critical data can be catastrophic to personal users, businesses, emergency services, and even national defense and security. To protect computers from the ever-increasing threat of intrusion, we propose an event-driven architecture that provides fine grained intrusion detection and decision support capability. Within this architecture, an incoming event is scrutinized by the Subject-Verb-Object multipoint monitors. Deviations from normal behavior detected by SVO monitors will trigger different alarms, which are sent to subsequent fusion and verification modules to reduce the false positive rate. The system then performs impact analysis by studying real-time system metrics, collected through the Windows Management Instrumentation interface. We add to the system the capability to assist the administrator in taking effective actions to mitigate the aftermath of an intrusion.

AB - In today's computing environment, unauthorized accesses and misuse of critical data can be catastrophic to personal users, businesses, emergency services, and even national defense and security. To protect computers from the ever-increasing threat of intrusion, we propose an event-driven architecture that provides fine grained intrusion detection and decision support capability. Within this architecture, an incoming event is scrutinized by the Subject-Verb-Object multipoint monitors. Deviations from normal behavior detected by SVO monitors will trigger different alarms, which are sent to subsequent fusion and verification modules to reduce the false positive rate. The system then performs impact analysis by studying real-time system metrics, collected through the Windows Management Instrumentation interface. We add to the system the capability to assist the administrator in taking effective actions to mitigate the aftermath of an intrusion.

UR - http://www.scopus.com/inward/record.url?scp=34250201509&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=34250201509&partnerID=8YFLogxK

U2 - 10.1109/ECBS.2007.18

DO - 10.1109/ECBS.2007.18

M3 - Conference contribution

AN - SCOPUS:34250201509

SN - 0769527728

SN - 9780769527727

SP - 55

EP - 60

BT - Proceedings of the International Symposium and Workshop on Engineering of Computer Based Systems

ER -