Uma abordagem para detecção de ataques distribuídos e múltiplas etapas baseada na composição de serviços web voltados para à segurança
AUTOR(ES)
Leonardo Lemes Fagundes
DATA DE PUBLICAÇÃO
2006
RESUMO
With the wide use of the Internet and the proliferation of technologies to reproduce attacks, institutions have become target of a variety of intrusion activities, ranging from simple port scans to complex attacks, such as distributed denial of services and worms. Aiming to develop solutions to minimize the intruders chances to succeed in his/her activities, several research projects have been carried out in the recent years, especially in the area of intrusion detection. Most of the solutions proposed present limitations since they: (a) do not provide an appropriate notation to represent and describe multistage attacks (that allows one to model the flow in which activities are expected be observed); and (b) correlate alerts produced by a reduced group of sensors, while the ideal is to observe evidences generated by the maximum number of available services. To fulfill this gap, this work proposes a language and an architecture to detect distributed multistage attacks. The proposed language, named Multistage Attack Description Language, provides a graphic notation to represent attacks in a high level manner, as well as a textual notation, based on XML, that allows for their detailed specification. The architecture offers a uniform mechanism to communicate with different security services, enabling the subscription for events that compose the intrusion scenario, the detection of their occurrence and the tracking of the intrusion scenario evolution as a whole. The architecture also allows the execution of contention services that, once invoked, execute procedures to prevent further phases of the attack to happen. The communication among the components of this architecture is performed in accordance to the Web Services Notification standard
ASSUNTO(S)
security intrusion detection serviços web web services detecção de intrusão segurança computer network ciencia da computacao redes de computadores
ACESSO AO ARTIGO
http://bdtd.unisinos.br/tde_busca/arquivo.php?codArquivo=166Documentos Relacionados
- Uma abordagem baseada em serviços web semânticos para integração de objetos de aprendizagem.
- Uma abordagem baseada na web para resolução de entidades e criação de aquivos de autoridade
- Uma abordagem baseada em caracterisicas para o estabelecimento de contratos eletronicos para serviços Web
- A abordagem POESIA para a integração de dados e serviços na Web semantica
- Privacidade de localização geográfica em consultas a serviços públicos Web de localização: uma abordagem baseada em médias aleatórias