Software rejuvenation approach to security engineering

Abstract

While traditional security mechanisms rely on preventive controls and those are limited in surviving malicious attacks, we propose a novel approach to security engineering. The objective is to characterize the attacks in real time and survive in face of attacks by using software rejuvenation. In this paper we address the critical intrusion tolerance problems ahead of intrusion detection. Firstly, the attacks are characterized by applying Principle Component Analysis (PCA) and these characterized intrusions are analyzed according to their state changes by utilizing transient state analysis. Subsequently, the software rejuvenation methods are performed by killing the intruders' processes in their tracks, halting abuse before it happens, shutting down unauthorized connection, and responding and restarting in real time. These slogans will really frustrate and deter the attacks, as the attacker can't make their progress. This is a way of survivability to increase the deterrence level against an attack in the target environment. © Springer-Verlag Berlin Heidelberg 2004.