Analysis of an algorithm for distributed recognition and accountability
Abstract
Computer and network systems are available to attacks. Abandoning the existing huge infrastructure of possibly-insecure computer and network systems is impossible, and replacing them by totally secure systems may not be feasible or cost effective. A common element in many attacks is that a single user will often attempt to intrude upon multiple resources throughout a network. Detecting the attack can become significantly easier by compiling and integrating evidence of such intrusion attempts across the network rather than attempting to assess the situation from the vantage point of only a single host. To solve this problem, we suggest an approach for distributed recognition and accountability (DRA), which consists of algorithms which ``process,`` at a central location, distributed and asynchronous ``reports`` generated by computers (or a subset thereof) throughout the network. Our highest-priority objectives are to observe ways by which an individual moves around in a network of computers, including changing user names to possibly hide his/her true identity, and to associate all activities of multiple instance of the same individual to the same network-wide user. We present the DRA algorithm and a sketch of its proof under an initial set of simplifying albeit realistic assumptions. Later, we relax these assumptionsmore »
- Authors:
-
- California Univ., Davis, CA (United States). Dept. of Computer Science
- Publication Date:
- Research Org.:
- Lawrence Livermore National Lab., CA (United States)
- Sponsoring Org.:
- USDOE, Washington, DC (United States)
- OSTI Identifier:
- 10191120
- Report Number(s):
- UCRL-JC-115015; CONF-9311105-1
ON: DE94001773
- DOE Contract Number:
- W-7405-ENG-48
- Resource Type:
- Conference
- Resource Relation:
- Conference: 1. Association for Computing Machines (ACM) conference on computer and communications security,Fairfax, VA (United States),3-5 Nov 1993; Other Information: PBD: Aug 1993
- Country of Publication:
- United States
- Language:
- English
- Subject:
- 99 GENERAL AND MISCELLANEOUS//MATHEMATICS, COMPUTING, AND INFORMATION SCIENCE; INTRUSION DETECTION SYSTEMS; DESIGN; COMPUTER NETWORKS; COMPUTERS; SECURITY; ALGORITHMS; ORGANIZATIONAL MODELS; VULNERABILITY; 990200; MATHEMATICS AND COMPUTERS
Citation Formats
Ko, C, Frincke, D A, Goan, T Jr, Heberlein, L T, Levitt, K, Mukherjee, B, and Wee, C. Analysis of an algorithm for distributed recognition and accountability. United States: N. p., 1993.
Web.
Ko, C, Frincke, D A, Goan, T Jr, Heberlein, L T, Levitt, K, Mukherjee, B, & Wee, C. Analysis of an algorithm for distributed recognition and accountability. United States.
Ko, C, Frincke, D A, Goan, T Jr, Heberlein, L T, Levitt, K, Mukherjee, B, and Wee, C. 1993.
"Analysis of an algorithm for distributed recognition and accountability". United States. https://www.osti.gov/servlets/purl/10191120.
@article{osti_10191120,
title = {Analysis of an algorithm for distributed recognition and accountability},
author = {Ko, C and Frincke, D A and Goan, T Jr and Heberlein, L T and Levitt, K and Mukherjee, B and Wee, C},
abstractNote = {Computer and network systems are available to attacks. Abandoning the existing huge infrastructure of possibly-insecure computer and network systems is impossible, and replacing them by totally secure systems may not be feasible or cost effective. A common element in many attacks is that a single user will often attempt to intrude upon multiple resources throughout a network. Detecting the attack can become significantly easier by compiling and integrating evidence of such intrusion attempts across the network rather than attempting to assess the situation from the vantage point of only a single host. To solve this problem, we suggest an approach for distributed recognition and accountability (DRA), which consists of algorithms which ``process,`` at a central location, distributed and asynchronous ``reports`` generated by computers (or a subset thereof) throughout the network. Our highest-priority objectives are to observe ways by which an individual moves around in a network of computers, including changing user names to possibly hide his/her true identity, and to associate all activities of multiple instance of the same individual to the same network-wide user. We present the DRA algorithm and a sketch of its proof under an initial set of simplifying albeit realistic assumptions. Later, we relax these assumptions to accommodate pragmatic aspects such as missing or delayed ``reports,`` clock slew, tampered ``reports,`` etc. We believe that such algorithms will have widespread applications in the future, particularly in intrusion-detection system.},
doi = {},
url = {https://www.osti.gov/biblio/10191120},
journal = {},
number = ,
volume = ,
place = {United States},
year = {Sun Aug 01 00:00:00 EDT 1993},
month = {Sun Aug 01 00:00:00 EDT 1993}
}