skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Analysis of an algorithm for distributed recognition and accountability

Abstract

Computer and network systems are available to attacks. Abandoning the existing huge infrastructure of possibly-insecure computer and network systems is impossible, and replacing them by totally secure systems may not be feasible or cost effective. A common element in many attacks is that a single user will often attempt to intrude upon multiple resources throughout a network. Detecting the attack can become significantly easier by compiling and integrating evidence of such intrusion attempts across the network rather than attempting to assess the situation from the vantage point of only a single host. To solve this problem, we suggest an approach for distributed recognition and accountability (DRA), which consists of algorithms which ``process,`` at a central location, distributed and asynchronous ``reports`` generated by computers (or a subset thereof) throughout the network. Our highest-priority objectives are to observe ways by which an individual moves around in a network of computers, including changing user names to possibly hide his/her true identity, and to associate all activities of multiple instance of the same individual to the same network-wide user. We present the DRA algorithm and a sketch of its proof under an initial set of simplifying albeit realistic assumptions. Later, we relax these assumptionsmore » to accommodate pragmatic aspects such as missing or delayed ``reports,`` clock slew, tampered ``reports,`` etc. We believe that such algorithms will have widespread applications in the future, particularly in intrusion-detection system.« less

Authors:
; ; ; ; ; ;  [1]
  1. California Univ., Davis, CA (United States). Dept. of Computer Science
Publication Date:
Research Org.:
Lawrence Livermore National Lab., CA (United States)
Sponsoring Org.:
USDOE, Washington, DC (United States)
OSTI Identifier:
10191120
Report Number(s):
UCRL-JC-115015; CONF-9311105-1
ON: DE94001773
DOE Contract Number:  
W-7405-ENG-48
Resource Type:
Conference
Resource Relation:
Conference: 1. Association for Computing Machines (ACM) conference on computer and communications security,Fairfax, VA (United States),3-5 Nov 1993; Other Information: PBD: Aug 1993
Country of Publication:
United States
Language:
English
Subject:
99 GENERAL AND MISCELLANEOUS//MATHEMATICS, COMPUTING, AND INFORMATION SCIENCE; INTRUSION DETECTION SYSTEMS; DESIGN; COMPUTER NETWORKS; COMPUTERS; SECURITY; ALGORITHMS; ORGANIZATIONAL MODELS; VULNERABILITY; 990200; MATHEMATICS AND COMPUTERS

Citation Formats

Ko, C, Frincke, D A, Goan, T Jr, Heberlein, L T, Levitt, K, Mukherjee, B, and Wee, C. Analysis of an algorithm for distributed recognition and accountability. United States: N. p., 1993. Web.
Ko, C, Frincke, D A, Goan, T Jr, Heberlein, L T, Levitt, K, Mukherjee, B, & Wee, C. Analysis of an algorithm for distributed recognition and accountability. United States.
Ko, C, Frincke, D A, Goan, T Jr, Heberlein, L T, Levitt, K, Mukherjee, B, and Wee, C. 1993. "Analysis of an algorithm for distributed recognition and accountability". United States. https://www.osti.gov/servlets/purl/10191120.
@article{osti_10191120,
title = {Analysis of an algorithm for distributed recognition and accountability},
author = {Ko, C and Frincke, D A and Goan, T Jr and Heberlein, L T and Levitt, K and Mukherjee, B and Wee, C},
abstractNote = {Computer and network systems are available to attacks. Abandoning the existing huge infrastructure of possibly-insecure computer and network systems is impossible, and replacing them by totally secure systems may not be feasible or cost effective. A common element in many attacks is that a single user will often attempt to intrude upon multiple resources throughout a network. Detecting the attack can become significantly easier by compiling and integrating evidence of such intrusion attempts across the network rather than attempting to assess the situation from the vantage point of only a single host. To solve this problem, we suggest an approach for distributed recognition and accountability (DRA), which consists of algorithms which ``process,`` at a central location, distributed and asynchronous ``reports`` generated by computers (or a subset thereof) throughout the network. Our highest-priority objectives are to observe ways by which an individual moves around in a network of computers, including changing user names to possibly hide his/her true identity, and to associate all activities of multiple instance of the same individual to the same network-wide user. We present the DRA algorithm and a sketch of its proof under an initial set of simplifying albeit realistic assumptions. Later, we relax these assumptions to accommodate pragmatic aspects such as missing or delayed ``reports,`` clock slew, tampered ``reports,`` etc. We believe that such algorithms will have widespread applications in the future, particularly in intrusion-detection system.},
doi = {},
url = {https://www.osti.gov/biblio/10191120}, journal = {},
number = ,
volume = ,
place = {United States},
year = {Sun Aug 01 00:00:00 EDT 1993},
month = {Sun Aug 01 00:00:00 EDT 1993}
}

Conference:
Other availability
Please see Document Availability for additional information on obtaining the full-text document. Library patrons may search WorldCat to identify libraries that hold this conference proceeding.

Save / Share: