Analysis of an algorithm for distributed recognition and accountability

Ko, C; Frincke, D A; Goan, T Jr; Heberlein, L T; Levitt, K; Mukherjee, B; Wee, C

Title: Analysis of an algorithm for distributed recognition and accountability

Conference · Sun Aug 01 00:00:00 EDT 1993

OSTI ID:10191120

Ko, C; Frincke, D A; Goan, T Jr; Heberlein, L T; Levitt, K; Mukherjee, B; Wee, C ^[1]

California Univ., Davis, CA (United States). Dept. of Computer Science

Computer and network systems are available to attacks. Abandoning the existing huge infrastructure of possibly-insecure computer and network systems is impossible, and replacing them by totally secure systems may not be feasible or cost effective. A common element in many attacks is that a single user will often attempt to intrude upon multiple resources throughout a network. Detecting the attack can become significantly easier by compiling and integrating evidence of such intrusion attempts across the network rather than attempting to assess the situation from the vantage point of only a single host. To solve this problem, we suggest an approach for distributed recognition and accountability (DRA), which consists of algorithms which ``process,`` at a central location, distributed and asynchronous ``reports`` generated by computers (or a subset thereof) throughout the network. Our highest-priority objectives are to observe ways by which an individual moves around in a network of computers, including changing user names to possibly hide his/her true identity, and to associate all activities of multiple instance of the same individual to the same network-wide user. We present the DRA algorithm and a sketch of its proof under an initial set of simplifying albeit realistic assumptions. Later, we relax these assumptions to accommodate pragmatic aspects such as missing or delayed ``reports,`` clock slew, tampered ``reports,`` etc. We believe that such algorithms will have widespread applications in the future, particularly in intrusion-detection system.

View Conference

Cite

Export

Save

Research Organization:: Lawrence Livermore National Lab., CA (United States)

Sponsoring Organization:: USDOE, Washington, DC (United States)

DOE Contract Number:: W-7405-ENG-48

OSTI ID:: 10191120

Report Number(s):: UCRL-JC-115015; CONF-9311105-1; ON: DE94001773

Resource Relation:: Conference: 1. Association for Computing Machines (ACM) conference on computer and communications security,Fairfax, VA (United States),3-5 Nov 1993; Other Information: PBD: Aug 1993

Country of Publication:: United States

Language:: English

Similar Records

Countering Cyber Sabotage: Introducing Consequence-Driven Cyber-Informed Engineering (CCE)

Book · Wed Sep 01 00:00:00 EDT 2021 · OSTI ID:10191120

Bochman, Andrew A; Freeman, Sarah G

Anomaly detection enhanced classification in computer intrusion detection

Conference · Tue Jan 01 00:00:00 EST 2002 · OSTI ID:10191120

Fugate, M L; Gattiker, J R

A Cyber-Physical Anomaly Detection for Wide-Area Protection Using Machine Learning

Journal Article · Wed Mar 17 00:00:00 EDT 2021 · IEEE Transactions on Smart Grid · OSTI ID:10191120

Singh, Vivek Kumar; Govindarasu, Manimaran

Related Subjects

99 GENERAL AND MISCELLANEOUS//MATHEMATICS, COMPUTING, AND INFORMATION SCIENCE
INTRUSION DETECTION SYSTEMS
DESIGN
COMPUTER NETWORKS
COMPUTERS
SECURITY
ALGORITHMS
ORGANIZATIONAL MODELS
VULNERABILITY
990200
MATHEMATICS AND COMPUTERS

Title: Analysis of an algorithm for distributed recognition and accountability

Citation Formats

Similar Records

Related Subjects