|
Abstract - Technical Program - ID 99
Real-time Intrusion Detection and Suppression in ATM Networks
R. Bettati, W. Zhao, and D. Teodor, Texas A&M University
Abstract
Distributed mission critical systems require support for
ultra-secure communication, in which intrusions must be detected and
suppressed in real time, possibly before the affected messages reach
the receiver. When the distributed application has real-time
requirements, the effects of intrusion are particularly severe. In
addition to covered channels and potentially tampered data at the
receiver, such systems may experience violations of timing
requirements and timing instabilities in components not directly
related to the intrusion. Systems with real-time requirements have
admission and access control mechanisms in place to ensure that timing
requirements can be met during normal operation. Such admission
control mechanisms require load profiles of traffic (for example in
form of leaky bucket descriptors) so that resources can be
appropriately allocated to meet application requirements during system
operation. In this paper, we report on our project aiming at
real-time detection of intrusions in ATM networks. We take advantage
of the specification of the traffic profile during connection setup,
and use a traffic modeling technique to determine the profile of the
traffic on the connection in an arbitrary point in the network, thus
providing a base line for detection of load deviations. We designed
and analyzed a security device that uses the profile information,
detects violations. The traffic is modeled in an accurate but
efficient manner. As a result, our device is able to detect an
intrusion within 25  s, yet is simple enough to be economically
realized in existing VLSI technology.
- View the full text of this paper in
HTML form and
PDF form.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
- To become a USENIX Member, please see our Membership Information.
|
Need help? Use our Contacts page.
Technical Program