An Autonomic Framework for Integrating Security and Quality of Service Support in Databases

Similar documents
A Survey of Self-Protecting Computing Systems

Resource allocation for autonomic data centers using analytic performance models.

Big Data Analytics for Host Misbehavior Detection

Anatomy of a Real-Time Intrusion Prevention System

Collaborative Intrusion Detection System : A Framework for Accurate and Efficient IDS. Outline

Evading Network Anomaly Detection Sytems - Fogla,Lee. Divya Muthukumaran

Communication Pattern Anomaly Detection in Process Control Systems

APP-ID. A foundation for visibility and control in the Palo Alto Networks Security Platform

Flowzilla: A Methodology for Detecting Data Transfer Anomalies in Research Networks. Anna Giannakou, Daniel Gunter, Sean Peisert

ON THE USE OF PERFORMANCE MODELS TO DESIGN SELF-MANAGING COMPUTER SYSTEMS

Adapting Mixed Workloads to Meet SLOs in Autonomic DBMSs

Fuzzy Intrusion Detection

A Quantitative Framework for Cyber Moving Target Defenses

INFORMATION ASSURANCE DIRECTORATE

Towards Model-based Management of Database Fragmentation

Forecasting Oracle Performance

Intrusion Detection Systems

Basic Concepts in Intrusion Detection

On the Use of Performance Models in Autonomic Computing

NetDefend Firewall UTM Services

Lecture Notes on Critique of 1998 and 1999 DARPA IDS Evaluations

Inital Starting Point Analysis for K-Means Clustering: A Case Study

Distributed Denial of Service (DDoS)

Statistical Anomaly Intrusion Detection System

Local Search. (Textbook Chpt 4.8) Computer Science cpsc322, Lecture 14. May, 30, CPSC 322, Lecture 14 Slide 1

Handling Web and Database Requests Using Fuzzy Rules for Anomaly Intrusion Detection

How data analytics can be used to improve the network performance: some use cases

MACHINE LEARNING & INTRUSION DETECTION: HYPE OR REALITY?

Syllabus: AIT Information Systems Infrastructure Lifecycle Management

SECURING THE NEXT GENERATION DATA CENTER. Leslie K. Lambert Juniper Networks VP & Chief Information Security Officer July 18, 2011

HoneyV: A Virtualized Honeynet System Based on Network Softwarization

Combining Moving Target Defense with Autonomic Systems. Warren Connell 7 Dec 15

CSE 565 Computer Security Fall 2018

Maximum Security with Minimum Impact : Going Beyond Next Gen

How to Test an IDS? GENESIDS: An Automated System for Generating Attack Traffic

A Framework for Utility-Based Service Oriented Design in SASSY

Utility-based Optimal Service Selection for Business Processes in Service Oriented Architectures

ADAPTIVE AND DYNAMIC LOAD BALANCING METHODOLOGIES FOR DISTRIBUTED ENVIRONMENT

A Hybrid Intrusion Detection System Of Cluster Based Wireless Sensor Networks

AUTOMATED SECURITY ASSESSMENT AND MANAGEMENT OF THE ELECTRIC POWER GRID

PALANTIR CYBERMESH INTRODUCTION

Intrusion Detection Systems Overview

Means for Intrusion Detection. Intrusion Detection. INFO404 - Lecture 13. Content

NETWORK THREATS DEMAN

Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures

Predictive malware response testing methodology. Contents. 1.0 Introduction. Methodology version 1.0; Created 17/01/2018

Digital Forensics Readiness PREPARE BEFORE AN INCIDENT HAPPENS

Top-Down Network Design

Verification and Validation of X-Sim: A Trace-Based Simulator

CloudSOC and Security.cloud for Microsoft Office 365

Supervised vs unsupervised clustering

INFORMATION ASSURANCE DIRECTORATE

Network Anomaly Detection Using Autonomous System Flow Aggregates

Local Search. (Textbook Chpt 4.8) Computer Science cpsc322, Lecture 14. Oct, 7, CPSC 322, Lecture 14 Slide 1

INTRUSION RESPONSE SYSTEM TO AVOID ANOMALOUS REQUEST IN RDBMS

Accommodating Bursts in Distributed Stream Processing Systems

SLA-Aware Adaptive Data Broadcasting in Wireless Environments. Adrian Daniel Popescu

Analysis of Black-Hole Attack in MANET using AODV Routing Protocol

APPLICATION OF INTRUSION DETECTION SOFTWARE TO PROTECT TELEMETRY DATA IN OPEN NETWORKED COMPUTER ENVIRONMENTS.

Best Practices for Setting BIOS Parameters for Performance

Lecture 12 Malware Defenses. Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides based on Bailey s ECE 422

Project Proposal. ECE 526 Spring Modified Data Structure of Aho-Corasick. Benfano Soewito, Ed Flanigan and John Pangrazio

Table 9.1 Types of Scheduling

Self Learning Networks An Overview

Voice, Video and Data Convergence:

Daniel A. Menascé, Ph. D. Dept. of Computer Science George Mason University

Baseline Scheduling with ProTrack

Managing Latency in IPS Networks

Computer Security: Principles and Practice

Net-Centric Systems Design and Requirements Development in today s environment of Cyber warfare

Detecting Manipulated Remote Call Streams

Threat Centric Vulnerability Management

INFORMATION ASSURANCE DIRECTORATE

HOW TO CHOOSE A NEXT-GENERATION WEB APPLICATION FIREWALL

Ensure you write your exam number on any sheets which are to be handed in. This paper consists of THREE pages and FOUR questions.

Developing the Sensor Capability in Cyber Security

Decision Trees Dr. G. Bharadwaja Kumar VIT Chennai

Enterasys 2B Enterasys Certified Internetworking Engineer(ECIE)

Pushing the limits of CAN - Scheduling frames with offsets provides a major performance boost

EFFECTIVE SERVICE PROVIDER DDOS PROTECTION THAT SAVES DOLLARS AND MAKES SENSE

A Scalable Architecture for Countering Network-Centric Insider Threats

Intrusion Detection. Overview. Intrusion vs. Extrusion Detection. Concepts. Raj Jain. Washington University in St. Louis

OSSIM Fast Guide

Evaluating BFT Protocols for Spire

Top-Down Network Design

Double Guard: Detecting intrusions in Multitier web applications with Security

CAMNEP: Multistage Collective Network Behavior Analysis System with Hardware Accelerated NetFlow Probes

Threat Detection and Mitigation for IoT Systems using Self Learning Networks (SLN)

Configuring Traffic System Reports

Internet Traffic Classification using Machine Learning

A Scalability Analysis of an Architecture for Countering Network-Centric Insider Threats

7. Decision or classification trees

Traffic system reports

Agenda. Review: DNS Security Intrusion Detection and Prevention Systems 1/21

STANDARD INFORMATION SHARING FORMATS. Will Semple Head of Threat and Vulnerability Management New York Stock Exchange

Batch Jobs Performance Testing

Method for security monitoring and special filtering traffic mode in info communication systems

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 9 Performing Vulnerability Assessments

CSci530 Final Exam. Fall 2011

Deployment Guides. Help Documentation

Transcription:

An Autonomic Framework for Integrating Security and Quality of Service Support in Databases Firas Alomari The Volgenau School of Engineering George Mason University Daniel A. Menasce Department of Computer Science George Mason University Summarized by Harsha Balachandran

Introduction Autonomic computing systems are self-* systems that improve certain QoS goals or maintain them. These large, complex and emerging e-business systems also require heavy database interaction an increase in number of security mechanisms. Previous work focused on both individually. Problem : Cannot compromise either as it requires a system administrator to specify the required QoS and security parameters separately and monitor them. Solution : Autonomic controller using Intrusion Detection and Prevention Systems(IDPSs).

Intrusion Detection and Prevention Systems(IDPSs) Determine the normal behavior of users accessing the database. Any deviation is treated as intrusion. There are two main models of IDPSs: anomaly detection : Compares user s normal behavior and their session data. A profile is built using queries issued to the database or the results of the queries executed. misuse detection : Compares user s session with signatures of known attacks previously used. Challenges: System accuracy represented by false positives and false negatives. Solutions usually target specific scenarios and treat users uniformly. Impact on QoS requirements. Combining techniques compromises QoS. Solution : Use Autonomic controller to integrate QoS and security by dynamically varying security configurations based on workload.

Framework : Environment Combination of IDPSs to achieve max security. Syntax-centric techniques use query itself to evaluate the transactions submitted to the database. evaluates requests before they are submitted to the database. Data-centric techniques use query results to evaluate the transaction legitimacy. evaluates query results before they are passed back to the users. Overall response time of the system depends on the workload intensity, the number and type of security mechanisms used, and the overhead associated with each mechanism.

Framework : Environment To deal with large number of users. Classify users into roles and specify either a profile/behavior for each role. Identify attack categories. specific scenario targeted. type of users targeted. Evaluate effectiveness of defense mechanism for each said category and overhead. Catalog of attack probabilities can be built by system analysis of database threats. Goal : Find max security level without compromising on QoS.

Framework : Environment Incoming requests are labeled according to the user s role. The autonomic controller evaluates requests and send them to one or more of IDPSs. The controller is executed at certain intervals to obtain performance values. identify possible configurations that can be applied. compute performance and security metrics recommend a combination for the highest security level that meets the QoS requirements for a given workload. System is reconfigured to apply the new security policy to incoming requests.

Notation and Controller Policy Definitions N = K+M is Total number of Security mechanisms K is number of syntax centric mechanisms. M is number of data centric mechanisms. R is number of user roles. A is number of attack categories. ar,j is likelihood of observing attack j by role r, di,j is detection rate of attack j by security mechanism i. oi is overhead for mechanism i. The policy for role r is ρr = (εr,1,...,εr,i,...,εr,n),where εr,i =0 if security mechanism i is not used for role r transactions and equal to 1 otherwise. The overall system policy is then characterized by the vector ρ = ( ρ 1,..., ρ R).

Utility Function security utility for each role is a function of security mechanisms applied to the role. Detection probabilities of each mechanism is different. The resulting utility is simplified using exponential averaging to meet the design. Total security utility is the weighted sum of all roles where Total response time utility is the weighted sum of all response time utility functions. Global utility can be written as a function of the policy, mechanisms overhead, workload and attack likelihood matrix. models risk and preferences for a role.

Controller Architecture Uses heuristic search technique to find a near optimal configuration that maximizes the global utility function and meet the QoS and security requirements. The search for a new configuration is based on a greedy hill climbing-method. Sometimes high workloads, due to high demands or malicious attacks, result in a policy with no security mechanisms. add constraints to performance to guarantee minimum security level irrespectively.

Queuing Network Model computes QoS values/performance for a given configuration. IDPSs mechanisms are modeled concurrently. Even though mechanisms can be executed concurrently, the controller must wait for all of them to finish before deciding on the policy. The values of approximation for average reponse time for validate the controller s ability and usefulness.

Experimental Evaluation & Results

Experimental Evaluation & Results

Experimental Evaluation & Results

Related Work & Conclusion Other works include almost everything used in this paper but independently. Geared towards specific products and scenarios Rely on system administrator to integrate and configure the system. Review Paper addresses QoS and security requirements jointly even though they may be conflicting. Policy improves to maximize utility. Controller estimates performance impact of security policies and makes assignment decisions dynamically.

Future Work Exploring more utility expressions that better capture the system s security requirements. Accuracy of the IDPSs, does not consider false positive and negatives and their significance. Evaluating using real data. Controller can be extended to predict workloads. include dynamic intervals for varied workload. evaluate other heuristic techniques.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback