mdh.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Monitoring for Security Intrusion using Performance Signatures
Siemens Corporate Research, USA.
Siemens Corporate Research, USA.
Siemens Corporate Research, USA.
JHU, Applied Physics Laboratory, USA.
Show others and affiliations
2010 (English)In: WOSP/SIPEW'10 - Proceedings of the 1st Joint WOSP/SIPEW International Conference on Performance Engineering, 2010, p. 93-103Conference paper, Published paper (Refereed)
Abstract [en]

A new approach for detecting security attacks on software systems by monitoring the software system performance signatures is introduced. We present a proposed architecture for security intrusion detection using off-the-shelf security monitoring tools and performance signatures. Our approach relies on the assumption that the performance signature of the well-behaved system can be measured and that the performancesignature of several types of attacks can be identified. This assumption has been validated for operations support systems that are used to monitor large infrastructures and receive aggregated traffic that is periodic in nature. Examples of such infrastructures include telecommunications systems, transportation systems and power generation systems. In addition, significant deviation from well-behaved system performance signatures can be used to trigger alerts about new types of security attacks. We used a custom performance benchmark and five types of security attacks to deriveperformance signatures for the normal mode of operation and the security attack mode of operation. We observed that one of the types of thesecurity attacks went undetected by the off-the-shelf security monitoring tools but was detected by our approach of monitoring performance signatures. We conclude that an architecture for security intrusion detection can be effectively complemented by monitoring of performance signatures.

Place, publisher, year, edition, pages
2010. p. 93-103
National Category
Computer Engineering
Identifiers
URN: urn:nbn:se:mdh:diva-23692DOI: 10.1145/1712605.1712623ISBN: 9781605585635 (print)OAI: oai:DiVA.org:mdh-23692DiVA, id: diva2:680327
Conference
1st Joint WOSP/SIPEW International Conference on Performance Engineering, WOSP/SIPEW'10; San Jose, CA; United States; 28 January 2010 through 30 January 2010
Available from: 2013-12-17 Created: 2013-12-17 Last updated: 2018-01-11Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full text

Authority records BETA

weyuker, elaine

Search in DiVA

By author/editor
weyuker, elaine
Computer Engineering

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 46 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf