mdh.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Monitoring for Security Intrusion using Performance Signatures
Siemens Corporate Research, USA.
Siemens Corporate Research, USA.
Siemens Corporate Research, USA.
JHU, Applied Physics Laboratory, USA.
Show others and affiliations
2010 (English)In: WOSP/SIPEW'10 - Proceedings of the 1st Joint WOSP/SIPEW International Conference on Performance Engineering, 2010, 93-103 p.Conference paper, Published paper (Refereed)
Abstract [en]

A new approach for detecting security attacks on software systems by monitoring the software system performance signatures is introduced. We present a proposed architecture for security intrusion detection using off-the-shelf security monitoring tools and performance signatures. Our approach relies on the assumption that the performance signature of the well-behaved system can be measured and that the performancesignature of several types of attacks can be identified. This assumption has been validated for operations support systems that are used to monitor large infrastructures and receive aggregated traffic that is periodic in nature. Examples of such infrastructures include telecommunications systems, transportation systems and power generation systems. In addition, significant deviation from well-behaved system performance signatures can be used to trigger alerts about new types of security attacks. We used a custom performance benchmark and five types of security attacks to deriveperformance signatures for the normal mode of operation and the security attack mode of operation. We observed that one of the types of thesecurity attacks went undetected by the off-the-shelf security monitoring tools but was detected by our approach of monitoring performance signatures. We conclude that an architecture for security intrusion detection can be effectively complemented by monitoring of performance signatures.

Place, publisher, year, edition, pages
2010. 93-103 p.
National Category
Computer Engineering
Identifiers
URN: urn:nbn:se:mdh:diva-23692DOI: 10.1145/1712605.1712623ISBN: 9781605585635 (print)OAI: oai:DiVA.org:mdh-23692DiVA: diva2:680327
Conference
1st Joint WOSP/SIPEW International Conference on Performance Engineering, WOSP/SIPEW'10; San Jose, CA; United States; 28 January 2010 through 30 January 2010
Available from: 2013-12-17 Created: 2013-12-17 Last updated: 2015-07-31Bibliographically approved

Open Access in DiVA

No full text

Other links

Publisher's full text

Search in DiVA

By author/editor
weyuker, elaine
Computer Engineering

Search outside of DiVA

GoogleGoogle Scholar

Altmetric score

Total: 18 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf