SGNET

A worldwide deployable framework to support the analysis of malware threat models

Corrado Leita, Marc Dacier

Research output: Chapter in Book/Report/Conference proceedingConference contribution

29 Citations (Scopus)

Abstract

The dependability community has expressed a growing interest in the recent years for the effects of malicious, external, operational faults in computing systems, ie. intrusions. The term intrusion tolerance has been introduced to emphasize the need to go beyond what classical fault tolerant systems were able to offer. Unfortunately, as opposed to well understood accidental faults, the domain is still lacking sound data sets and models to offer rationales in the design of intrusion tolerant solutions. In this paper, we describe a framework similar in its spirit to so called honey-farms but built in a way that makes its large-scale deployment easily feasible. Furthermore, it offers a very rich level of interaction with the attackers without suffering from the drawbacks of expensive high interaction systems. The system is described, a prototype is presented as well as some preliminary results that highlight the feasibility as well as the usefulness of the approach.

Original languageEnglish
Title of host publicationProceedings - 7th European Dependable Computing Conference, EDCC-7
Pages99-109
Number of pages11
DOIs
Publication statusPublished - 2008
Externally publishedYes
Event7th European Dependable Computing Conference, EDCC-7 - Kaunas
Duration: 7 May 20089 May 2008

Other

Other7th European Dependable Computing Conference, EDCC-7
CityKaunas
Period7/5/089/5/08

Fingerprint

Farms
Acoustic waves
Malware

ASJC Scopus subject areas

  • Computer Science Applications
  • Software
  • Control and Systems Engineering

Cite this

Leita, C., & Dacier, M. (2008). SGNET: A worldwide deployable framework to support the analysis of malware threat models. In Proceedings - 7th European Dependable Computing Conference, EDCC-7 (pp. 99-109). [4555995] https://doi.org/10.1109/EDCC-7.2008.15

SGNET : A worldwide deployable framework to support the analysis of malware threat models. / Leita, Corrado; Dacier, Marc.

Proceedings - 7th European Dependable Computing Conference, EDCC-7. 2008. p. 99-109 4555995.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Leita, C & Dacier, M 2008, SGNET: A worldwide deployable framework to support the analysis of malware threat models. in Proceedings - 7th European Dependable Computing Conference, EDCC-7., 4555995, pp. 99-109, 7th European Dependable Computing Conference, EDCC-7, Kaunas, 7/5/08. https://doi.org/10.1109/EDCC-7.2008.15
Leita C, Dacier M. SGNET: A worldwide deployable framework to support the analysis of malware threat models. In Proceedings - 7th European Dependable Computing Conference, EDCC-7. 2008. p. 99-109. 4555995 https://doi.org/10.1109/EDCC-7.2008.15
Leita, Corrado ; Dacier, Marc. / SGNET : A worldwide deployable framework to support the analysis of malware threat models. Proceedings - 7th European Dependable Computing Conference, EDCC-7. 2008. pp. 99-109
@inproceedings{808d240124874fe3aa01aea9ae24ea4c,
title = "SGNET: A worldwide deployable framework to support the analysis of malware threat models",
abstract = "The dependability community has expressed a growing interest in the recent years for the effects of malicious, external, operational faults in computing systems, ie. intrusions. The term intrusion tolerance has been introduced to emphasize the need to go beyond what classical fault tolerant systems were able to offer. Unfortunately, as opposed to well understood accidental faults, the domain is still lacking sound data sets and models to offer rationales in the design of intrusion tolerant solutions. In this paper, we describe a framework similar in its spirit to so called honey-farms but built in a way that makes its large-scale deployment easily feasible. Furthermore, it offers a very rich level of interaction with the attackers without suffering from the drawbacks of expensive high interaction systems. The system is described, a prototype is presented as well as some preliminary results that highlight the feasibility as well as the usefulness of the approach.",
author = "Corrado Leita and Marc Dacier",
year = "2008",
doi = "10.1109/EDCC-7.2008.15",
language = "English",
isbn = "9780769531380",
pages = "99--109",
booktitle = "Proceedings - 7th European Dependable Computing Conference, EDCC-7",

}

TY - GEN

T1 - SGNET

T2 - A worldwide deployable framework to support the analysis of malware threat models

AU - Leita, Corrado

AU - Dacier, Marc

PY - 2008

Y1 - 2008

N2 - The dependability community has expressed a growing interest in the recent years for the effects of malicious, external, operational faults in computing systems, ie. intrusions. The term intrusion tolerance has been introduced to emphasize the need to go beyond what classical fault tolerant systems were able to offer. Unfortunately, as opposed to well understood accidental faults, the domain is still lacking sound data sets and models to offer rationales in the design of intrusion tolerant solutions. In this paper, we describe a framework similar in its spirit to so called honey-farms but built in a way that makes its large-scale deployment easily feasible. Furthermore, it offers a very rich level of interaction with the attackers without suffering from the drawbacks of expensive high interaction systems. The system is described, a prototype is presented as well as some preliminary results that highlight the feasibility as well as the usefulness of the approach.

AB - The dependability community has expressed a growing interest in the recent years for the effects of malicious, external, operational faults in computing systems, ie. intrusions. The term intrusion tolerance has been introduced to emphasize the need to go beyond what classical fault tolerant systems were able to offer. Unfortunately, as opposed to well understood accidental faults, the domain is still lacking sound data sets and models to offer rationales in the design of intrusion tolerant solutions. In this paper, we describe a framework similar in its spirit to so called honey-farms but built in a way that makes its large-scale deployment easily feasible. Furthermore, it offers a very rich level of interaction with the attackers without suffering from the drawbacks of expensive high interaction systems. The system is described, a prototype is presented as well as some preliminary results that highlight the feasibility as well as the usefulness of the approach.

UR - http://www.scopus.com/inward/record.url?scp=51549108952&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=51549108952&partnerID=8YFLogxK

U2 - 10.1109/EDCC-7.2008.15

DO - 10.1109/EDCC-7.2008.15

M3 - Conference contribution

SN - 9780769531380

SP - 99

EP - 109

BT - Proceedings - 7th European Dependable Computing Conference, EDCC-7

ER -