Full metadata record
DC FieldValueLanguage
dc.contributor.authorLin, SCen_US
dc.contributor.authorTseng, SSen_US
dc.date.accessioned2014-12-08T15:38:30Z-
dc.date.available2014-12-08T15:38:30Z-
dc.date.issued2004-10-01en_US
dc.identifier.issn0957-4174en_US
dc.identifier.urihttp://dx.doi.org/10.1016/j.eswa.2004.05.016en_US
dc.identifier.urihttp://hdl.handle.net/11536/26359-
dc.description.abstractIntrusion tolerance is the ability of a system to continue providing (possibly degraded but) adequate services after a penetration. With the rapid development of network technology, distributed denial of service (DDoS) attacks become one of the most important issues today. In this paper, we propose a DDoS ontology to provide a common terminology for describing the DDoS models consisting of the Profile model (the representation of the behaviors of system and users) and the Defense model (the descriptions of Detection and Filter methodologies). Also, the Evaluation strategy based upon current statuses of users' behaviors is used to evaluate the degree of the intrusion tolerance of the proposed models during DDoS attacks. Based upon the ontology, four KCs (Profile model, Evaluation strategy, Detection methodology, and Filter methodology Knowledge Classes) and their relationships are then proposed, where each KC may contain a set of sub-KCs or knowledge represented as a natural rule format. For an arbitrarily given network environment, the default knowledge in the Profile KC and the Evaluation KC, the appropriate detection features in the Detection KC, and the suitable access control list policies in the Filter KC can be easily extracted and adopted by our proposed integrated knowledge acquisition framework. We are now implementing a NORM-based DDoS intrusion tolerance system for DDoS attacks to evaluate the proposed models. (C) 2004 Elsevier Ltd. All rights reserved.en_US
dc.language.isoen_USen_US
dc.subjectdistributed denial of service (DDoS)en_US
dc.subjectintrusion toleranceen_US
dc.subjectontologyen_US
dc.subjectknowledge acquisitionen_US
dc.subjectNORMen_US
dc.titleConstructing detection knowledge for DDoS intrusion toleranceen_US
dc.typeArticleen_US
dc.identifier.doi10.1016/j.eswa.2004.05.016en_US
dc.identifier.journalEXPERT SYSTEMS WITH APPLICATIONSen_US
dc.citation.volume27en_US
dc.citation.issue3en_US
dc.citation.spage379en_US
dc.citation.epage390en_US
dc.contributor.department資訊工程學系zh_TW
dc.contributor.departmentDepartment of Computer Scienceen_US
dc.identifier.wosnumberWOS:000223383800006-
dc.citation.woscount3-
Appears in Collections:Articles


Files in This Item:

  1. 000223383800006.pdf