Ivanytsia O.V.

National mining university, Ukraine

Reliability in grid computing

 

Intruding attacks are serious problems associated with networked systems. Intruders attempt to break into a system to gain unauthorized access, misuse, and abuse the computer and networked system. The purpose of intrusion detection is to identify those intrusions of various kinds. After detecting the intrusions, the next step is to trace the locations of the intruders. Then, the follow-up warning and protection can be processed (such as blacklist, isolation, blocking etc.).

The intrusion detection problem is an inherent issue and becoming a more challenging task in collaborative computing environments, since collaborative computing environments are typically networked systems. Moreover, not only can there exist attacks from external attackers but malicious internal users in collaborative computing systems may also launch attacks.

Some main types of intrusions include attempted break-ins. Masquerade attacks. Penetration of the security control system. The models to detect these intrusions can be classified as three categories:

1.                     Misuse modeling

2.                     Anomaly modeling

3.                     Specification modeling.

Many intrusion detection systems, including distributed intrusion detection systems have been proposed. Among various intruding attacks, DoS (and Distributed DoS) attacks are the most dangerous ones because such attacks are easy to launch by attackers but hard to defend from the server or victim. Some defending approaches include single-node defending methods, multiple-node defending methods and honey pot technology.

In order to locate the intruders, two common traceback strategies have been proposed: the first type relies much on the routers in the network to send their identities to the destinations of certain packets, either encoding this information directly in rarely used bits of the IP header, or by generating a new packet to the same destination. The second type of solutions involves centralized management and logging of packet information on the network.

Intrusion detection and traceback systems themselves can be the (first) targets of attacks by intruders. Hence, they should be implemented to be secure and robust against attacks. Recently, a new powerful architecture for defending DoS/DDoS attacks, called Secure Overlay Service. Secure Overlay Service hides the target server behind an overlay network and the client requests cannot go to the target server directly, instead, they must go to Secure Overlay Access Point first. The edges of the overlay network, pass through several protecting/filtering layers, and finally arrive at the target server (if they pass all checks).

The intruding attacks can be typically classified as follows:

·     Attempted break-in:  an attacker attempts to break into a system by trying different passwords. This can be generally detected by abnormal behaviors, since the attempt may generate a high rate of password verification failures with respect to a single account or the system as a whole.

·     Masquerading or successful break-in: an attacker breaks into a system successfully via unauthorized account and password and masquerades as the legitimate user to do malicious things. This attack can he detected by abnormal profiles, strange behaviors, or violations of security constraints. The attacker may have a different login time, location, or connection type from that of the account's legitimate user. Moreover, the masquerader’s actions may differ considerably from that of the legitimate user. For example, the legitimate user may spend most of his login time on editing or compiling and linking programs, whereas the masquerader may intensively browse directories and execute system status commands.

·     Penetration by legitimate user: an authenticated user attempts to penetrate the security mechanisms in the system. This can be detected by monitoring for specific patterns of activity or violations of security constraints/system protections because such a malicious user may execute different programs or trigger more protection violations due to the attempts to access unauthorized files or programs. If his attempt is successful, he will have access to commands and files which are normally not permitted to him.

·     Leakage by legitimate user: an authenticated user tries to leak sensitive information. This can be detected by abnormal use of system resources. Because this kind of user may log into the system at unusual times or send data to a remote printer which is not normally used.

·     Inference by legitimate user: an authenticated user attempts to obtain unauthorized data from a database through aggregation and inference. This can be detected by abnormal access behaviors, because this kind of user might retrieve more records than a usual amount.

·     Trojan horse:   a program that contains or installs a malicious program. Trojan horses may appear to be useful, interesting, or at the very least harmless programs to an unsuspecting user, but are actually harmful when executed. A Trojan horse planted in or substituted for a program may behave very differently from the legitimate program in terms of its CPU time or I/O activity and thus, can be detected by abnormal usage or activity patterns of system resources.

·     Virus: a computer program written to alter the way a computer operates, without the permission or knowledge of the user, by hiding in other files containing executable codas. A true virus must have two features: replicate itself and execute itself. A virus planted in a system generally causes an increase of the frequency in terms of executable files rewritten, storage used by executable files, or a particular program being executed as the virus spreads. Some anti-virus software tries to detect and remove viruses. But new viruses continue to be created and spread.

·     Denial of service (DoS): an intruder monopolizes a resource (e.g.. network) so that the resource becomes unavailable to legitimate users. This kind of attack might have abnormally high activity with respect to the resource, whereas activity for all other users is abnormally low. DoS is one of the hardest intruding attacks.

Intruding attacks have been and will continue to be a serious problem in the security field, in particular, collaborative computing environments. As a result, intrusion detection and defense have been and will continue to be an important research area for security, in particular, trusted collaborative computing.

New and collaborative intrusion detection and defense technologies need to be investigated for existing intruding attacks and for the new attacks as well. Detection and defense mechanisms should be designed to defend themselves from attacking. The cryptographic mechanisms and trusted collaborative computing techniques should be combined into collaborative defense schemes to enhance their defending capability.

 

References:

 

1.            Albrecht Beutelspacher. Cryptology. - "The Mathematical Association of America", 2005. -172 p.:img.

2.            Carl Pomerance . Cryptology and Computational Number Theory. - "Amer Mathematical Society", 2004. -171 p.:img.

3.             Henk C. A. van Tilborg. Fundamentals of Cryptology: A Professional Reference and Interactive Tutorial. - "The Springer International Series in Engineering and Computer Science)", 2003. -313 p.:img.

4.             K. Srinathan. Progress in Cryptology. - "Computer Science / Security and Cryptology", 2007. -426 p.:img.