Survey of Intrusion Defense

List of papers on the topic of intrusion defense, reaction, and tolerance.

Papers to Include

 * Operating System Stability and Security through Process Homeostasis (Anil Somayaji) [PhD thesis]
 * Crash-Only Software (George Candea and Armando Fox)
 * Automatic Data Structure Repair for Self-Healing Services (Brian Demsky and Martin Rinard)
 * Enhancing Server Availability and Security Through Failure-Oblivious Computing (OSDI 2004, Rinard et al.)
 * Vigilante (SOSP 2005)
 * Rx (SOSP 2005)
 * Building a Reactive Immune System for Software Services (USENIX ATC 2005)
 * Bouncer (SOSP 2007)
 * ShieldGen (Oakland 2007)
 * From STEM to SEAD: Speculative Execution for Automated Defense (USENIX ATC 2007)
 * Software Self-Healing Using Collaborative Application Communities (NDSS 2006)
 * Vulnerability-Specific Execution Filters (NDSS 2006)
 * Self-Healing: Science, Engineering, and Fiction. (NSPW 2007)
 * Jolt: http://arstechnica.com/science/news/2011/08/jolt-framework-lets-users-force-some-hung-programs-to-recover.ars

Paper Candidates
How Re(Pro)active Should an IDS Be? (Richard Overill) Intrusion Reaction: Recommendations for Obtaining Reaction Capabilities (Leonard J. LaPadula) Intrusion Detection and Isolation Protocol: Automated Response to Attacks (Jeff Rowe et al.) The Proactive Security Toolkit and Applications (Boaz Barak et al.) A Holistic Approach to Service Survivability (Keromytis et al.) Architecture for an Artificial Immune System (Steven Hofmeyr and Stephanie Forrest) Inoculating Software for Survivability (Anup K. Ghosh and Jeffrey M. Voas) Building Diverse Computer Systems (Stephanie Forrest, Anil Somayaji, David Ackley) Feedback Control Applied to Survivability: A Host-Based Autonomic Defense System (O. Patrick Kreidl and Tiffany M. Frazier)

On Host Defense Systems

Improving Host Security with System Call Policies (Niels Provos) Automated Response Using System-Call Delays (Anil Somayaji and Stephanie Forrest) Using Specification-Based Intrusion Detection for Automated Response (Ivan Balepin et al.) Continual Repair for Windows Using the Event Log (James Reynolds and Lawrence Clough) [forthcoming] Secure Execution Via Program Shepherding (Vladimir Kiriansky, Derek Bruening, Saman Amarasinghe) Shield: Vulnerability-Driven Network Filters for Preventing Known Vulnerability Exploits (Helen Wang et al.) AngeL: a tool to disarm computer systems (Danilo Bruschi and Emilia Rosti) Access Control Based on Execution History (Martin Abadi and Cedric Fournet)

On Network Defense Systems

A Network Worm Vaccine Architecture (Stelios Sirdigolou-Douskos and Angelos Keromytis) An Automated Defense System to Counter Internet Worms (Riccardo Scandariato and John C. Knight) A Hybrid Quarantine Defense (Phillip Porras et al.) On Achieving Software Diversity for Improved Network Security Using Distributed Coloring Algoritms (Adam J. O'Donnell and Harish Sethu) Implementing Pushback: Router-Based Defense Against DDoS Attacks (John Ioannidis and Steven M. Bellovin) Tracing Based Active Intrusion Response (X. Wang, D. Reeves, S.F. Wu) Dynamic Access Control: Preserving Safety and Trust for Network Defense Operations (Prasad Naldurg and Roy H. Campbell) Anomalous Payload-based Network Intrusion Detection (Ke Wang and Sal Stolfo) Adaptive Use of Network-Centric Mechanisms in Cyber Defense (Michael Atighetchi, Partha Pal, et al.) On-Line Intrusion Detection and Attack Prevention Using Diversity, Generate-and-Test, and Generalization (James C. Reynolds, James Just, Larry Clough, and Ryan Maglich)

Background on Automated Response and Intrusion Tolerance

Adaptation Techniques for Intrusion Detection and Intrusion Response Systems (Ragsdale, Carver, Humphries, Pooch) http://www.securityfocus.com/infocus/1540 Strike Back: Offensive Actions in Information Warfare (Donald Welch et al.) Intrusion-detection for incident-response, using a military battlefield-intelligence process (J. Yuill, S.F. Wu, et al.) Intrusion Tolerant Systems (Partha Pal et al.) Intrusion Detection, Diagnosis, and Recovery with Self-Securing Storage (John D. Strunk et al.) NIDAR: The Design and Implementation of an Intrusion Detection System (Tan Yong Tai et al.) Micael: An Autonomous Mobile Agent System to Protect New Generation Networked Applications (Queiroz et al.) Survival by Defense-Enabling (Partha Pal et al.)

Computer Immunology

Internet Quarantine: Requirements for Containing Self-Propagating Code (David Moore, Colleen Shannon, G. M. Voelker, S. Savage) A Hybrid IDS Architecture Based on the Immune System (Marcelo Reis et al.) Principles of a Computer Immune System (Anil Somayaji, Steven Hofmeyr, Stephanie Forrest) Computer Immunology (Stephanie Forrest, Steven Hofmeyr, Anil Somayaji) The Human Immune System and Network Intrusion Detection (Jungwon Kim and Petere Bentley) A Cooperative Immunization System for an Untrusting Internet (Anagnostakis, Greenwald, Ioannidis, Keromytis, Li) Cooperative Response Strategies for Large Scale Attack Mitigation (D. Nojiri, J. Rowe, K. Levitt)

System Call Interposition and Sandboxes

Hardening COTS Software with Generic Software Wrappers (Timothy Fraser, Lee Badger, Mark Feldman) Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools. (Tal Garfinkel) Synthesizing Fast Intrusion Prevention/Detection Systems from High-Level Specifications (R. Sekar and P. Uppuluri) Detecting and Countering System Intrusions Using Software Wrappers (Calvin Ko et al.) Operating System Enhancements to Prevent the Misuse of System Calls (M. Bernaschi et al.)

Misc.

A Binary Rewriting Defense Against Stack-based Buffer Overflow Attacks (Manish Prasad, Tzi-cker Chiueh) Bend, Don't Break: Using Reconfiguration to Achieve Survivability (Wolf et al.) Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits (Sandeep Bhatkar, D.C. DuVarney, R. Sekar) On the Effectiveness of Address-Space Randomization (H. Shacham et al.) Countering Code-Injection Attacks With Instruction-Set Randomization (Gaurav S. Kc, Angelos Keromytis, and Vassilis Prevelakis) Randomized Instruction Set Emulation to Disrupt Binary Code Injection Attacks (E. G. Barrantes et al.) SQLRand: Preventing SQL Injection Attacks (Stephen W. Boyd and Angelos Keromytis) Transparent Run-Time Defense Against Stack Smashing Attacks (Arash Baratloo et al.)