Dartmouth College Computer Science
Technical Report series
TR search TR listserv
|By author:||A B C D E F G H I J K L M N O P Q R S T U V W X Y Z|
|By number:||2017, 2016, 2015, 2014, 2013, 2012, 2011, 2010, 2009, 2008, 2007, 2006, 2005, 2004, 2003, 2002, 2001, 2000, 1999, 1998, 1997, 1996, 1995, 1994, 1993, 1992, 1991, 1990, 1989, 1988, 1987, 1986|
We believe that we can use active probing for compromise recovery. Our intent is to exploit the
differences in behavior between compromised and uncompromised systems and use that
information to identify those which are not behaving as expected. Those differences may indicate a
deviation in either con figuration or implementation from what we expect on the network, either of
which suggests that the misbehaving entity might not be trustworthy. In this work, we propose
and build a case for a method for using altered behavior directly resulting from or introduced as a
side-effect of the compromise of a network service to detect the presence of such a compromise. We
use several case studies to illustrate our technique, and demonstrate its feasibility with a software
tool developed using our method.
Originally submitted November 2011
Bibliographic citation for this report: [plain text] [BIB] [BibTeX] [Refer]
Or copy and paste:
John F Williamson, " The Good, the Bad, and the Actively Verified." Dartmouth Computer Science Technical Report TR2011-710, December 2011.
Notify me about new tech reports.
Search the technical reports.
To receive paper copy of a report, by mail, send your address and the TR number to reports AT cs.dartmouth.edu
Copyright notice: The documents contained in this server are included by the contributing authors as a means to ensure timely dissemination of scholarly and technical work on a non-commercial basis. Copyright and all rights therein are maintained by the authors or by other copyright holders, notwithstanding that they have offered their works here electronically. It is understood that all persons copying this information will adhere to the terms and constraints invoked by each author's copyright. These works may not be reposted without the explicit permission of the copyright holder.
Technical reports collection maintained by David Kotz.