|
Dartmouth College Computer Science
Technical Report series
|
CS home
TR home
TR search
TR listserv
|
| By author:
|
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
|
| By number:
|
2012,
2011,
2010,
2009,
2008,
2007,
2006,
2005,
2004,
2003,
2002,
2001,
2000,
1999,
1998,
1997,
1996,
1995,
1994,
1993,
1992,
1991,
1990,
1989,
1988,
1987,
1986
|
The Good, the Bad, and the Actively Verified
John F Williamson
Dartmouth TR2011-710
Abstract:
We believe that we can use active probing for compromise recovery. Our intent is to exploit the
differences in behavior between compromised and uncompromised systems and use that
information to identify those which are not behaving as expected. Those �differences may indicate a
deviation in either con figuration or implementation from what we expect on the network, either of
which suggests that the misbehaving entity might not be trustworthy. In this work, we propose
and build a case for a method for using altered behavior directly resulting from or introduced as a
side-effect of the compromise of a network service to detect the presence of such a compromise. We
use several case studies to illustrate our technique, and demonstrate its feasibility with a software
tool developed using our method.
Note:
Originally submitted November 2011
PDF (192KB)
Bibliographic citation for this report:
[plain text]
[BIB]
[BibTeX]
[Refer]
Or copy and paste:
John F Williamson,
" The Good, the Bad, and the Actively Verified."
Dartmouth Computer Science Technical Report TR2011-710,
December 2011.
Notify me about new tech reports.
Search the technical reports.
To receive paper copy of a report, by mail,
send your address and the TR number to reports AT cs.dartmouth.edu
Copyright notice:
The documents contained in this server are included by the
contributing authors as a means to ensure timely dissemination of
scholarly and technical work on a non-commercial basis. Copyright and
all rights therein are maintained by the authors or by other copyright
holders, notwithstanding that they have offered their works here
electronically. It is understood that all persons copying this
information will adhere to the terms and constraints invoked by each
author's copyright. These works may not be reposted without the
explicit permission of the copyright holder.
Technical reports collection maintained by David Kotz.