Skip to main content
SpringerLink
Log in
Book cover

Kommunikation in Verteilten Systemen (KiVS) pp 397–408Cite as

Transaction-Based Intrusion Detection

  • Conference paper

Part of the book series: Informatik aktuell ((INFORMAT))

Abstract

An intrusion detection and response system can build the core of a network monitoring and control architecture. However, not all intrusion detection techniques are necessarily suited to trigger reactive mechanisms.

A crucial point is the reliable determination of the actual state of the monitored network. If this state can not be determined reliably, it is not possible to appropriately react to any disturbances. Any reaction resulting from a misinterpretation of the current state can have severe consequences for the availability and security of the network. Especially, if this misinterpretation has been intentionally provoked by an attacker. In this paper, we discuss the analogy between intrusion detection and database management systems. The transaction concept is proposed as a possible foundation for a reliable state determination based on the detection of corresponding anomalies. In order to control the reactions to detected anomalies and to provide appropriate intrusion response capabilities techniques known from active databases are used.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   69.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   91.95
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. R. G. Bace. Intrusion Detection. Macmillan Technical Publishing, 2000.

    Google Scholar 

  2. R. Büs chkes. Angriffserkennung in Kommunikationsnetzen. PhD thesis, RWTH Aachen, 2001.

    Google Scholar 

  3. E. M. Clarke, O. Grumberg, and D. Peled. Model Checking. MIT Press, 1999.

    Google Scholar 

  4. G. J. Holzmann. Design and Validation of Computer Protocols. Prentice-Hall, 1991.

    Google Scholar 

  5. T. Härder and A. Reuter. Principles of transaction-oriented database recovery. Computing Surveys, 15(4):287–317, 1983.

    Article  MathSciNet  Google Scholar 

  6. J. Hopcroft and J. Ullman. Introduction to Automata Theory, Languages, and Computation. Addison-Wesley, 1979.

    Google Scholar 

  7. C. C. W. Ko. Execution Monitoring of Security-Critical Programs in a Distributed System: A Specification-Based Approach. PhD thesis, University of California, Davis, 1996.

    Google Scholar 

  8. U. Lindqvist. On the Fundamentals of Analysis and Detection of Computer Misuse. PhD thesis, Department of Computer Engineering, Chalmers University of Technology, Göteborg, 1999.

    Google Scholar 

  9. N. W. Paton and O. Diaz. Introduction. In N. W. Paton, editor, Active Rules in Database Systems, pages 3–27. Springer, 1998.

    Google Scholar 

  10. F. B. Schneider, editor. Trust in cyberspace. National Academy Press, 1999.

    Google Scholar 

  11. G. Vossen. Datenmodelle, Datenbanksprachen und Datenbank-Management-Systeme. Addison-Wesley, 2nd edition, 1994.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. T-Mobile Deutschland GmbH, POB 300463, 53184, Bonn, Germany

    Roland Büschkes

Authors
  1. Roland Büschkes
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. LS Rechnernetze und Verteilte Systeme, Institut für Informatik, Universität Leipzig, Augustusplatz 10/11, 04109, Leipzig, Germany

    Klaus Irmscher

  2. LS Anwendungsspezifische Informationssysteme, Institut für Informatik, Universität Leipzig, Augustusplatz 10/11, 04109, Leipzig, Germany

    Klaus-Peter Fähnrich

Rights and permissions

Reprints and permissions

Copyright information

© 2003 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Büschkes, R. (2003). Transaction-Based Intrusion Detection. In: Irmscher, K., Fähnrich, KP. (eds) Kommunikation in Verteilten Systemen (KiVS). Informatik aktuell. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-55569-5_32

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-55569-5_32

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-00365-6

  • Online ISBN: 978-3-642-55569-5

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation