Hybrid Recovery-Based Intrusion Tolerant System for Practical Cyber-Defense

Bumsoon JANG  Seokjoo DOO  Soojin LEE  Hyunsoo YOON  

IEICE TRANSACTIONS on Information and Systems   Vol.E99-D   No.4   pp.1081-1091
Publication Date: 2016/04/01
Publicized: 2016/01/29
Online ISSN: 1745-1361
DOI: 10.1587/transinf.2015CYP0006
Type of Manuscript: Special Section PAPER (Special Section on Cyberworlds)
intrusion tolerant system (ITS),  hybrid recovery,  availability-driven recovery,  dynamic cluster resizing,  mission-critical application,  

Full Text: PDF(2.9MB)>>
Buy this Article

Due to the periodic recovery of virtual machines regardless of whether malicious intrusions exist, proactive recovery-based Intrusion Tolerant Systems (ITSs) are being considered for mission-critical applications. However, the virtual replicas can easily be exposed to attacks during their working period, and additionally, proactive recovery-based ITSs are ineffective in eliminating the vulnerability of exposure time, which is closely related to service availability. To address these problems, we propose a novel hybrid recovery-based ITS in this paper. The proposed method utilizes availability-driven recovery and dynamic cluster resizing. The availability-driven recovery method operates the recovery process by both proactive and reactive ways for the system to gain shorter exposure times and higher success rates. The dynamic cluster resizing method reduces the overhead of the system that occurs from dynamic workload fluctuations. The performance of the proposed ITS with various synthetic and real workloads using CloudSim showed that it guarantees higher availability and reliability of the system, even under malicious intrusions such as DDoS attacks.