The time element in proactive network defense systems
Identifying and detecting security threats such as Trojans, resource starvation, and Denial of Service (DoS) attacks in their early stages are major challenges in delivering computer security because starvation of specific resource such as hard disk as an example does not necessary deny specific service on the network. As with any computer application, installation of a Trojan leaves a “footprint” on the systems resources such as MIB data base explained and referenced in this paper. Effects of resource starvation and DoS attacks can be resolved proactively by monitoring communication traffic. The detector must be able to recognize the symptoms against a background of a range of other (“safe”) activities, which also consume system resources. Therefore, we wished to explore the potential of an economical approach that explicitly takes into account resources used. We presented general phases of above described attacks which can be used for creating metrics to measure proactive capabilities of similar systems for intrusion detection / prevention.