Detalhes bibliográficos
| Ano de defesa: |
2013 |
| Autor(a) principal: |
Oliveira, Dilton Dantas de
 |
| Orientador(a): |
Salgueiro, Ricardo José Paiva de Britto
|
| Banca de defesa: |
Não Informado pela instituição |
| Tipo de documento: |
Dissertação
|
| Tipo de acesso: |
Acesso aberto |
| Idioma: |
por |
| Instituição de defesa: |
Universidade Federal de Sergipe
|
| Programa de Pós-Graduação: |
Pós-Graduação em Ciência da Computação
|
| Departamento: |
Não Informado pela instituição
|
| País: |
BR
|
| Palavras-chave em Português: |
|
| Palavras-chave em Inglês: |
|
| Área do conhecimento CNPq: |
|
| Link de acesso: |
https://ri.ufs.br/handle/riufs/3356
|
Resumo: |
The growth in the number of connected devices, in the volume of data traffic and of applications used has shown a significant increase in the complexity of today's networks, leaving the activity of management increasingly difficult for network and system administrators. Management aspects, such as the security of these systems has been a major challenge faced by the researchers, especially considering that, in parallel, there has been also a significant increase in the degree of sophistication of malicious activities. This scenario requires the development of sophisticated security systems also, in order to prevent or contain attacks increasingly destructive to systems, such as worm attacks. And the biological inspiration has been a main ally in this endeavor, bringing several concepts and new ways of thinking and solving these problems. This work used the bio-inspired concepts of Autonomic Networks (self-managing networks inspired by the functioning of the human nervous system)and Artificial Immune Systems (computer security systems inspired by the functioning of the human immune system), to define a management architecture for network self-protection, through the prediction of security attacks. This architecture incorporates the Danger Theory immune-inspired model and uses its Dendritic Cells algorithm to correlate events and detect anomalies. The architecture analysis was performed on an Early Warning System, which uses notifications received from worm already infected machines as additional information to identify the imminence of an infection in still vulnerable machines. In the experiments the gain in time obtained with this early identification was used in the Conficker worm propagation model and the results showed a reduction in the number of infected machines and, consequently, in the worm propagation across a network |
