Date of Award

11-2011

Document Type

Thesis (Master's)

Department or Program

Department of Computer Science

Abstract

We believe that we can use active probing for compromise recovery. Our intent is to exploit the differences in behavior between compromised and uncompromised systems and use that information to identify those which are not behaving as expected. Those differences may indicate a deviation in either con figuration or implementation from what we expect on the network, either of which suggests that the misbehaving entity might not be trustworthy. In this work, we propose and build a case for a method for using altered behavior directly resulting from or introduced as a side-effect of the compromise of a network service to detect the presence of such a compromise. We use several case studies to illustrate our technique, and demonstrate its feasibility with a software tool developed using our method.

Comments

Listed in the Dartmouth College Computer Science Technical Report Series as TR2011-710.

Recommended Citation

Williamson, John, "The Good, the Bad, and the Actively Verified" (2011). Dartmouth College Master’s Theses. 35.
https://digitalcommons.dartmouth.edu/masters_theses/35

Download

Included in

Computer Sciences Commons

COinS

Dartmouth College Master’s Theses

The Good, the Bad, and the Actively Verified

Date of Award

Document Type

Department or Program

Abstract

Comments

Recommended Citation

Included in

Browse

Search

Contribute

Questions?

Dartmouth College Master’s Theses

The Good, the Bad, and the Actively Verified

Author

Date of Award

Document Type

Department or Program

Abstract

Comments

Recommended Citation

Included in

Share

Browse

Search

Contribute

Questions?