Should we focus on blocking cyber attacks or tolerating them?

Even though blocking all cyber-attacks including newly-generated attacks is not possible, robust intrusion tolerance could be given to crucial systems through adaptive intrusion tolerance systems such as Adaptive Cluster Transformation (ACT).

Article  |  Fall 2014

As cyber threats are  ever-growing concerns, various studies on cyber security have received a great deal of attention these days. In this context, it is natural to hit upon the question, “Is it possible to develop the perfect solution that can block every kind of cyber attack?” Unfortunately, the answer is “No” because new cyber attacks appear each day. To overcome this problem, Intrusion Tolerant System (ITS) has been proposed, which focuses on not defending against every type of attacks but maintaining crucial services only by using the redundancy and diversity of main components.

Professor Hyunsoo Yoon’s team from the Department of Computer Science at KAIST has designed various adaptive ITSs. Professor Yoon said, “Current security solutions such as IDS or Firewalls require a great deal of information on the cyber attacks in advance. It means that the advent of a new attack is always ahead of its defense solution. Development of an intelligent ITS is the only appropriate solution to prevent system or security failure even if new types of attacks are generated.”

Dr. Jungmin Lim has studied a novel ITS scheme, called Adaptive Cluster Transformation (ACT) [1]. The main purpose of ACT is to transform the cluster, a set of active servers, in an adaptive manner. Accordingly, ACT gives the system more capabilities to maintain a proper level of service provision as well as to resist against resource saturation attacks, like Denial of Service (DoS) attacks, even under extremely harsh conditions. In addition to ACT, Dr. Lim and his colleagues have written a number of papers on this subject and achieved great accomplishments including three best paper awards [2][3][4][5]. Currently, the trials to implement network-based ITS under real environments are being conducted very actively, and more advanced achievements are expected in the near future.

[1] J. Lim, Y. Kim, D. Koo, S. Lee, S. Doo, and H. Yoon, “A novel Adaptive Cluster Transformation (ACT)-based intrusion tolerance architecture for hybrid information technology”, The Journal of Supercomputing, Vol.66, pp.918-935, Nov. 2013

[2] J. Lim, Y. Kim, D. Koo, S. Lee, S. Doo, and H. Yoon, “The Design and Evaluation of a Novel Adaptive Cluster Transformation (ACT)–based Intrusion Tolerant Architecture “, 2012 World Convergence Conference, Jul.2012.

[3] Y. Kim, J. Lim, S. Doo, and H. Yoon, “The design of adaptive intrusion tolerant system (ITS) based on historical data”, 2012 International Conference for Internet Technology And Secured Transactions, pp.662-667, Dec.2012.

[4] J. Lim, S. Doo, and H. Yoon, “The Design of a Robust Intrusion Tolerance System through Advanced Adaptive Cluster Transformation and Vulnerability-Based VM Selection”, Military Communications Conference, MILCOM 2013, pp.1422-1428, Nov.2013.

[5] J. Lim, S. Song, S. Doo, and H. Yoon, “The Design of a New Virtualization-based Server Cluster System Targeting for Ubiquitous IT Systems”, U-GIT 2014, Jul.2014