@inproceedings{,
	att_abstract={Detectingintrusionsearlyenoughcanbeachallengingandexpensive endeavor. While intrusion detection techniques exist for many types of vulnerabil- ities, deploying them all to catch the small number of vulnerability exploitations that might actually exist for a given system is not cost-effective. In this paper, we present FloGuard, an on-line intrusion forensics and on-demand detector selec- tion framework that provides systems with the ability to deploy the right detec- tors dynamically in a cost-effective manner when the system is threatened by an exploit. FloGuard relies on often easy-to-detect symptoms of attacks, e.g., par- ticipation in a botnet, and works backwards by iteratively deploying off-the-shelf detectors closer to the initial attack vector. The experiments using the EggDrop bot and systems with real vulnerabilities show that FloGuard can efficiently lo- calize the attack origins even for unknown vulnerabilities, and can judiciously choose appropriate detectors to prevent them from being exploited in the future.},
	att_authors={kj2681},
	att_categories={C_NSS.3},
	att_copyright={Springer},
	att_copyright_notice={The definitive version was published in The 30th International Conference on Computer Safety, Reliability and Security. SAFECOMP 2011. 
Name of Publisher copyright will be transferred to Springer {{, 2011-09-19}}
},
	att_donotupload={},
	att_private={false},
	att_projects={},
	att_tags={},
	att_techdoc={true},
	att_techdoc_key={TD:100641},
	att_url={http://web1.research.att.com:81/techdocs_downloads/TD:100641_DS1_2012-04-19T12:45:22.432Z.pdf},
	author={Kaustubh Joshi AND Saman Aliari Zonouz AND William H. Sanders},
	booktitle={Proceedings of the 30th International Conference on Computer Safety, Reliability and Security (SAFECOMP 2011)},
	institution={{The 30th International Conference on 
Computer Safety, Reliability and Security. SAFECOMP 2011.}},
	month={September},
	title={{FloGuard: Cost-aware Systemwide Intrusion Defense via Online Forensics and On-demand IDS Deployment}},
	year=2011,
}