21,102 research outputs found
Modelling distributed network attacks with constraints
NeMODe is a declarative system for computer network intrusion detection, providing a declarative domain specific language for describing network intrusion signatures which can span several network packets, by stating constraints over network packets, describing relations between several packets in a declarative and expressive way. It provides several back-end detection mechanisms, all based on a constraint programming framework, to perform the detection of the desired signatures.
In this work, we demonstrate how to model and perform the detection of distributed network attacks using each of the detection mechanisms provided by NeMODe, based in Gecode, adaptive search and MiniSat to perform the detection of the specific intrusions. We also use the sliding network traffic window version of the adaptive search back-end detection mechanism to simulate live network traffic and evaluate the performance of the system in conditions near to real life networks
A Comprehensive Survey of Intrusion Detection Systems
Alongside with digital signatures and Cryptographic protocols, Intrusion Detection Systems (IDS) are judged to be the final contour of protection to protect a system. But the major difficulty with today’s mainly admired IDSs (Intrusion Detection System) is the invention of massive quantity of false positive (FP) alerts alongside with the true positive (TP) alerts, which is an awkward assignment for the operator to examine to arrange the proper responses. So, there is an immense requirement to discover this area of study and to discover a reasonable solution. A main disadvantage of Intrusion Detection Systems (IDSs), despite of their detection method, is the vast number of alerts they produce on a daily basis that can effortlessly exhaust security supervisors. This constraint has guide researchers in the IDS society to not only extend better detection algorithms and signature tuning methods, but to also focus on determining a variety of relations between individual alerts, formally known as alert correlation. There are a variety of approaches of intrusion detection, such as Pattern Matching, Machine Learning, Data Mining, and Measure Based Methods. This paper aims towards the proper survey of IDS so that researchers can make use of it and find the new techniques towards intrusions. Keywords: Intrusion Detection System, False positive alert, KDD Cup99, Anomaly detection, misuse detection, Machine Learning
Game Theory Approaches in Taxonomy of Intrusion Detection for MANETs
MANETs are self configuring networks that are formed by a set of wireless mobile nodes and have no fixed network infrastructure nor administrative support. Since transmission range of wireless network interfaces is limited, forwarding hosts may be needed. Each node in a wireless ad hoc network functions is as both a host and a router. Due to their communication type and resources constraint, MANETs are vulnerable to diverse types of attacks and intrusions so, security is a critical issue. Network security is usually provided in the three phases: intrusion prevention, intrusion detection and intrusion tolerance phase. However, the network security problem is far from completely solved. Researchers have been exploring the applicability of game theory approaches to address the network security issues. This paper reviews some existing game theory solutions which are designed to enhance network security in the intrusion detection phase. Keywords: Mobile Ad hoc Network (MANET), Intrusion detection system (IDS), Cluster head, host based, Game theory
Declarative domain-specific languages and applications to network monitoring
Os Sistemas de Detecção de Intrusões em Redes de Computadores são provavelmente
usados desde que existem redes de computadores. Estes sistemas têm como objectivo
monitorizarem o tráfego de rede, procurando anomalias, comportamentos indesejáveis
ou vestígios de ataques conhecidos, por forma a manter utilizadores, dados, máquinas
e serviços seguros, garantindo que as redes de computadores são locais de trabalho
seguros.
Neste trabalho foi desenvolvido um Sistema de Detecção de Intrusões em Redes de
Computadores, chamado NeMODe (NEtwork MOnitoring DEclarative approach), que
fornece mecanismos de detecção baseados em Programação por Restrições, bem como
uma Linguagem Específica de Domínio criada para modelar ataques específicos, usando
para isso metodologias de programação declarativa, permitindo relacionar vários
pacotes de rede e procurar intrusões que se propagam por vários pacotes e ao longo do
tempo.
As principais contribuições do trabalho descrito nesta tese são:
Uma abordagem declarativa aos Sistema de Detecção de Intrusões em Redes
de Computadores, incluindo mecanismos de detecção baseados em Programação
por Restrições, permitindo a detecção de ataques distribuídos ao longo de vários
pacotes e num intervalo de tempo.
Uma Linguagem Específica de Domínio baseada nos conceitos de Programação
por Restrições, usada para descrever os ataques nos quais estamos interessados
em detectar.
Um compilador para a Linguagem Específica de Domínio fornecida pelo sistema
NeMODe, capaz de gerar múltiplos detectores de ataques baseados em Gecode,
Adaptive Search e MiniSat; ### Abstract:
Network Intrusion Detection Systems (NIDSs) are in use probably ever since there
are computer networks, with the purpose of monitoring network traffic looking for
anomalies, undesired behaviors or a trace of known intrusions to keep both users, data,
hosts and services safe, ensuring computer networks are a secure place to work.
In this work, we developed a Network Intrusion Detection System (NIDS) called
NeMODe (NEtwork MOnitoring DEclarative approach), which provides a detection
mechanism based on Constraint Programming (CP) together with a Domain Specific
Language (DSL) crafted to model the specific intrusions using declarative methodologies,
able to relate several network packets and look for intrusions which span several
network packets.
The main contributions of the work described in this thesis are:
A declarative approach to Network Intrusion Detection Systems, including detection
mechanisms based on several Constraint Programming approaches, allowing
the detection of network intrusions which span several network packets and spread
over time.
A Domain Specific Language (DSL) based on Constraint Programming methodologies,
used to describe the network intrusions which we are interested in finding
on the network traffic.
A compiler for the DSL able to generate multiple detection mechanisms based on
Gecode, Adaptive Search and MiniSat
- …