Modelling distributed network attacks with constraints

NeMODe is a declarative system for computer network intrusion detection, providing a declarative domain specific language for describing network intrusion signatures which can span several network packets, by stating constraints over network packets, describing relations between several packets in a declarative and expressive way. It provides several back-end detection mechanisms, all based on a constraint programming framework, to perform the detection of the desired signatures. In this work, we demonstrate how to model and perform the detection of distributed network attacks using each of the detection mechanisms provided by NeMODe, based in Gecode, adaptive search and MiniSat to perform the detection of the specific intrusions. We also use the sliding network traffic window version of the adaptive search back-end detection mechanism to simulate live network traffic and evaluate the performance of the system in conditions near to real life networks

Private networks intrusion detection system by satisfying network constraints

The great development of newer technologies also carries an important growth in the number of malicious attacks [1]. Even private networks without external Internet connections suffer from those attacks. These private networks play a crucial role in the country’s security. Imagine the consequences of turning the power of an entire city down or a denial of service [2] in an air traffic control system. Because of this fact, numerous politicians, including the recently named United States of America’s president, Donald Trump, are seriously taking into consideration the huge importance of protecting the private networks from intrusions in order to assure their countries’ peace. Some people even believe that efficient Intrusion Detection Systems (IDS) [3] could be a good protection against a possible Third World War. Thus, new and more powerful security solutions need to be developed to protect our organizations’ systems