15 research outputs found
Modelling distributed network attacks with constraints
NeMODe is a declarative system for computer network intrusion detection, providing a declarative domain specific language for describing network intrusion signatures which can span several network packets, by stating constraints over network packets, describing relations between several packets in a declarative and expressive way. It provides several back-end detection mechanisms, all based on a constraint programming framework, to perform the detection of the desired signatures.
In this work, we demonstrate how to model and perform the detection of distributed network attacks using each of the detection mechanisms provided by NeMODe, based in Gecode, adaptive search and MiniSat to perform the detection of the specific intrusions. We also use the sliding network traffic window version of the adaptive search back-end detection mechanism to simulate live network traffic and evaluate the performance of the system in conditions near to real life networks
Declarative domain-specific languages and applications to network monitoring
Os Sistemas de Detecção de Intrusões em Redes de Computadores são provavelmente
usados desde que existem redes de computadores. Estes sistemas têm como objectivo
monitorizarem o tráfego de rede, procurando anomalias, comportamentos indesejáveis
ou vestígios de ataques conhecidos, por forma a manter utilizadores, dados, máquinas
e serviços seguros, garantindo que as redes de computadores são locais de trabalho
seguros.
Neste trabalho foi desenvolvido um Sistema de Detecção de Intrusões em Redes de
Computadores, chamado NeMODe (NEtwork MOnitoring DEclarative approach), que
fornece mecanismos de detecção baseados em Programação por Restrições, bem como
uma Linguagem Específica de Domínio criada para modelar ataques específicos, usando
para isso metodologias de programação declarativa, permitindo relacionar vários
pacotes de rede e procurar intrusões que se propagam por vários pacotes e ao longo do
tempo.
As principais contribuições do trabalho descrito nesta tese são:
Uma abordagem declarativa aos Sistema de Detecção de Intrusões em Redes
de Computadores, incluindo mecanismos de detecção baseados em Programação
por Restrições, permitindo a detecção de ataques distribuídos ao longo de vários
pacotes e num intervalo de tempo.
Uma Linguagem Específica de Domínio baseada nos conceitos de Programação
por Restrições, usada para descrever os ataques nos quais estamos interessados
em detectar.
Um compilador para a Linguagem Específica de Domínio fornecida pelo sistema
NeMODe, capaz de gerar múltiplos detectores de ataques baseados em Gecode,
Adaptive Search e MiniSat; ### Abstract:
Network Intrusion Detection Systems (NIDSs) are in use probably ever since there
are computer networks, with the purpose of monitoring network traffic looking for
anomalies, undesired behaviors or a trace of known intrusions to keep both users, data,
hosts and services safe, ensuring computer networks are a secure place to work.
In this work, we developed a Network Intrusion Detection System (NIDS) called
NeMODe (NEtwork MOnitoring DEclarative approach), which provides a detection
mechanism based on Constraint Programming (CP) together with a Domain Specific
Language (DSL) crafted to model the specific intrusions using declarative methodologies,
able to relate several network packets and look for intrusions which span several
network packets.
The main contributions of the work described in this thesis are:
A declarative approach to Network Intrusion Detection Systems, including detection
mechanisms based on several Constraint Programming approaches, allowing
the detection of network intrusions which span several network packets and spread
over time.
A Domain Specific Language (DSL) based on Constraint Programming methodologies,
used to describe the network intrusions which we are interested in finding
on the network traffic.
A compiler for the DSL able to generate multiple detection mechanisms based on
Gecode, Adaptive Search and MiniSat
Large-scale parallelism for constraint-based local search: the costas array case study
International audienceWe present the parallel implementation of a constraint-based Local Search algorithm and investigate its performance on several hardware plat-forms with several hundreds or thousands of cores. We chose as the basis for these experiments the Adaptive Search method, an efficient sequential Local Search method for Constraint Satisfaction Problems (CSP). After preliminary experiments on some CSPLib benchmarks, we detail the modeling and solving of a hard combinatorial problem related to radar and sonar applications: the Costas Array Problem. Performance evaluation on some classical CSP bench-marks shows that speedups are very good for a few tens of cores, and good up to a few hundreds of cores. However for a hard combinatorial search problem such as the Costas Array Problem, performance evaluation of the sequential version shows results outperforming previous Local Search implementations, while the parallel version shows nearly linear speedups up to 8,192 cores. The proposed parallel scheme is simple and based on independent multi-walks with no communication between processes during search. We also investigated a cooperative multi-walk scheme where processes share simple information, but this scheme does not seem to improve performance
A Massively Parallel Combinatorial Optimization Algorithm for the Costas Array Problem
National audienceFor a few decades the family of Local Search methods and Metaheuristics has been quite successful in solving large real-life problems. Applying Local Search to Constraint Satisfaction Problems (CSPs) has also been attracting some interest as it can tackle CSPs instances far beyond the reach of classical propagation-based solvers. In this research we address the issue of parallelizing constraint solvers for massively parallel architectures, with the aim of tackling platforms with several thousands of CPUs. A design principle implied by this goal is to abandon the classical model of shared data structures which have been developed for shared-memory architectures or tightly controlled master-slave communication in cluster-based architectures and to first consider either purely independent parallelism or very limited communication between parallel processes, and then to see if we can improve runtime performance using some form of communication
Solving Functional Constraints by Variable Substitution
Functional constraints and bi-functional constraints are an important
constraint class in Constraint Programming (CP) systems, in particular for
Constraint Logic Programming (CLP) systems. CP systems with finite domain
constraints usually employ CSP-based solvers which use local consistency, for
example, arc consistency. We introduce a new approach which is based instead on
variable substitution. We obtain efficient algorithms for reducing systems
involving functional and bi-functional constraints together with other
non-functional constraints. It also solves globally any CSP where there exists
a variable such that any other variable is reachable from it through a sequence
of functional constraints. Our experiments on random problems show that
variable elimination can significantly improve the efficiency of solving
problems with functional constraints
Large-Scale Parallelism for Constraint-Based Local Search: The Costas Array Case Study
Abstract We present the parallel implementation of a constraint-based Local Search algorithm and investigate its performance on several hardware platforms with several hundreds or thousands of cores. We chose as the basis for these experiments the Adaptive Search method, an efficient sequential Local Search method for Constraint Satisfaction Problems (CSP). After preliminary experiments on some CSPLib benchmarks, we detail the modeling and solving of a hard combinatorial problem related to radar and sonar applications: the Costas Array Problem. Performance evaluation on some classical CSP benchmarks shows that speedups are very good for a few tens of cores, and good up to a few hundreds of cores. However for a hard combinatorial search problem such as the Costas Array Problem, performance evaluation of the sequential version shows results outperforming previous Local Search implementations, while the parallel version shows nearly linear speedups up to 8,192 cores. The proposed parallel scheme is simple and based on independent multi-walks with no communication between processes during search. We also investigated a cooperative multi-walk scheme where processes share simple information, but this scheme does not seem to improve performance
Parallel Local Search for the Costas Array Problem
The Costas Array Problem is a highly combina- torial problem linked to radar applications. We present in this paper its detailed modeling and solving by Adaptive Search, a constraint-based local search method. Experiments have been done on both sequential and parallel hardware up to several hundreds of cores. Performance evaluation of the sequential version shows results outperforming previous implementations, while the parallel version shows nearly linear speedups up to 8,192 cores