Software fault tree and coloured Petri net based specification, design and implementation of agent-based intrusion detection systems

Authors:
Guy Helmer;Johnny Wong;Mark Slagell;Vasant Honavar;Les Miller;Yanxin Wang;Xia Wang;Natalia Stakhanova
Affiliations:
Department of Computer Science, Iowa State University, Atanasoff Hall, Ames, Iowa 50011, USA.;Department of Computer Science, Iowa State University, Atanasoff Hall, Ames, Iowa 50011, USA.;Department of Computer Science, Iowa State University, Atanasoff Hall, Ames, Iowa 50011, USA.;Department of Computer Science, Iowa State University, Atanasoff Hall, Ames, Iowa 50011, USA.;Department of Computer Science, Iowa State University, Atanasoff Hall, Ames, Iowa 50011, USA., USA.;Department of Computer Science, Iowa State University, Atanasoff Hall, Ames, Iowa 50011;Department of Computer Science, Iowa State University, Atanasoff Hall, Ames, Iowa 50011;Department of Computer Science, Iowa State University, Atanasoff Hall, Ames, Iowa 50011, USA
Venue:
International Journal of Information and Computer Security
Year:
2007

Citing 33
Cited 7

An Intrusion-Detection Model

IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Safety Analysis Using Petri Nets

IEEE Transactions on Software Engineering
Distributed operating systems

Distributed operating systems
Artificial intelligence: a modern approach

Artificial intelligence: a modern approach
Safeware: system safety and computers

Safeware: system safety and computers
State Transition Analysis: A Rule-Based Intrusion Detection Approach

IEEE Transactions on Software Engineering
Coloured Petri nets (2nd ed.): basic concepts, analysis methods and practical use: volume 1

Coloured Petri nets (2nd ed.): basic concepts, analysis methods and practical use: volume 1
A Methodology for Testing Intrusion Detection Systems

IEEE Transactions on Software Engineering
Classification and detection of computer intrusions

Classification and detection of computer intrusions
Software agents

Software agents
Discovering data mining: from concept to implementation

Discovering data mining: from concept to implementation
Coloured Petri nets: basic concepts, analysis methods and practical use, volume 3

Coloured Petri nets: basic concepts, analysis methods and practical use, volume 3
A practical approach to security assessment

NSPW '97 Proceedings of the 1997 workshop on New security paradigms
A graph-based system for network-vulnerability analysis

Proceedings of the 1998 workshop on New security paradigms
SMART mobile agent facility

Journal of Systems and Software
ADeLe: an attack description language for knowledge-based intrustion detection

Sec '01 Proceedings of the 16th international conference on Information security: Trusted information: the new decade challenge
Secrets & Lies: Digital Security in a Networked World

Secrets & Lies: Digital Security in a Networked World
Intrusion Detection

Intrusion Detection
Automated discovery of concise predictive rules for intrusion detection

Journal of Systems and Software
Constructing attack scenarios through correlation of intrusion alerts

Proceedings of the 9th ACM conference on Computer and communications security
ASAX: Software Architecture and Rule-Based Language for Universal Audit Trail Analysis

ESORICS '92 Proceedings of the Second European Symposium on Research in Computer Security
Abstraction-Based Misuse Detection: High-Level Specifications and Adaptable Strategies

CSFW '98 Proceedings of the 11th IEEE workshop on Computer Security Foundations
Formal Specification of Intrusion Signatures and Detection Rules

CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Automated Generation and Analysis of Attack Graphs

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
USTAT: A Real-Time Intrusion Detection System for UNIX

SP '93 Proceedings of the 1993 IEEE Symposium on Security and Privacy
Intelligent multi-agent system for intrusion detection and countermeasures

Intelligent multi-agent system for intrusion detection and countermeasures
Lightweight agents for intrusion detection

Journal of Systems and Software
Managing attack graph complexity through visual hierarchical aggregation

Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Correlating Intrusion Events and Building Attack Scenarios Through Attack Graph Distances

ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
Snort - Lightweight Intrusion Detection for Networks

LISA '99 Proceedings of the 13th USENIX conference on System administration
Detecting Intrusions Specified in a Software Specification Language

COMPSAC '05 Proceedings of the 29th Annual International Computer Software and Applications Conference - Volume 01
Multiple Coordinated Views for Network Attack Graphs

VIZSEC '05 Proceedings of the IEEE Workshops on Visualization for Computer Security
Towards the automatic generation of mobile agents for distributed intrusion detection system

Journal of Systems and Software

A Biological Approach to the Development of Computer Autoimmune Systems

ISMIS '02 Proceedings of the 13th International Symposium on Foundations of Intelligent Systems
Design and implementation of a misused intrusion detection system using autonomous and mobile agents

EATIS '07 Proceedings of the 2007 Euro American conference on Telematics and information systems
Towards Modelling Information Security with Key-Challenge Petri Nets

NordSec '09 Proceedings of the 14th Nordic Conference on Secure IT Systems: Identity and Privacy in the Internet Age
Software Fault Feature Clustering Algorithm Based on Sequence Pattern

WISM '09 Proceedings of the International Conference on Web Information Systems and Mining
Expressive, efficient and obfuscation resilient behavior based IDS

ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Modeling security attacks with statecharts

Proceedings of the joint ACM SIGSOFT conference -- QoSA and ACM SIGSOFT symposium -- ISARCS on Quality of software architectures -- QoSA and architecting critical systems -- ISARCS
A systematic process-model-based approach for synthesizing attacks and evaluating them

EVT/WOTE'12 Proceedings of the 2012 international conference on Electronic Voting Technology/Workshop on Trustworthy Elections

Quantified Score

Hi-index	0.00

Visualization

Abstract

The integration of Software Fault Tree (SFT), which describes intrusions and Coloured Petri Nets (CPNs) that specifies design, is examined for an Intrusion Detection System (IDS). The IDS under development is a collection of mobile agents that detect, classify, and correlate the system and network activities. SFTs, augmented with nodes that describe trust, temporal and contextual relationships, are used to describe intrusions. CPNs for intrusion detection are built using CPN templates created from the augmented SFTs. Hierarchical CPNs are created to detect critical stages of intrusions. The agentbased implementation of the IDS is then constructed from the CPNs. Examples of intrusions and descriptions of the prototype implementation are used to demonstrate how the CPN approach has been used in the development of the IDS. The main contribution of this paper is an approach to systematic specification, design and implementation of an IDS; Innovations include (1) using stages of intrusions to structure the specification and design of the IDS; (2) augmentation of SFT with trust, temporal and contextual nodes to model intrusions; (3) algorithmic construction of CPNs from augmented SFT; and (4) generation of mobile agents from CPNs.