Optimization of NIDS Placement for Protection of Intercommunicating Critical Infrastructures

Authors:
Rami Puzis;Marius David Klippel;Yuval Elovici;Shlomi Dolev
Affiliations:
Deutsche Telekom laboratories at Ben-Gurion University,;Faculty 7, business and management, Technical University of Berlin,;Deutsche Telekom laboratories at Ben-Gurion University,;Department of Computer Science, Ben-Gurion University,
Venue:
EuroISI '08 Proceedings of the 1st European Conference on Intelligence and Security Informatics
Year:
2008

Citing 8
Cited 1

On power-law relationships of the Internet topology

Proceedings of the conference on Applications, technologies, architectures, and protocols for computer communication
The end-to-end effects of Internet path selection

Proceedings of the conference on Applications, technologies, architectures, and protocols for computer communication
Stateful Intrusion Detection for High-Speed Networks

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Simulating realistic network worm traffic for worm warning system design and testing

Proceedings of the 2003 ACM workshop on Rapid malcode
Simulating Internet Worms

MASCOTS '04 Proceedings of the The IEEE Computer Society's 12th Annual International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunications Systems
Collaborative Internet Worm Containment

IEEE Security and Privacy
Optimal positioning of active and passive monitoring devices

CoNEXT '05 Proceedings of the 2005 ACM conference on Emerging network experiment and technology
Locating network monitors: Complexity, heuristics, and coverage

Computer Communications

A Decision Support System for Placement of Intrusion Detection and Prevention Devices in Large-Scale Networks

ACM Transactions on Modeling and Computer Simulation (TOMACS)

Quantified Score

Hi-index	0.00

Visualization

Abstract

Many Critical Infrastructures (CI) use the Internet as a means of providing services to citizens and for dispatching their own transactions. CIs, like many other organizations connected to the Internet, are prone to cyber-attacks. The attacks can originate from their trusted customers or peer CIs. Distributed network intrusion detection systems (NIDS) can be deployed within the network of national Network Service Providers to support cyber-attack mitigation. However, determining the optimal placement of NIDS devices is a complex problem that should take into account budget constraints, network topology, communication patterns, and more. In this paper we model interconnected CIs as a communication overlay network and propose using Group Betweenness Centrality as a guiding heuristic in optimizing placement of NIDS with respect to the overlay network. We analyze the effectiveness of the proposed placement strategy by employing standard epidemiological models and compare it to placement strategies suggested in the literature.