Formal analysis of intrusion detection systems for high speed networks

Authors:
Mohsen Rouached;Hassen Sallay;Ouissem Ben Fredj;Adel Ammar;Khaled Al-Shalfan;Majdi Ben
Affiliations:
Department of Computer Science, College of Computer and Information Sciences, Al-Imam Mohamad Ibn Saud University, Saudi Arabia;Department of Computer Science, College of Computer and Information Sciences, Al-Imam Mohamad Ibn Saud University, Saudi Arabia;Department of Computer Science, College of Computer and Information Sciences, Al-Imam Mohamad Ibn Saud University, Saudi Arabia;Department of Computer Science, College of Computer and Information Sciences, Al-Imam Mohamad Ibn Saud University, Saudi Arabia;Department of Computer Science, College of Computer and Information Sciences, Al-Imam Mohamad Ibn Saud University, Saudi Arabia;Department of Computer Science, College of Computer and Information Sciences, Al-Imam Mohamad Ibn Saud University, Saudi Arabia
Venue:
ISPACT'10 Proceedings of the 9th WSEAS international conference on Advances in e-activities, information security and privacy
Year:
2010

Citing 16
Cited 1

A logic-based calculus of events

New Generation Computing
A general framework to build contextual cover set

Journal of Symbolic Computation - Calculemus-99: integrating computation and deduction
LAMBDA: A Language to Model a Database for Detection of Attacks

RAID '00 Proceedings of the Third International Workshop on Recent Advances in Intrusion Detection
Experiences with Specification-Based Intrusion Detection

RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Abstraction-Based Misuse Detection: High-Level Specifications and Adaptable Strategies

CSFW '98 Proceedings of the 11th IEEE workshop on Computer Security Foundations
Formal Specification of Intrusion Signatures and Detection Rules

CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Alert Correlation in a Cooperative Intrusion Detection Framework

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Log Auditing through Model-Checking

CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Execution monitoring of security-critical programs in distributed systems: a Specification-based approach

SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Logic Induction of Valid Behavior Specifications for Intrusion Detection

SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Using Model Checking to Analyze Network Vulnerabilities

SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Intrusion Detection via Static Analysis

SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
A formal approach to sensor placement and configuration in a network intrusion detection system

Proceedings of the 2006 international workshop on Software engineering for secure systems
Formal correctness of conflict detection for firewalls

Proceedings of the 2007 ACM workshop on Formal methods in security engineering
Using argumentation logic for firewall configuration management

IM'09 Proceedings of the 11th IFIP/IEEE international conference on Symposium on Integrated Network Management
The event calculus explained

Artificial intelligence today

Wild-Inspired Intrusion Detection System Framework for High Speed Networks f|p IDS Framework

International Journal of Information Security and Privacy

Quantified Score

Hi-index	0.00

Visualization

Abstract

Network Intrusion Detection System (NIDS) is an important and practical tool for network security. To guarantee a precise detection, the NIDS must detect packets at a wire speed. However, with the recent trend of high-speed networks, the capability of a single NIDS cannot meet the speed's demand, resulting in rising of false negatives. To address this problem, Specification-based techniques have been proposed as a promising alternative that combine the strengths of misuse and anomaly detection. In this paper, we present an event calculus (EC) based framework towards the formal analysis of NIDS. This framework checks that security requirements and assumptions are preserved at run-time by monitoring the satisfaction of EC formulas that formalize them using the detection rules. This can be done by observing the network at run-time and checking observations against specified network behavior trying to detect deviations from what is specified.