Code red worm propagation modeling and analysis
Proceedings of the 9th ACM conference on Computer and communications security
Traffic matrix estimation: existing techniques and new directions
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
Code-Red: a case study on the spread and victims of an internet worm
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Fast accurate computation of large-scale IP traffic matrices from link loads
SIGMETRICS '03 Proceedings of the 2003 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Stateful Intrusion Detection for High-Speed Networks
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Simulating realistic network worm traffic for worm warning system design and testing
Proceedings of the 2003 ACM workshop on Rapid malcode
ICDCS '04 Proceedings of the 24th International Conference on Distributed Computing Systems (ICDCS'04)
A distributed approach to measure IP traffic matrices
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
MASCOTS '04 Proceedings of the The IEEE Computer Society's 12th Annual International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunications Systems
Distributed Worm Simulation with a Realistic Internet Model
Proceedings of the 19th Workshop on Principles of Advanced and Distributed Simulation
Collaborative Internet Worm Containment
IEEE Security and Privacy
Vigilante: end-to-end containment of internet worms
Proceedings of the twentieth ACM symposium on Operating systems principles
The Software Environment for Multi-agent Simulation of Defense Mechanisms against DDoS Attacks
CIMCA '05 Proceedings of the International Conference on Computational Intelligence for Modelling, Control and Automation and International Conference on Intelligent Agents, Web Technologies and Internet Commerce Vol-1 (CIMCA-IAWTIC'06) - Volume 01
Very fast containment of scanning worms
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Epidemic thresholds in real networks
ACM Transactions on Information and System Security (TISSEC)
Finding the most prominent group in complex networks
AI Communications - Network Analysis in Natural Sciences and Engineering
Application-level simulation for network security
Proceedings of the 1st international conference on Simulation tools and techniques for communications, networks and systems & workshops
Applying Machine Learning Techniques for Detection of Malicious Code in Network Traffic
KI '07 Proceedings of the 30th annual German conference on Advances in Artificial Intelligence
Optimization of NIDS Placement for Protection of Intercommunicating Critical Infrastructures
EuroISI '08 Proceedings of the 1st European Conference on Intelligence and Security Informatics
On the race of worms, alerts, and patches
IEEE/ACM Transactions on Networking (TON)
Routing betweenness centrality
Journal of the ACM (JACM)
Criticality analysis of Internet infrastructure
Computer Networks: The International Journal of Computer and Telecommunications Networking
INFOCOM'96 Proceedings of the Fifteenth annual joint conference of the IEEE computer and communications societies conference on The conference on computer communications - Volume 2
F-Sign: Automatic, Function-Based Signature Generation for Malware
IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews
Hi-index | 0.00 |
This article describes an innovative Decision Support System (DSS) for Placement of Intrusion Detection and Prevention Systems (PIDPS) in large-scale communication networks. PIDPS is intended to support network security personnel in optimizing the placement and configuration of malware filtering and monitoring devices within Network Service Providers’ (NSP) infrastructure, and enterprise communication networks. PIDPS meshes innovative and state-of-the-art mechanisms borrowed from the domains of graph theory, epidemic modeling, and network simulation. Scalable network exploitation models enable to define the communication patterns induced by network users (thereby establishing a virtual overlay network), and parallel attack models enable a PIDPS user to define various interdependent network attacks such as: Internet worms, Trojans horses, Denial of Service (DoS) attacks, and others. PIDPS incorporates a set of deployment strategies (employing graph-theoretic centrality measures) in order to facilitate intelligent placement of filtering and monitoring devices; as well as a dedicated network simulator in order to evaluate the various deployments. Experiments with PIDPS indicate that incorporating knowledge on the overlay network (network exploitation patterns) into the placement and configuration of malware filtering and monitoring devices substantially improves the effectiveness of intrusion detection and prevention systems in NSP and enterprise networks.