Modelling distributed network attacks with constraints

Authors:
Pedro Salgueiro;Salvador Abreu
Affiliations:
CENTRIA and Departamento de Informática, Universidade de Évora, Rua Romão Ramalho, No. 59, 7000-671 Évora, Portugal;CENTRIA and Departamento de Informática, Universidade de Évora, Rua Romão Ramalho, No. 59, 7000-671 Évora, Portugal
Venue:
International Journal of Bio-Inspired Computation
Year:
2013

Citing 9
Cited 1

Yet Another Local Search Method for Constraint Solving

SAGA '01 Proceedings of the International Symposium on Stochastic Algorithms: Foundations and Applications
Hardening Network Infrastructure

Hardening Network Infrastructure
Snort 2.1 Intrusion Detection, Second Edition

Snort 2.1 Intrusion Detection, Second Edition
Snort - Lightweight Intrusion Detection for Networks

LISA '99 Proceedings of the 13th USENIX conference on System administration
Constraint-Based Local Search

Constraint-Based Local Search
Handbook of Constraint Programming (Foundations of Artificial Intelligence)

Handbook of Constraint Programming (Foundations of Artificial Intelligence)
Handbook of Satisfiability: Volume 185 Frontiers in Artificial Intelligence and Applications

Handbook of Satisfiability: Volume 185 Frontiers in Artificial Intelligence and Applications
A DSL for intrusion detection based on constraint programming

Proceedings of the 3rd international conference on Security of information and networks
Using constraints for intrusion detection: the NeMODe system

PADL'11 Proceedings of the 13th international conference on Practical aspects of declarative languages

Bio-inspired computation: success and challenges of IJBIC

International Journal of Bio-Inspired Computation

Quantified Score

Hi-index	0.00

Visualization

Abstract

NeMODe is a declarative system for computer network intrusion detection, providing a declarative domain specific language for describing network intrusion signatures which can span several network packets, by stating constraints over network packets, describing relations between several packets in a declarative and expressive way. It provides several back-end detection mechanisms, all based on a constraint programming framework, to perform the detection of the desired signatures. In this work, we demonstrate how to model and perform the detection of distributed network attacks using each of the detection mechanisms provided by NeMODe, based in Gecode, adaptive search and MiniSat to perform the detection of the specific intrusions. We also use the sliding network traffic window version of the adaptive search back-end detection mechanism to simulate live network traffic and evaluate the performance of the system in conditions near to real life networks.