A formal approach to sensor placement and configuration in a network intrusion detection system

Authors:
Marco Rolando;Matteo Rossi;Niccolò Sanarico;Dino Mandrioli
Affiliations:
Politecnico di Milano, Milano, Italy;Politecnico di Milano, Milano, Italy;Politecnico di Milano, Milano, Italy;Politecnico di Milano, Milano, Italy
Venue:
Proceedings of the 2006 international workshop on Software engineering for secure systems
Year:
2006

Citing 12
Cited 7

NetSTAT: a network-based intrusion detection system

Journal of Computer Security
Cisco Secure Intrusion Detection Systems

Cisco Secure Intrusion Detection Systems
Network Intrusion Detection: An Analyst's Handbook

Network Intrusion Detection: An Analyst's Handbook
Programming in PROLOG

Programming in PROLOG
Introduction to Algorithms

Introduction to Algorithms
Sensor-based intrusion detection for intra-domain distance-vector routing

Proceedings of the 9th ACM conference on Computer and communications security
Automated Generation and Analysis of Attack Graphs

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Using Model Checking to Analyze Network Vulnerabilities

SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Designing and implementing a family of intrusion detection systems

Proceedings of the 9th European software engineering conference held jointly with 11th ACM SIGSOFT international symposium on Foundations of software engineering
Snort - Lightweight Intrusion Detection for Networks

LISA '99 Proceedings of the 13th USENIX conference on System administration
MulVAL: a logic-based network security analyzer

SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
A framework based approach for formal modeling and analysis of multi-level attacks in computer networks

FORTE'05 Proceedings of the 25th IFIP WG 6.1 international conference on Formal Techniques for Networked and Distributed Systems

Introduction to software engineering for secure systems: SESS06 -- secure by design

Proceedings of the 2006 international workshop on Software engineering for secure systems
Optimal IDS Sensor Placement and Alert Prioritization Using Attack Graphs

Journal of Network and Systems Management
A Deployment Value Model for Intrusion Detection Sensors

ISA '09 Proceedings of the 3rd International Conference and Workshops on Advances in Information Security and Assurance
Formal analysis of intrusion detection systems for high speed networks

ISPACT'10 Proceedings of the 9th WSEAS international conference on Advances in e-activities, information security and privacy
Intrusion Detection: Towards scalable intrusion detection

Network Security
Adversarial attacks against intrusion detection systems: Taxonomy, solutions and open issues

Information Sciences: an International Journal
The placement-configuration problem for intrusion detection nodes in wireless sensor networks

Computers and Electrical Engineering

Quantified Score

Hi-index	0.00

Visualization

Abstract

Network Intrusion Detection Systems (NIDSs) can be composed of a potentially large number of sensors, which monitor the traffic flowing in the network. Deciding where sensors should be placed and what information they need in order to detect the desired attacks can be a demanding task for network administrators, one that should be made as automatic as possible. This paper presents a logic-based model that is suitable for describing networks and intrusions. The model has been implemented in Prolog, and allows to analyze some important static properties of networks. In particular, it can be used to automatically determine, given a suitable formal definition of an attack, the location and/or the information needed by a NIDS sensor to detect the attack.