TY - JOUR
T1 - An efficient formal framework for intrusion detection systems
AU - Rouached, Mohsen
AU - Sallay, Hassen
N1 - Funding Information:
This paper is a partial result of a research project granted by King Abdul Aziz City for Sciences and Technology (KACST), Riyadh, Kingdom of Saudi Arabia, under grant number INF 36-8-08.
PY - 2012
Y1 - 2012
N2 - Traffic anomalies and attacks are commonplace in today's networks, and identifying them rapidly and accurately is critical for large network operators. Intrusion detection systems are an important component of defensive measures protecting computer systems and networks from abuse. For an intrusion detection system, it is important to detect previously known attacks with high accuracy. However, detecting previously unseen attacks is equally important in order to minimize the losses as a result of a successful intrusion. It is also equally important to detect attacks at an early stage in order to minimize their impact. To address these challenges, this paper proposes to improve the efficiency of the network intrusion detection process by including an Event Calculus based specification to detect the registered and expected behaviour of the whole network.
AB - Traffic anomalies and attacks are commonplace in today's networks, and identifying them rapidly and accurately is critical for large network operators. Intrusion detection systems are an important component of defensive measures protecting computer systems and networks from abuse. For an intrusion detection system, it is important to detect previously known attacks with high accuracy. However, detecting previously unseen attacks is equally important in order to minimize the losses as a result of a successful intrusion. It is also equally important to detect attacks at an early stage in order to minimize their impact. To address these challenges, this paper proposes to improve the efficiency of the network intrusion detection process by including an Event Calculus based specification to detect the registered and expected behaviour of the whole network.
KW - Formal Specification
KW - High Speed Networks
KW - Intrusion detection systems
KW - Verification and Validation
UR - http://www.scopus.com/inward/record.url?scp=84896910783&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84896910783&partnerID=8YFLogxK
U2 - 10.1016/j.procs.2012.06.132
DO - 10.1016/j.procs.2012.06.132
M3 - Conference article
AN - SCOPUS:84896910783
SN - 1877-0509
VL - 10
SP - 968
EP - 975
JO - Procedia Computer Science
JF - Procedia Computer Science
T2 - 3rd International Conference on Ambient Systems, Networks and Technologies, ANT 2012 and 9th International Conference on Mobile Web Information Systems, MobiWIS 2012
Y2 - 27 August 2012 through 29 August 2012
ER -