An efficient formal framework for intrusion detection systems

Mohsen Rouached, Hassen Sallay

Research output: Contribution to journalArticle

4 Citations (Scopus)

Abstract

Traffic anomalies and attacks are commonplace in today's networks, and identifying them rapidly and accurately is critical for large network operators. Intrusion detection systems are an important component of defensive measures protecting computer systems and networks from abuse. For an intrusion detection system, it is important to detect previously known attacks with high accuracy. However, detecting previously unseen attacks is equally important in order to minimize the losses as a result of a successful intrusion. It is also equally important to detect attacks at an early stage in order to minimize their impact. To address these challenges, this paper proposes to improve the efficiency of the network intrusion detection process by including an Event Calculus based specification to detect the registered and expected behaviour of the whole network.

Original languageEnglish
Pages (from-to)968-975
Number of pages8
JournalProcedia Computer Science
Volume10
DOIs
Publication statusPublished - 2012

Fingerprint

Intrusion detection
Computer networks
Computer systems
Specifications

Keywords

  • Formal Specification
  • High Speed Networks
  • Intrusion detection systems
  • Verification and Validation

ASJC Scopus subject areas

  • Computer Science(all)

Cite this

An efficient formal framework for intrusion detection systems. / Rouached, Mohsen; Sallay, Hassen.

In: Procedia Computer Science, Vol. 10, 2012, p. 968-975.

Research output: Contribution to journalArticle

@article{a833b428bb71411087f3818fb6a04bac,
title = "An efficient formal framework for intrusion detection systems",
abstract = "Traffic anomalies and attacks are commonplace in today's networks, and identifying them rapidly and accurately is critical for large network operators. Intrusion detection systems are an important component of defensive measures protecting computer systems and networks from abuse. For an intrusion detection system, it is important to detect previously known attacks with high accuracy. However, detecting previously unseen attacks is equally important in order to minimize the losses as a result of a successful intrusion. It is also equally important to detect attacks at an early stage in order to minimize their impact. To address these challenges, this paper proposes to improve the efficiency of the network intrusion detection process by including an Event Calculus based specification to detect the registered and expected behaviour of the whole network.",
keywords = "Formal Specification, High Speed Networks, Intrusion detection systems, Verification and Validation",
author = "Mohsen Rouached and Hassen Sallay",
year = "2012",
doi = "10.1016/j.procs.2012.06.132",
language = "English",
volume = "10",
pages = "968--975",
journal = "Procedia Computer Science",
issn = "1877-0509",
publisher = "Elsevier BV",

}

TY - JOUR

T1 - An efficient formal framework for intrusion detection systems

AU - Rouached, Mohsen

AU - Sallay, Hassen

PY - 2012

Y1 - 2012

N2 - Traffic anomalies and attacks are commonplace in today's networks, and identifying them rapidly and accurately is critical for large network operators. Intrusion detection systems are an important component of defensive measures protecting computer systems and networks from abuse. For an intrusion detection system, it is important to detect previously known attacks with high accuracy. However, detecting previously unseen attacks is equally important in order to minimize the losses as a result of a successful intrusion. It is also equally important to detect attacks at an early stage in order to minimize their impact. To address these challenges, this paper proposes to improve the efficiency of the network intrusion detection process by including an Event Calculus based specification to detect the registered and expected behaviour of the whole network.

AB - Traffic anomalies and attacks are commonplace in today's networks, and identifying them rapidly and accurately is critical for large network operators. Intrusion detection systems are an important component of defensive measures protecting computer systems and networks from abuse. For an intrusion detection system, it is important to detect previously known attacks with high accuracy. However, detecting previously unseen attacks is equally important in order to minimize the losses as a result of a successful intrusion. It is also equally important to detect attacks at an early stage in order to minimize their impact. To address these challenges, this paper proposes to improve the efficiency of the network intrusion detection process by including an Event Calculus based specification to detect the registered and expected behaviour of the whole network.

KW - Formal Specification

KW - High Speed Networks

KW - Intrusion detection systems

KW - Verification and Validation

UR - http://www.scopus.com/inward/record.url?scp=84896910783&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84896910783&partnerID=8YFLogxK

U2 - 10.1016/j.procs.2012.06.132

DO - 10.1016/j.procs.2012.06.132

M3 - Article

AN - SCOPUS:84896910783

VL - 10

SP - 968

EP - 975

JO - Procedia Computer Science

JF - Procedia Computer Science

SN - 1877-0509

ER -