Abstract
Network Intrusion Detection System (NIDS) is an important and practical tool for network security. To guarantee a precise detection, the NIDS must detect packets at a wire speed. However, with the recent trend of high-speed networks, the capability of a single NIDS cannot meet the speed's demand, resulting in rising of false negatives. To address this problem, Specification-based techniques have been proposed as a promising alternative that combine the strengths of misuse and anomaly detection. In this paper, we present an event calculus (EC) based framework towards the formal analysis of NIDS. This framework checks that security requirements and assumptions are preserved at run-time by monitoring the satisfaction of EC formulas that formalize them using the detection rules. This can be done by observing the network at run-time and checking observations against specified network behavior trying to detect deviations from what is specified.
| Original language | English |
|---|---|
| Title of host publication | Advances in E-Activities, Information Security and Privacy - 9th WSEAS Int. Conference on E-Activities, E-ACTIVITIES'10, 9th WSEAS Int. Conference on Information Security and Privacy, ISP'10 |
| Pages | 109-114 |
| Number of pages | 6 |
| Publication status | Published - 2010 |
| Event | 9th WSEAS International Conference on E-Activities, E-ACTIVITIES'10, 9th WSEAS International Conference on Information Security and Privacy, ISP'10 - Merida, Venezuela, Bolivarian Republic of Duration: Dec 14 2010 → Dec 16 2010 |
Other
| Other | 9th WSEAS International Conference on E-Activities, E-ACTIVITIES'10, 9th WSEAS International Conference on Information Security and Privacy, ISP'10 |
|---|---|
| Country | Venezuela, Bolivarian Republic of |
| City | Merida |
| Period | 12/14/10 → 12/16/10 |
Fingerprint
Keywords
- Event calculus
- Formal analysis
- Intrusion detection
- NIDS
- Security requirements
ASJC Scopus subject areas
- Information Systems
Cite this
Formal analysis of intrusion detection systems for high speed networks. / Rouached, Mohsen; Sallay, Hassen; Fredj, Ouissem Ben; Ammar, Adel; Al-Shalfan, Khaled; Saad, Majdi Ben.
Advances in E-Activities, Information Security and Privacy - 9th WSEAS Int. Conference on E-Activities, E-ACTIVITIES'10, 9th WSEAS Int. Conference on Information Security and Privacy, ISP'10. 2010. p. 109-114.Research output: Chapter in Book/Report/Conference proceeding › Conference contribution
}
TY - GEN
T1 - Formal analysis of intrusion detection systems for high speed networks
AU - Rouached, Mohsen
AU - Sallay, Hassen
AU - Fredj, Ouissem Ben
AU - Ammar, Adel
AU - Al-Shalfan, Khaled
AU - Saad, Majdi Ben
PY - 2010
Y1 - 2010
N2 - Network Intrusion Detection System (NIDS) is an important and practical tool for network security. To guarantee a precise detection, the NIDS must detect packets at a wire speed. However, with the recent trend of high-speed networks, the capability of a single NIDS cannot meet the speed's demand, resulting in rising of false negatives. To address this problem, Specification-based techniques have been proposed as a promising alternative that combine the strengths of misuse and anomaly detection. In this paper, we present an event calculus (EC) based framework towards the formal analysis of NIDS. This framework checks that security requirements and assumptions are preserved at run-time by monitoring the satisfaction of EC formulas that formalize them using the detection rules. This can be done by observing the network at run-time and checking observations against specified network behavior trying to detect deviations from what is specified.
AB - Network Intrusion Detection System (NIDS) is an important and practical tool for network security. To guarantee a precise detection, the NIDS must detect packets at a wire speed. However, with the recent trend of high-speed networks, the capability of a single NIDS cannot meet the speed's demand, resulting in rising of false negatives. To address this problem, Specification-based techniques have been proposed as a promising alternative that combine the strengths of misuse and anomaly detection. In this paper, we present an event calculus (EC) based framework towards the formal analysis of NIDS. This framework checks that security requirements and assumptions are preserved at run-time by monitoring the satisfaction of EC formulas that formalize them using the detection rules. This can be done by observing the network at run-time and checking observations against specified network behavior trying to detect deviations from what is specified.
KW - Event calculus
KW - Formal analysis
KW - Intrusion detection
KW - NIDS
KW - Security requirements
UR - http://www.scopus.com/inward/record.url?scp=79958744382&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=79958744382&partnerID=8YFLogxK
M3 - Conference contribution
SN - 9789604742585
SP - 109
EP - 114
BT - Advances in E-Activities, Information Security and Privacy - 9th WSEAS Int. Conference on E-Activities, E-ACTIVITIES'10, 9th WSEAS Int. Conference on Information Security and Privacy, ISP'10
ER -