Formal analysis of intrusion detection systems for high speed networks

Mohsen Rouached, Hassen Sallay, Ouissem Ben Fredj, Adel Ammar, Khaled Al-Shalfan, Majdi Ben Saad

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Citations (Scopus)

Abstract

Network Intrusion Detection System (NIDS) is an important and practical tool for network security. To guarantee a precise detection, the NIDS must detect packets at a wire speed. However, with the recent trend of high-speed networks, the capability of a single NIDS cannot meet the speed's demand, resulting in rising of false negatives. To address this problem, Specification-based techniques have been proposed as a promising alternative that combine the strengths of misuse and anomaly detection. In this paper, we present an event calculus (EC) based framework towards the formal analysis of NIDS. This framework checks that security requirements and assumptions are preserved at run-time by monitoring the satisfaction of EC formulas that formalize them using the detection rules. This can be done by observing the network at run-time and checking observations against specified network behavior trying to detect deviations from what is specified.

Original languageEnglish
Title of host publicationAdvances in E-Activities, Information Security and Privacy - 9th WSEAS Int. Conference on E-Activities, E-ACTIVITIES'10, 9th WSEAS Int. Conference on Information Security and Privacy, ISP'10
Pages109-114
Number of pages6
Publication statusPublished - 2010
Event9th WSEAS International Conference on E-Activities, E-ACTIVITIES'10, 9th WSEAS International Conference on Information Security and Privacy, ISP'10 - Merida, Venezuela, Bolivarian Republic of
Duration: Dec 14 2010Dec 16 2010

Other

Other9th WSEAS International Conference on E-Activities, E-ACTIVITIES'10, 9th WSEAS International Conference on Information Security and Privacy, ISP'10
CountryVenezuela, Bolivarian Republic of
CityMerida
Period12/14/1012/16/10

Fingerprint

HIgh speed networks
Intrusion detection
Network security
Wire
Specifications
Monitoring

Keywords

  • Event calculus
  • Formal analysis
  • Intrusion detection
  • NIDS
  • Security requirements

ASJC Scopus subject areas

  • Information Systems

Cite this

Rouached, M., Sallay, H., Fredj, O. B., Ammar, A., Al-Shalfan, K., & Saad, M. B. (2010). Formal analysis of intrusion detection systems for high speed networks. In Advances in E-Activities, Information Security and Privacy - 9th WSEAS Int. Conference on E-Activities, E-ACTIVITIES'10, 9th WSEAS Int. Conference on Information Security and Privacy, ISP'10 (pp. 109-114)

Formal analysis of intrusion detection systems for high speed networks. / Rouached, Mohsen; Sallay, Hassen; Fredj, Ouissem Ben; Ammar, Adel; Al-Shalfan, Khaled; Saad, Majdi Ben.

Advances in E-Activities, Information Security and Privacy - 9th WSEAS Int. Conference on E-Activities, E-ACTIVITIES'10, 9th WSEAS Int. Conference on Information Security and Privacy, ISP'10. 2010. p. 109-114.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Rouached, M, Sallay, H, Fredj, OB, Ammar, A, Al-Shalfan, K & Saad, MB 2010, Formal analysis of intrusion detection systems for high speed networks. in Advances in E-Activities, Information Security and Privacy - 9th WSEAS Int. Conference on E-Activities, E-ACTIVITIES'10, 9th WSEAS Int. Conference on Information Security and Privacy, ISP'10. pp. 109-114, 9th WSEAS International Conference on E-Activities, E-ACTIVITIES'10, 9th WSEAS International Conference on Information Security and Privacy, ISP'10, Merida, Venezuela, Bolivarian Republic of, 12/14/10.
Rouached M, Sallay H, Fredj OB, Ammar A, Al-Shalfan K, Saad MB. Formal analysis of intrusion detection systems for high speed networks. In Advances in E-Activities, Information Security and Privacy - 9th WSEAS Int. Conference on E-Activities, E-ACTIVITIES'10, 9th WSEAS Int. Conference on Information Security and Privacy, ISP'10. 2010. p. 109-114
Rouached, Mohsen ; Sallay, Hassen ; Fredj, Ouissem Ben ; Ammar, Adel ; Al-Shalfan, Khaled ; Saad, Majdi Ben. / Formal analysis of intrusion detection systems for high speed networks. Advances in E-Activities, Information Security and Privacy - 9th WSEAS Int. Conference on E-Activities, E-ACTIVITIES'10, 9th WSEAS Int. Conference on Information Security and Privacy, ISP'10. 2010. pp. 109-114
@inproceedings{088aee110d8c4c099e9de692bea4f19c,
title = "Formal analysis of intrusion detection systems for high speed networks",
abstract = "Network Intrusion Detection System (NIDS) is an important and practical tool for network security. To guarantee a precise detection, the NIDS must detect packets at a wire speed. However, with the recent trend of high-speed networks, the capability of a single NIDS cannot meet the speed's demand, resulting in rising of false negatives. To address this problem, Specification-based techniques have been proposed as a promising alternative that combine the strengths of misuse and anomaly detection. In this paper, we present an event calculus (EC) based framework towards the formal analysis of NIDS. This framework checks that security requirements and assumptions are preserved at run-time by monitoring the satisfaction of EC formulas that formalize them using the detection rules. This can be done by observing the network at run-time and checking observations against specified network behavior trying to detect deviations from what is specified.",
keywords = "Event calculus, Formal analysis, Intrusion detection, NIDS, Security requirements",
author = "Mohsen Rouached and Hassen Sallay and Fredj, {Ouissem Ben} and Adel Ammar and Khaled Al-Shalfan and Saad, {Majdi Ben}",
year = "2010",
language = "English",
isbn = "9789604742585",
pages = "109--114",
booktitle = "Advances in E-Activities, Information Security and Privacy - 9th WSEAS Int. Conference on E-Activities, E-ACTIVITIES'10, 9th WSEAS Int. Conference on Information Security and Privacy, ISP'10",

}

TY - GEN

T1 - Formal analysis of intrusion detection systems for high speed networks

AU - Rouached, Mohsen

AU - Sallay, Hassen

AU - Fredj, Ouissem Ben

AU - Ammar, Adel

AU - Al-Shalfan, Khaled

AU - Saad, Majdi Ben

PY - 2010

Y1 - 2010

N2 - Network Intrusion Detection System (NIDS) is an important and practical tool for network security. To guarantee a precise detection, the NIDS must detect packets at a wire speed. However, with the recent trend of high-speed networks, the capability of a single NIDS cannot meet the speed's demand, resulting in rising of false negatives. To address this problem, Specification-based techniques have been proposed as a promising alternative that combine the strengths of misuse and anomaly detection. In this paper, we present an event calculus (EC) based framework towards the formal analysis of NIDS. This framework checks that security requirements and assumptions are preserved at run-time by monitoring the satisfaction of EC formulas that formalize them using the detection rules. This can be done by observing the network at run-time and checking observations against specified network behavior trying to detect deviations from what is specified.

AB - Network Intrusion Detection System (NIDS) is an important and practical tool for network security. To guarantee a precise detection, the NIDS must detect packets at a wire speed. However, with the recent trend of high-speed networks, the capability of a single NIDS cannot meet the speed's demand, resulting in rising of false negatives. To address this problem, Specification-based techniques have been proposed as a promising alternative that combine the strengths of misuse and anomaly detection. In this paper, we present an event calculus (EC) based framework towards the formal analysis of NIDS. This framework checks that security requirements and assumptions are preserved at run-time by monitoring the satisfaction of EC formulas that formalize them using the detection rules. This can be done by observing the network at run-time and checking observations against specified network behavior trying to detect deviations from what is specified.

KW - Event calculus

KW - Formal analysis

KW - Intrusion detection

KW - NIDS

KW - Security requirements

UR - http://www.scopus.com/inward/record.url?scp=79958744382&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=79958744382&partnerID=8YFLogxK

M3 - Conference contribution

SN - 9789604742585

SP - 109

EP - 114

BT - Advances in E-Activities, Information Security and Privacy - 9th WSEAS Int. Conference on E-Activities, E-ACTIVITIES'10, 9th WSEAS Int. Conference on Information Security and Privacy, ISP'10

ER -