Modelling distributed network attacks with constraints

Detalhes bibliográficos
Autor(a) principal: Salgueiro, Pedro
Data de Publicação: 2013
Outros Autores: Abreu, Salvador
Tipo de documento: Artigo
Idioma: eng
Título da fonte: Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
DOI: 10.1504/IJBIC.2013.055449
Texto Completo: http://hdl.handle.net/10174/13852
https://doi.org/10.1504/IJBIC.2013.055449
Resumo: NeMODe is a declarative system for computer network intrusion detection, providing a declarative domain specific language for describing network intrusion signatures which can span several network packets, by stating constraints over network packets, describing relations between several packets in a declarative and expressive way. It provides several back-end detection mechanisms, all based on a constraint programming framework, to perform the detection of the desired signatures. In this work, we demonstrate how to model and perform the detection of distributed network attacks using each of the detection mechanisms provided by NeMODe, based in Gecode, adaptive search and MiniSat to perform the detection of the specific intrusions. We also use the sliding network traffic window version of the adaptive search back-end detection mechanism to simulate live network traffic and evaluate the performance of the system in conditions near to real life networks.
id RCAP_1775c0ee814bff6a930cf51018982b7f
oai_identifier_str oai:dspace.uevora.pt:10174/13852
network_acronym_str RCAP
network_name_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository_id_str 7160
spelling Modelling distributed network attacks with constraintsconstraint programmingpropagation-based solversconstraint-based local searchCBLSBoolean satisfiability problemsintrusion detection systemsIDSsdomain specific languagesNeMODe is a declarative system for computer network intrusion detection, providing a declarative domain specific language for describing network intrusion signatures which can span several network packets, by stating constraints over network packets, describing relations between several packets in a declarative and expressive way. It provides several back-end detection mechanisms, all based on a constraint programming framework, to perform the detection of the desired signatures. In this work, we demonstrate how to model and perform the detection of distributed network attacks using each of the detection mechanisms provided by NeMODe, based in Gecode, adaptive search and MiniSat to perform the detection of the specific intrusions. We also use the sliding network traffic window version of the adaptive search back-end detection mechanism to simulate live network traffic and evaluate the performance of the system in conditions near to real life networks.INDERSCIENCE2015-03-31T09:06:45Z2015-03-312013-01-01T00:00:00Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/articlehttp://hdl.handle.net/10174/13852http://hdl.handle.net/10174/13852https://doi.org/10.1504/IJBIC.2013.055449engSalgueiro, Pedro, and Salvador Abreu. "Modelling distributed network attacks with constraints." International Journal of Bio-Inspired Computation 5.4 (2013): 210-225.pds@di.uevora.ptspa@di.uevora.pt283Salgueiro, PedroAbreu, Salvadorinfo:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2024-01-03T18:59:48Zoai:dspace.uevora.pt:10174/13852Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-20T01:07:17.235761Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse
dc.title.none.fl_str_mv Modelling distributed network attacks with constraints
title Modelling distributed network attacks with constraints
spellingShingle Modelling distributed network attacks with constraints
Modelling distributed network attacks with constraints
Salgueiro, Pedro
constraint programming
propagation-based solvers
constraint-based local search
CBLS
Boolean satisfiability problems
intrusion detection systems
IDSs
domain specific languages
Salgueiro, Pedro
constraint programming
propagation-based solvers
constraint-based local search
CBLS
Boolean satisfiability problems
intrusion detection systems
IDSs
domain specific languages
title_short Modelling distributed network attacks with constraints
title_full Modelling distributed network attacks with constraints
title_fullStr Modelling distributed network attacks with constraints
Modelling distributed network attacks with constraints
title_full_unstemmed Modelling distributed network attacks with constraints
Modelling distributed network attacks with constraints
title_sort Modelling distributed network attacks with constraints
author Salgueiro, Pedro
author_facet Salgueiro, Pedro
Salgueiro, Pedro
Abreu, Salvador
Abreu, Salvador
author_role author
author2 Abreu, Salvador
author2_role author
dc.contributor.author.fl_str_mv Salgueiro, Pedro
Abreu, Salvador
dc.subject.por.fl_str_mv constraint programming
propagation-based solvers
constraint-based local search
CBLS
Boolean satisfiability problems
intrusion detection systems
IDSs
domain specific languages
topic constraint programming
propagation-based solvers
constraint-based local search
CBLS
Boolean satisfiability problems
intrusion detection systems
IDSs
domain specific languages
description NeMODe is a declarative system for computer network intrusion detection, providing a declarative domain specific language for describing network intrusion signatures which can span several network packets, by stating constraints over network packets, describing relations between several packets in a declarative and expressive way. It provides several back-end detection mechanisms, all based on a constraint programming framework, to perform the detection of the desired signatures. In this work, we demonstrate how to model and perform the detection of distributed network attacks using each of the detection mechanisms provided by NeMODe, based in Gecode, adaptive search and MiniSat to perform the detection of the specific intrusions. We also use the sliding network traffic window version of the adaptive search back-end detection mechanism to simulate live network traffic and evaluate the performance of the system in conditions near to real life networks.
publishDate 2013
dc.date.none.fl_str_mv 2013-01-01T00:00:00Z
2015-03-31T09:06:45Z
2015-03-31
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/article
format article
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://hdl.handle.net/10174/13852
http://hdl.handle.net/10174/13852
https://doi.org/10.1504/IJBIC.2013.055449
url http://hdl.handle.net/10174/13852
https://doi.org/10.1504/IJBIC.2013.055449
dc.language.iso.fl_str_mv eng
language eng
dc.relation.none.fl_str_mv Salgueiro, Pedro, and Salvador Abreu. "Modelling distributed network attacks with constraints." International Journal of Bio-Inspired Computation 5.4 (2013): 210-225.
pds@di.uevora.pt
spa@di.uevora.pt
283
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.publisher.none.fl_str_mv INDERSCIENCE
publisher.none.fl_str_mv INDERSCIENCE
dc.source.none.fl_str_mv reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron:RCAAP
instname_str Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron_str RCAAP
institution RCAAP
reponame_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
collection Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository.name.fl_str_mv Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
repository.mail.fl_str_mv
_version_ 1822243851619794944
dc.identifier.doi.none.fl_str_mv 10.1504/IJBIC.2013.055449

Registros relacionados