More Web Proxy on the site http://driver.im/

research-article

A DSL for intrusion detection based on constraint programming

Authors:

Pedro D. Salgueiro,

Salvador P. AbreuAuthors Info & Claims

SIN '10: Proceedings of the 3rd international conference on Security of information and networks

Pages 224 - 232

https://doi.org/10.1145/1854099.1854145

Published: 07 September 2010 Publication History

Abstract

Intrusion Detection Systems (IDS) are increasingly important in computer networks, allowing the early diagnosis and detection of anomalous situations, which could otherwise put network performance at risk or even compromise the security or integrity of user data.

In this work we present NeMODe, a domain specific language for network intrusion detection that allows to describe network intrusions that spread across several network packets, relying on Constraint Programming(CP), a programming methodology that starts with a declarative description of the desirable network situations and, based on that description, a set of parameterizations for network intrusion detection mechanisms will execute to find those intrusions.

References

[1]

tcpdump web page at http://www.tcpdump.org/,April, 2009.

[2]

S. Abreu, D. Diaz, and P. Codognet. Parallel local search for solving constraint problems on the cell broadband engine (preliminary results). CoRR, abs/0910.1264, 2009.

[3]

K. Arun. Flow-aware cross packet inspection using bloom filters for high speed data-path content matching pages 230--1234, march 2009.

[4]

W. Barth. Nagios: System and network monitoring. No Starch Press San Francisco, CA, USA, 2006.

Digital Library

[5]

J. Beale. Snort 2.1 Intrusion Detection, Second Edition. Syngress Publishing, 2004.

Digital Library

[6]

P. Codognet and D. Diaz. Yet another local search method for constraint solving. Lecture Notes in Computer Science, 2264:73--90, 2001.

Digital Library

[7]

D. Comer. Internetworking With TCP/IP Volume 1: Principles Protocols, and Architecture, 5th edition. Prentice Hall, 2006.

[8]

J. Kahle, M. Day, H. Hofstee, C. Johns, T. Maeurer, and D. Shippy. Introduction to the Cell multiprocessor. IBM journal of Research and Development, 49(4/5):589--604, 2005.

Digital Library

[9]

A. Kiezun, V. Ganesh, P. Guo, P. Hooimeijer, and M. Ernst. HAMPI: A solver for string constraints. In Proceedings of the eighteenth international symposium on Software testing and analysis, pages 105--116. ACM, 2009.

Digital Library

[10]

S. Kumar and E. Spafford. A software architecture to support misuse intrusion detection. In Proceedings of the 18th national information security conference, pages 194--204, 1995.

[11]

M. Roesch. Snort - lightweight intrusion detection for networks. In LISA '99: Proceedings of the 13th USENIX conference on System administration, pages 229--238, Berkeley, CA, USA, 1999. USENIX Association.

Digital Library

[12]

F. Rossi, P. Van Beek, and T. Walsh. Handbook of constraint programming. Elsevier Science, 2006.

Digital Library

[13]

C. Schulte and P. Stuckey. Speeding up constraint propagation. Lecture Notes in Computer Science, 3258:619--633, 2004.

Digital Library

[14]

H. Song and J. Lockwood. Efficient packet classification for network intrusion detection using FPGA. In Proceedings of the 2005 ACM/SIGDA 13th international symposium on Field-programmable gate arrays, pages 238--245. ACM New York, NY, USA, 2005.

Digital Library

[15]

G. Team. Gecode: Generic constraint development environment, 2008. Available from http://www.gecode.org.

[16]

A. Van Deursen and J. Visser. Domain-specific languages: An annotated bibliography. ACM Sigplan Notices, 35(6):26--36, 2000.

Digital Library

[17]

P. Van Hentenryck and L. Michel. Constraint-based local search. MIT Press, 2005.

Digital Library

[18]

G. Vasiliadis, M. Polychronakis, S. Antonatos, E. P. Markatos, and S. Ioannidis. Regular expression matching on graphics hardware for intrusion detection. In RAID '09: Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection, pages 265--283, Berlin, Heidelberg, 2009. Springer-Verlag.

Digital Library

[19]

Y. Zhang and W. Lee. Intrusion detection in wireless ad-hoc networks. In Proceedings of the 6th annual international conference on Mobile computing and networking, page 283. ACM, 2000.

Digital Library

Cited By

Riegler MSametinger JVierhauser MWimmer M(2023)A model-based mode-switching framework based on security vulnerability scoresJournal of Systems and Software10.1016/j.jss.2023.111633200:COnline publication date: 1-Jun-2023
https://dl.acm.org/doi/10.1016/j.jss.2023.111633
El-Dosuky MEladl G(2019)DOORchain: Deep Ontology-Based Operation Research to Detect Malicious Smart ContractsNew Knowledge in Information Systems and Technologies10.1007/978-3-030-16181-1_51(538-545)Online publication date: 27-Mar-2019
https://doi.org/10.1007/978-3-030-16181-1_51
Salgueiro PAbreu S(2018)Modelling distributed network attacks with constraintsInternational Journal of Bio-Inspired Computation10.1504/IJBIC.2013.0554495:4(210-225)Online publication date: 21-Dec-2018
https://dl.acm.org/doi/10.1504/IJBIC.2013.055449

Index Terms

A DSL for intrusion detection based on constraint programming
1. Networks
  1. Network services
    1. Network monitoring
2. Theory of computation
  1. Logic
    1. Constraint and logic programming

Recommendations

A hybrid intrusion detection system design for computer network security

Intrusions detection systems (IDSs) are systems that try to detect attacks as they occur or after the attacks took place. IDSs collect network traffic information from some point on the network or computer system and then use this information to secure ...
Using constraints for intrusion detection: the NeMODe system
PADL'11: Proceedings of the 13th international conference on Practical aspects of declarative languages

In this work we present NeMODe a declarative system for Computer Network Intrusion detection which provides a declarative Domain Specific Language for describing computer network intrusion signatures that could spread across several network packets, ...
Design of a Snort-Based Hybrid Intrusion Detection System
IWANN '09: Proceedings of the 10th International Work-Conference on Artificial Neural Networks: Part II: Distributed Computing, Artificial Intelligence, Bioinformatics, Soft Computing, and Ambient Assisted Living

Computer security has become a major problem in our society. In particular, computer network security is concerned with preventing the intrusion of an unauthorized person into a network of computers. An intrusion detection system (IDS) is a tool to ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

SIN '10: Proceedings of the 3rd international conference on Security of information and networks

September 2010

286 pages

ISBN:9781450302340

DOI:10.1145/1854099

General Chairs:
Oleg Makarevich
Southern Federal University, Russia
,
Atilla Elçi
Toros University, Turkey
,
Mehmet Orgun
Macquarie University, Australia
,
Sorin A. Huss
Technische Universität Darmstadt, Germany
,
Program Chairs:
Ludmila Babenko
Southern Federal University, Russia
,
Alexander Chefranov
Eastern Mediterranean University, North Cyprus
,
Vijay Varadharajan
Macquarie University, Australia

Copyright © 2010 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Microsoft: Microsoft
RFBR: Russian Foundation for Basic Research

In-Cooperation

SIGSAC: ACM Special Interest Group on Security, Audit, and Control
Macquarie U., Austarlia
Darmstadt U., Germany
TBD, North Cyprus
TIT, South. Fed. U., Russia
Taganrog Institute of Technologies

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 September 2010

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SIN '10

Sponsor:

Microsoft
RFBR

SIN '10: 3rd International Conference of Security of Information and Networks

September 7 - 11, 2010

Rostov-on-Don, Taganrog, Russian Federation

Acceptance Rates

Overall Acceptance Rate 102 of 289 submissions, 35%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
169
Total Downloads

Downloads (Last 12 months)1
Downloads (Last 6 weeks)0

Reflects downloads up to 14 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Riegler MSametinger JVierhauser MWimmer M(2023)A model-based mode-switching framework based on security vulnerability scoresJournal of Systems and Software10.1016/j.jss.2023.111633200:COnline publication date: 1-Jun-2023
https://dl.acm.org/doi/10.1016/j.jss.2023.111633
El-Dosuky MEladl G(2019)DOORchain: Deep Ontology-Based Operation Research to Detect Malicious Smart ContractsNew Knowledge in Information Systems and Technologies10.1007/978-3-030-16181-1_51(538-545)Online publication date: 27-Mar-2019
https://doi.org/10.1007/978-3-030-16181-1_51
Salgueiro PAbreu S(2018)Modelling distributed network attacks with constraintsInternational Journal of Bio-Inspired Computation10.1504/IJBIC.2013.0554495:4(210-225)Online publication date: 21-Dec-2018
https://dl.acm.org/doi/10.1504/IJBIC.2013.055449

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents