Adaptable Intrusion Detection Systems Dedicated to Concurrent Programs: A Petri Net-Based Approach

Voron, Jean-Baptiste; Démoulins, Clément; Kordon, Fabrice

doi:10.1109/acsd.2010.32

Cited by 11 publications

(3 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The advantage of Petri nets is that, due to their better representation of concurrent processes and resources, they can be orders of magnitude smaller than their equivalent automata. For instance, [300] managed to simulate the state of several multi-threaded programs to perform intrusion detection. Simulation was performed onthe-fly during the program execution by wrapping system calls, and thus required an efficient representation and computation time.…”

Section: Reachability Graphmentioning

confidence: 99%

Foundations of Multi-Paradigm Modelling for Cyber-Physical Systems

Broenink¹

2020

View full text Add to dashboard Cite

sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made. The images or other third party material in this book are included in the book's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the book's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use.

show abstract

Section: Reachability Graphmentioning

confidence: 99%

Foundations of Multi-Paradigm Modelling for Cyber-Physical Systems

Broenink¹

2020

View full text Add to dashboard Cite

show abstract

“…The attacking clients behave according to specification, the data rate of the attack is low, and -in case of a highly distributed attack -each client only opens a small amount of connections. This leads to intrusion detection systems not being able to successfully distinguish attacks from regular server traffic [13]. Currently, many servers such as Apache can be configured to mitigate the effect of slow HTTP attacks by reducing the maximum time a server waits to receive a full request.…”

Section: Identification Schemesmentioning

confidence: 99%

SDN-Assisted Network-Based Mitigation of Slow DDoS Attacks

Lukaseder

Maile

Erb

et al. 2018

Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

View full text Add to dashboard Cite

Slow-running attacks against network applications are often not easy to detect, as the attackers behave according to the specification. The servers of many network applications are not prepared for such attacks, either due to missing countermeasures or because their default configurations ignores such attacks. The pressure to secure network services against such attacks is shifting more and more from the service operators to the network operators of the servers under attack. Recent technologies such as software-defined networking offer the flexibility and extensibility to analyze and influence network flows without the assistance of the target operator. Based on our previous work on a network-based mitigation, we have extended a framework to detect and mitigate slow-running DDoS attacks within the network infrastructure, but without requiring access to servers under attack. We developed and evaluated several identification schemes to identify attackers in the network solely based on network traffic information. We showed that by measuring the packet rate and the uniformity of the packet distances, a reliable identificator can be built, given a training period of the deployment network.

show abstract

“…Dolgikh et al used CPN as the backbone of the proposed approach to define the functionality of interest as behavior signatures and to serve as the mechanism for the signature detection in IDS [13]. With Petri nets, Voron et al [14] described a formal reference behavior model of the proposed novel approach that automatically generates host-based IDS from program sources. Balaz et al [15] proposed a new IDS architecture based on partially ordered events and a novel detection method that matches the intrusion signature with Petri nets.…”

Section: Related Workmentioning

confidence: 99%

Performance Analysis of Honeypot with Petri Nets

Shi¹,

Li²,

Feng³

2018

Information

View full text Add to dashboard Cite

As one of the active defense technologies, the honeypot deceives the latent intruders to interact with the imitated systems or networks deployed with security mechanisms. Its modeling and performance analysis have not been well studied. In this paper, we propose a honeypot performance evaluation scheme based on Stochastic Petri Nets (SPN). We firstly set up performance evaluation models for three types of defense scenarios (i.e., firewall; firewall and Intrusion Detection System (IDS); firewall, IDS and honeypot) based on SPN. We then theoretically analyze the SPN models by constructing Markov Chains (MC), which are isomorphic to the models. With the steady state probabilities based on the MC, the system performance evaluation is done with theoretical inference. Finally, we implement the proposed three SPN models on the PIPE platform. Five parameters are applied to compare and evaluate the performance of the proposed SPN models. The analysis of the probability and delay of three scenarios shows that the simulation results validate the effectiveness in security enhancement of the honeypot under the SPN models.

show abstract

Adaptable Intrusion Detection Systems Dedicated to Concurrent Programs: A Petri Net-Based Approach

Cited by 11 publications

References 16 publications

Foundations of Multi-Paradigm Modelling for Cyber-Physical Systems

Foundations of Multi-Paradigm Modelling for Cyber-Physical Systems

SDN-Assisted Network-Based Mitigation of Slow DDoS Attacks

Performance Analysis of Honeypot with Petri Nets

Contact Info

Product

Resources

About