Software fault tree and coloured Petri net based specification, design and implementation of agent-based intrusion detection systems

Helmer, Guy; Wong, Johnny; Slagell, Mark; Honavar, Vasant; Miller, L. L.; Wang, Yanxin; Wang, Xia; Stakhanova, Natalia

doi:10.1504/ijics.2007.012246

Cited by 45 publications

(17 citation statements)

References 45 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We start the FTTD analysis by identifying the time interval, when the hazard can occur using formula (4). More information about it is given in [10].…”

Section: Fttd Analysismentioning

confidence: 99%

“…Intrusion detection systems (IDS) base their operation on the built-in patterns of various attack strategies. Aforementioned strategies can be represented by different means like: augmented goal-tree [6], attack trees [17] (originated from on fault trees), attack graphs [14], or augmented software fault trees [4]. In augmented goal tree representation [6], the attack is expressed by sequences of logically related steps.…”

mentioning

confidence: 99%

“…By assigning probabilities of success on the arcs, one can identify the attack paths with the highest probability of success. Augmented software fault trees [4] were defined in order to overcome disadvantages of the classical fault trees. In this approach, a trust, a context, and temporal orderings can be defined.…”

mentioning

confidence: 99%

See 2 more Smart Citations

Analysis of Timing Requirements for Intrusion Detection and Prevention using Fault Tree with Time Dependencies

Škrobánek¹,

Woda²

2011

Intrusion Detection Systems

View full text Add to dashboard Cite

IntroductionIn-depth analysis of an attack strategy enables p o s s i b i l i t y t o p r e v e n t i t o r w h en it i s inevitable to minimize its adverse effects. Intrusion detection systems (IDS) base their operation on the built-in patterns of various attack strategies. Aforementioned strategies can be represented by different means like: augmented goal-tree [6], attack trees [17] (originated from on fault trees), attack graphs [14], or augmented software fault trees [4]. In augmented goal tree representation [6], the attack is expressed by sequences of logically related steps. The root of this tree is the goal of the attack, e.g., "Modification of a file". The sub-goals are associated with the roots of the sub-trees. The basic constructs are the OR, AND, Ordered-AND constructs. For example, in order to achieve the sub-goal represented as the root of the Ordered-AND construct, all sub-sub-goals have to be reached in required order. Fault tree analysis (FTA) [3], which is a base of the attack tree [17] analysis, is a deductive probabilistic assessment technique. The FTA is the backward approach. In the fault tree, the root is associated with the top event being the hazard, e.g. "The Intrusion takes control over the Victim". Then direct causes of the hazard are considered. Next, the causes of the above causes are analyzed. Hence, different ways in which the hazard can occur are investigated. The FTA can be used to determine the following: minimal cut sets of faults that cause a hazard, probabilities of the hazard and faults. Therefore, the FTA can be used in identification which events are critical and should therefore be subjected to monitoring. Traditional Fault Trees (FT) are widely criticized [14] due to many, widely known drawbacks, like inability to model multiple attack attempts, time dependencies, or access controls as well as for luck of modeling cycles. In the attacks graphs [14], nodes symbolize the class of machines the attacker accessed and as well user level of privileges. The arcs are labeled by attackers' activities. By assigning probabilities of success on the arcs, one can identify the attack paths with the highest probability of success. Augmented software fault trees [4] were defined in order to overcome disadvantages of the classical fault trees. In this approach, a trust, a context, and temporal orderings can be defined. The trust relationship expresses that some members of a distributed system trust other members of the system. Context describes which subsets of intrusive events occur in www.intechopen.com Intrusion Detection Systems 308 some context. The activities of attackers and network are time dependent. Event and conditions involved in an intrusion often must occur in a particular order. In order to express the temporal orderings, the interval temporal logic [1] is applied. In this logic, the structure of time is a simple linear model of time, i.e., there is one past and one future only. Therefore, the attack scenario is a deterministic one. The fault tree with time dependencies ...

show abstract

“…We start the FTTD analysis by identifying the time interval, when the hazard can occur using formula (4). More information about it is given in [10].…”

Section: Fttd Analysismentioning

confidence: 99%

mentioning

confidence: 99%

See 1 more Smart Citation

Analysis of Timing Requirements for Intrusion Detection and Prevention using Fault Tree with Time Dependencies

Škrobánek¹,

Woda²

2011

Intrusion Detection Systems

View full text Add to dashboard Cite

show abstract

“…Therefore, intrusion prevention has aroused extensive attention as a system of not only is able to identify an invasion but also respond to the invasion. In order to improve the intelligence level of intrusion detection system, plan recognition has a number of successful applications in the intrusion detection system, and has played an important role in improve the performance of the system [1][2][3][4][5].Planning knowledge graph [6,7] has the features of is simple to understand, easy to implement as a new planning knowledge model, and can predict the next actions, so it has important significance for intrusion prevention. The same time the planning knowledge graph and HTN intelligent planning are almost entirely similar in planning knowledge storage and inference mechanism, so which is very beneficial to knowledge sharing of intelligent planning and plan recognition.…”

Section: Introductionmentioning

confidence: 99%

A new intrusion prevention model using planning knowledge graph

et al. 2013

View full text Add to dashboard Cite

Intelligent plan is a very important research in artificial intelligence, which has applied in network security. This paper proposes a new intrusion prevention model base on planning knowledge graph and discuses the system architecture and characteristics of this model. The Intrusion Prevention based on plan knowledge graph is completed by plan recognition based on planning knowledge graph, and the Intrusion response strategies and actions are completed by the hierarchical task network (HTN) planner in this paper. Intrusion prevention system has the advantages of intelligent planning, which has the advantage of the knowledge-sharing, the response focused, learning autonomy and protective ability.

show abstract

“…Petri nets and Colored Petri nets have, however, been used extensively in the design and implementation of intrusion detection systems such as those by Kumar and Spafford [18] and Helmer et al [12] along with related formalisms based on timed finite state machines such as the approach proposed by Chang et al [6], which may be considered as complementary to the approach described in this paper.…”

Section: Related Workmentioning

confidence: 99%

Modeling and Execution of Complex Attack Scenarios using Interval Timed Colored Petri Nets

Dahl

Wolthusen

Fourth IEEE International Workshop on Information Assurance (IWIA'06)

View full text Add to dashboard Cite

show abstract

Software fault tree and coloured Petri net based specification, design and implementation of agent-based intrusion detection systems

Cited by 45 publications

References 45 publications

Analysis of Timing Requirements for Intrusion Detection and Prevention using Fault Tree with Time Dependencies

Analysis of Timing Requirements for Intrusion Detection and Prevention using Fault Tree with Time Dependencies

A new intrusion prevention model using planning knowledge graph

Modeling and Execution of Complex Attack Scenarios using Interval Timed Colored Petri Nets

Contact Info

Product

Resources

About