Efficient intrusion-detection using programmable agents based on attack graph patterns. (English) Zbl 1157.68447
Summary: Intrusion Detection Systems (IDS) are essential for security in a computer network
infrastructure. The dynamic nature of such networks calls for a detection system that has the
ability to handle intrusions with precision. Agent-based IDS provide the flexibility in handling
such dynamic environments. But the existing techniques fail to satisfactorily address issues such
as false positives and irrelevant alerts. Any prior hint of the possible attacks in a given network
would serve as a great resource to maximize the accuracy of the alerts raised by the IDS. Recent
work in network security focuses on the fact that combinations of exploits are the typical means
by which an intrusion takes place. Attack graphs or attack trees provide a succinct way of
representing the vulnerabilities and their corresponding attacks in a typical network. In an attack
graph (or tree) different vulnerabilities in the system are represented as vertices, and a directed
edge from one vertex to another denotes the possible transition taken by an intruder because of
an exploit existing in the system. In this paper, we aim at providing an agent-based intrusion-
detection architecture which uses the patterns provided by the attack graphs to generate alerts
with reduced false positives.
MSC:
68T10 | Pattern recognition, speech recognition |
68M10 | Network design and communication in computer systems |
68M15 | Reliability, testing and fault tolerance of networks and computer systems |