skip to main content
10.1145/1555228.1555248acmconferencesArticle/Chapter ViewAbstractPublication PagesicacConference Proceedingsconference-collections
poster

Threat-model-driven runtime adaptation and evaluation of intrusion detection system

Published: 15 June 2009 Publication History

Abstract

We present a mechanism for autonomous self-adaptation of a network-based intrusion detection system (IDS). The system is composed of a set of cooperating agents, each of which is based on an existing network behavior analysis method. The self adaptation mechanism is based on the insertion of a small number of challenges, i.e. known instances of past legitimate or malicious behavior. The response of individual system components to these challenges is used to measure and eventually optimize the system performance in terms of accuracy. In this work we show how to choose the challenges in a way such that the IDS attaches more importance to the detection of attacks that cause much damage.

References

[1]
A. P. Moore, R. J. Ellison, and R. C. Linger. Attack modeling for information security and survivability. Technical Report CMU/SEI-2001-TN-001, CMU Software Engineering Institute, March 2001.
[2]
C. H. Papadimitriou. Computational Complexity. Addison Wesley, November 1993.
[3]
W. Quine. A way to simplify truth functions. American Mathematical Monthly, 62(9):627---631, 1955.
[4]
M. Rehak, M. Pechoucek, M. Grill, and K. Bartos. Trust-based classifier combination for network anomaly detection. In Cooperative Information Agents XII, volume 5180 of LNAI/LNCS, pages 41--54. Springer Verlag, September 2008.
[5]
M. Rehak, E. Staab, M. Pechoucek, J. Stiborek, M. Grill, and K. Bartos. Dynamic information source selection for intrusion detection systems. In Proc. of the 8th Int. Conf. on Autonomous Agents and Multiagent Systems (AAMAS'09). IFAAMAS, 2009.
[6]
E. Staab, V. Fusenig, and T. Engel. Towards trust-based acquisition of unverifiable information. In Cooperative Information Agents XII, volume 5180 of LNAI/LNCS, pages 41--54. Springer Verlag, September 2008.

Cited By

View all
  • (2016)Improving software performance and reliability in a distributed and concurrent environment with an architecture-based self-adaptive frameworkJournal of Systems and Software10.1016/j.jss.2016.06.102121:C(311-328)Online publication date: 1-Nov-2016
  • (2015)SAT-Based Formula SimplificationTheory and Applications of Satisfiability Testing -- SAT 201510.1007/978-3-319-24318-4_21(287-298)Online publication date: 27-Oct-2015
  • (2010)Improving Software Performance and Reliability with an Architecture-Based Self-Adaptive FrameworkProceedings of the 2010 IEEE 34th Annual Computer Software and Applications Conference10.1109/COMPSAC.2010.68(72-81)Online publication date: 19-Jul-2010

Index Terms

  1. Threat-model-driven runtime adaptation and evaluation of intrusion detection system

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    ICAC '09: Proceedings of the 6th international conference on Autonomic computing
    June 2009
    198 pages
    ISBN:9781605585642
    DOI:10.1145/1555228

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 15 June 2009

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. attack trees
    2. intrusion detection
    3. network behavior analysis
    4. self-adaptation

    Qualifiers

    • Poster

    Conference

    ICAC '09
    Sponsor:

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)0
    • Downloads (Last 6 weeks)0
    Reflects downloads up to 18 Feb 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2016)Improving software performance and reliability in a distributed and concurrent environment with an architecture-based self-adaptive frameworkJournal of Systems and Software10.1016/j.jss.2016.06.102121:C(311-328)Online publication date: 1-Nov-2016
    • (2015)SAT-Based Formula SimplificationTheory and Applications of Satisfiability Testing -- SAT 201510.1007/978-3-319-24318-4_21(287-298)Online publication date: 27-Oct-2015
    • (2010)Improving Software Performance and Reliability with an Architecture-Based Self-Adaptive FrameworkProceedings of the 2010 IEEE 34th Annual Computer Software and Applications Conference10.1109/COMPSAC.2010.68(72-81)Online publication date: 19-Jul-2010

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media