International Workshop on Recent Advances in Intrusion Detection

RAID 2008: Recent Advances in Intrusion Detection pp 271-290

Determining Placement of Intrusion Detectors for a Distributed Application through Bayesian Network Modeling

  • Gaspar Modelo-Howard
  • Saurabh Bagchi
  • Guy Lebanon
Conference paper

DOI: 10.1007/978-3-540-87403-4_15

Volume 5230 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Modelo-Howard G., Bagchi S., Lebanon G. (2008) Determining Placement of Intrusion Detectors for a Distributed Application through Bayesian Network Modeling. In: Lippmann R., Kirda E., Trachtenberg A. (eds) Recent Advances in Intrusion Detection. RAID 2008. Lecture Notes in Computer Science, vol 5230. Springer, Berlin, Heidelberg

Abstract

To secure today’s computer systems, it is critical to have different intrusion detection sensors embedded in them. The complexity of distributed computer systems makes it difficult to determine the appropriate configuration of these detectors, i.e., their choice and placement. In this paper, we describe a method to evaluate the effect of the detector configuration on the accuracy and precision of determining security goals in the system. For this, we develop a Bayesian network model for the distributed system, from an attack graph representation of multi-stage attacks in the system. We use Bayesian inference to solve the problem of determining the likelihood that an attack goal has been achieved, given a certain set of detector alerts. We quantify the overall detection performance in the system for different detector settings, namely, choice and placement of the detectors, their quality, and levels of uncertainty of adversarial behavior. These observations lead us to a greedy algorithm for determining the optimal detector settings in a large-scale distributed system. We present the results of experiments on Bayesian networks representing two real distributed systems and real attacks on them.

Keywords

Intrusion detection detector placement Bayesian networks attack graph 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Gaspar Modelo-Howard
    • 1
  • Saurabh Bagchi
    • 1
  • Guy Lebanon
    • 1
  1. 1.School of Electrical and Computer EngineeringPurdue UniversityWest LafayetteUSA