Simulation of Network Security with Collaboration among IDS Models

  • Hee Suk Seo
  • Tae Ho Cho
Conference paper
First Online:
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2256)

Abstract

IDS (Intrusion Detection System) plays a vital role in network security in that it monitors system activities to identity unauthorized use, misuse or abuse of computer and network system. For the simulation of IDS a model has been constructed based on the DEVS (Discrete EVent system Specification) formalism. With this model we can simulate whether the intrusion detection, which is a core function of IDS, is effectively done under various different conditions. As intrusions become more sophisticated, it is beyond the scope of any one IDS to deal with them. Thus we placed multiple IDS agents in the network where the information helpful for detecting the intrusions is shared among these agents to cope effectively with attackers. Each agent cooperates through the BBA (Black Board Architecture) for detecting intrusions. If an agent detects intrusions, it transfers attacker’s information to a Firewall. Using this mechanism attacker’s packets detected by IDS can be prevented from damaging the network.

Keywords

Intrusion Detection Intrusion Detection System Network Security False Positive Ratio Black Board Architecture 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, log in to check access.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    S. Northcutt, “Network Intrusion Detection-An Analyst’s Handbook”, New Riders Publishing, 1999.Google Scholar
  2. 2.
    S Mclure, J. Scambray, G. Kurtz, “Hacking Exposed: Network Security Secrets and Solutions”, McGraw-Hill, 1999.Google Scholar
  3. 3.
    E. Amoroso, “Intrusion Detection-An Introduction to Internet Surveillance, Correlation, Traps, Trace Back, and Response”, Intrusion.Net Books, 1999.Google Scholar
  4. 4.
    R. Bace, “Intrusion Detection”, Macmillan Technical Publishing, 2000.Google Scholar
  5. 5.
    Seo, Hee Suk, Yi, Mi Ra, Cho, Tae ho, “Simulation of Intrusion Detection System for Network Security”, Proceedings of Summer Computer simulation Conference, July 2001.Google Scholar
  6. 6.
    B. P. Zeigler, “Object-Oriented Simulation with Hierarchical, Modular Models”, San Diego, CA, USA: Academic Press, 1990.MATHGoogle Scholar
  7. 7.
    B. P. Zeigler, “Theory of Modeling and Simulation”, John Wiley, NY, USA, 1976, reissued by Krieger, Malabar, FL, USA, 1985.Google Scholar
  8. 8.
    B. P. Zeigler, “Multifacetted Modeling and Discrete Event Simulation”. Orlando, FL: Academic, 1984.Google Scholar
  9. 9.
    T.H. Cho, Bernard P. Zeigler, “Simulation of Intelligent Hierarchical Flexible Manufacturing: Batch Job Routing in Operation Overlapping”, IEEE trans. Syst. Man, Cybern. A, Vol. 27, Jan. 1997, pp. 116–126.Google Scholar
  10. 10.
    U. Lindqvist, E. Jonsson, “How to Systematically Classify Intrusions”, Proceedings of the IEEE Symposium on Security and Privacy, Oakland, California, 1997.Google Scholar
  11. 11.
    B. A. Forouzan, “TCP/IP Protocol Suite”, McGrawHill, 2000.Google Scholar
  12. 12.
    U. Lindqvist, P. A. Porras, “Detecting Computer and Network Misuse Through the Production-Based Expert System Toolset(P-BEST)”, Proceedings of the IEEE Symposium on Security and Privacy, Oakland, California, May 9–12, 1999.Google Scholar
  13. 13.
    P. Porras and P. Neumann, “EMERALD: Event Monitoring Enabling Responses to anomalous live disturbances”, Proceedings of the 20th National Information Systems Security Conference. National Institute of Standards an Technology, 1997.Google Scholar
  14. 14.
    M. Crosbie and G. Spafford, “Active Defence of a Computer System using Autonomous Agents”, Technical Report No. 95-008, COAST Group, Dept. of Computer Science, Purdue University, Feb. 15, 1995.Google Scholar
  15. 15.
    G. Van Zeir, J. P. Kruth, J. Detand, “A Conceptual Framework for Interactive and Blackboard Based CAPP”, International Journal of Production Research, Vol. 36(6), 1998, pp. 1453–1473.MATHCrossRefGoogle Scholar
  16. 16.
    K. Decker, A. Garvey, M. Humphrey, V. R. Lesser, “Control Heuristics for Scheduling in a Parallel Blackboard System”, International Journal of pattern Recognition and Artificial Intelligence, Vol. 7, No. 2, pp. 243–264, 1993.CrossRefGoogle Scholar
  17. 17.
    F. Klassner, V. R. Lesser, S. H. Nawab, “The IPUS Blackboard Architecture as a Framework for Computational Auditory Scene Analysis”, IJCAI-95 Workshop on Computational Auditory Scene Analysis, Montreal, Canada, August 1995.Google Scholar
  18. 18.
    J. Barrus, N. C. Rowe, “A Distributed Autonomous-Agent Network-Intrusion Detection and Response System”, Proceedings of Command and Control Research and Technology Symposium, Monterey CA, June 1998, pp. 577–586.Google Scholar
  19. 19.
    P. Neumann and D. Parker, “A Summary of computer misuse techniques”, In Proceedings of the 12th National Computer Security Conference, October 1989, pp. 396–407.Google Scholar
  20. 20.
    N. Puketza, M. Chung, R. Olsson, B. Mukherjee, “A Software Platform for Testing Intrusion Detection Systems”, IEEE Software, September/October, 1997, pp.43–51.Google Scholar
  21. 21.
    F. Cohen, “Simulating Cyber Attacks, Defences, and Consequences”, Computer & Security, Vol.18, pp. 479–518, 1999.CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Hee Suk Seo
    • 1
  • Tae Ho Cho
    • 1
  1. 1.School of Electrical and Computer Engineering Modeling & Simulation LabSungkyunkwan UniversitySuwonSouth Korea

Personalised recommendations