Title: Modelling distributed network attacks with constraints

Authors: Pedro Salgueiro; Salvador Abreu

Addresses: CENTRIA and Departamento de Informática, Universidade de Évora, Rua Romão Ramalho, No. 59, 7000-671 Évora, Portugal ' CENTRIA and Departamento de Informática, Universidade de Évora, Rua Romão Ramalho, No. 59, 7000-671 Évora, Portugal

Abstract: NeMODe is a declarative system for computer network intrusion detection, providing a declarative domain specific language for describing network intrusion signatures which can span several network packets, by stating constraints over network packets, describing relations between several packets in a declarative and expressive way. It provides several back-end detection mechanisms, all based on a constraint programming framework, to perform the detection of the desired signatures. In this work, we demonstrate how to model and perform the detection of distributed network attacks using each of the detection mechanisms provided by NeMODe, based in Gecode, adaptive search and MiniSat to perform the detection of the specific intrusions. We also use the sliding network traffic window version of the adaptive search back-end detection mechanism to simulate live network traffic and evaluate the performance of the system in conditions near to real life networks.

Keywords: constraint programming; propagation-based solvers; constraint-based local search; CBLS; Boolean satisfiability problems; intrusion detection systems; IDSs; domain specific languages; modelling; distributed network attacks; constraints; simulation.

DOI: 10.1504/IJBIC.2013.055449

International Journal of Bio-Inspired Computation, 2013 Vol.5 No.4, pp.210 - 225

Received: 01 Jun 2012
Accepted: 24 Sep 2012

Published online: 31 Mar 2014 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article