Title: Software fault tree and coloured Petri net–based specification, design and implementation of agent-based intrusion detection systems

Authors: Guy Helmer, Johnny Wong, Mark Slagell, Vasant Honavar, Les Miller, Yanxin Wang, Xia Wang, Natalia Stakhanova

Addresses: Department of Computer Science, Iowa State University, Atanasoff Hall, Ames, Iowa 50011, USA. ' Department of Computer Science, Iowa State University, Atanasoff Hall, Ames, Iowa 50011, USA. ' Department of Computer Science, Iowa State University, Atanasoff Hall, Ames, Iowa 50011, USA. ' Department of Computer Science, Iowa State University, Atanasoff Hall, Ames, Iowa 50011, USA. ' Department of Computer Science, Iowa State University, Atanasoff Hall, Ames, Iowa 50011, USA., USA. ' Department of Computer Science, Iowa State University, Atanasoff Hall, Ames, Iowa 50011 ' Department of Computer Science, Iowa State University, Atanasoff Hall, Ames, Iowa 50011 ' Department of Computer Science, Iowa State University, Atanasoff Hall, Ames, Iowa 50011, USA

Abstract: The integration of Software Fault Tree (SFT), which describes intrusions and Coloured Petri Nets (CPNs) that specifies design, is examined for an Intrusion Detection System (IDS). The IDS under development is a collection of mobile agents that detect, classify, and correlate the system and network activities. SFTs, augmented with nodes that describe trust, temporal and contextual relationships, are used to describe intrusions. CPNs for intrusion detection are built using CPN templates created from the augmented SFTs. Hierarchical CPNs are created to detect critical stages of intrusions. The agentbased implementation of the IDS is then constructed from the CPNs. Examples of intrusions and descriptions of the prototype implementation are used to demonstrate how the CPN approach has been used in the development of the IDS. The main contribution of this paper is an approach to systematic specification, design and implementation of an IDS; Innovations include (1) using stages of intrusions to structure the specification and design of the IDS; (2) augmentation of SFT with trust, temporal and contextual nodes to model intrusions; (3) algorithmic construction of CPNs from augmented SFT; and (4) generation of mobile agents from CPNs.

Keywords: coloured Petri nets; information security; computer security; intrusion detection systems; mobile agents; software fault tree analysis; agent-based systems; multi-agent systems.

DOI: 10.1504/IJICS.2007.012246

International Journal of Information and Computer Security, 2007 Vol.1 No.1/2, pp.109 - 142

Published online: 31 Jan 2007 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article