ACM Digital Library home
ACM home
Advanced Search
10.1145/1854099.1854145acmotherconferencesArticle/Chapter ViewAbstractPublication PagessinConference Proceedings
research-article

A DSL for intrusion detection based on constraint programming

Publication: SIN '10: Proceedings of the 3rd international conference on Security of information and networksSeptember 2010 Pages 224–232https://doi.org/10.1145/1854099.1854145
  • 2citation
  • 158
    • Downloads
Metrics
Total Citations2
Total Downloads158
Last 12 Months12
Last 6 weeks0

ABSTRACT

Intrusion Detection Systems (IDS) are increasingly important in computer networks, allowing the early diagnosis and detection of anomalous situations, which could otherwise put network performance at risk or even compromise the security or integrity of user data.

In this work we present NeMODe, a domain specific language for network intrusion detection that allows to describe network intrusions that spread across several network packets, relying on Constraint Programming(CP), a programming methodology that starts with a declarative description of the desirable network situations and, based on that description, a set of parameterizations for network intrusion detection mechanisms will execute to find those intrusions.

References

  1. tcpdump web page at http://www.tcpdump.org/,April, 2009.Google ScholarGoogle Scholar
  2. S. Abreu, D. Diaz, and P. Codognet. Parallel local search for solving constraint problems on the cell broadband engine (preliminary results). CoRR, abs/0910.1264, 2009.Google ScholarGoogle Scholar
  3. K. Arun. Flow-aware cross packet inspection using bloom filters for high speed data-path content matching pages 230--1234, march 2009.Google ScholarGoogle Scholar
  4. W. Barth. Nagios: System and network monitoring. No Starch Press San Francisco, CA, USA, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. J. Beale. Snort 2.1 Intrusion Detection, Second Edition. Syngress Publishing, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. P. Codognet and D. Diaz. Yet another local search method for constraint solving. Lecture Notes in Computer Science, 2264:73--90, 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. D. Comer. Internetworking With TCP/IP Volume 1: Principles Protocols, and Architecture, 5th edition. Prentice Hall, 2006.Google ScholarGoogle Scholar
  8. J. Kahle, M. Day, H. Hofstee, C. Johns, T. Maeurer, and D. Shippy. Introduction to the Cell multiprocessor. IBM journal of Research and Development, 49(4/5):589--604, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. A. Kiezun, V. Ganesh, P. Guo, P. Hooimeijer, and M. Ernst. HAMPI: A solver for string constraints. In Proceedings of the eighteenth international symposium on Software testing and analysis, pages 105--116. ACM, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. S. Kumar and E. Spafford. A software architecture to support misuse intrusion detection. In Proceedings of the 18th national information security conference, pages 194--204, 1995.Google ScholarGoogle Scholar
  11. M. Roesch. Snort - lightweight intrusion detection for networks. In LISA '99: Proceedings of the 13th USENIX conference on System administration, pages 229--238, Berkeley, CA, USA, 1999. USENIX Association. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. F. Rossi, P. Van Beek, and T. Walsh. Handbook of constraint programming. Elsevier Science, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. C. Schulte and P. Stuckey. Speeding up constraint propagation. Lecture Notes in Computer Science, 3258:619--633, 2004.Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. H. Song and J. Lockwood. Efficient packet classification for network intrusion detection using FPGA. In Proceedings of the 2005 ACM/SIGDA 13th international symposium on Field-programmable gate arrays, pages 238--245. ACM New York, NY, USA, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. G. Team. Gecode: Generic constraint development environment, 2008. Available from http://www.gecode.org.Google ScholarGoogle Scholar
  16. A. Van Deursen and J. Visser. Domain-specific languages: An annotated bibliography. ACM Sigplan Notices, 35(6):26--36, 2000. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. P. Van Hentenryck and L. Michel. Constraint-based local search. MIT Press, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. G. Vasiliadis, M. Polychronakis, S. Antonatos, E. P. Markatos, and S. Ioannidis. Regular expression matching on graphics hardware for intrusion detection. In RAID '09: Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection, pages 265--283, Berlin, Heidelberg, 2009. Springer-Verlag. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Y. Zhang and W. Lee. Intrusion detection in wireless ad-hoc networks. In Proceedings of the 6th annual international conference on Mobile computing and networking, page 283. ACM, 2000.Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. A DSL for intrusion detection based on constraint programming

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      Get this Publication

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      View Table of Contents
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!