Um Modelo de Composição de Detectores de Intrusão Heterogêneos Baseado em Conjuntos Difusos
Resumo
A capacidade de detecção de um IDS depende de diversos fatores, incluindo sua arquitetura interna e os algoritmos utilizados. Assim, detectores distintos poderão apresentar comportamentos distintos quando submetidos ao mesmo fluxo de eventos. A teoria de diversidade de projetos vem sendo usada com sucesso na área de tolerância a faltas e também pode trazer benefícios na área de detecção de intrusão. O objetivo deste artigo é propor uma modelagem matemática baseada na teoria de conjuntos difusos para a composição de detectores de intrusão heterogêneos que analisam o mesmo fluxo de eventos. Com esse modelo, busca-se combinar os resultados individuais de cada detector em um resultado global de melhor qualidade.Referências
Avizienis, A. and Kelly J. P. J. Fault Tolerance by Design Diversity: Concepts and Experiments,” IEEE Computer, pp. 67-80, August, 1984.
Axelsson, Stefan, The Base-Rate Fallacy and its Implications for the Difficulty of Intrusion Detection. 6th ACM conference on Computer and Communications Security, 1999.
Bachi, S., Mei, Y., Foo B., Wu Y., Collaborative Intrusion Detection System (CIDS): A Framework for Accurate and Efficient IDS, Proceedings fo the 19th Annual Computer Security Applications Conference, 2003.
Carey N., Clark A., Mohay G. IDS Interoperability and Correlation Using IDMEF and Commodity Systems. Proceedings of the 4th International Conference on Information and Communications Security, December 2002.
Cuppens F., Miège A. Alert Correlation in a Cooperative Intrusion Detection Framework. IEEE Symposium on Security and Privacy, 2002.
Dain O., Cunningham R. Fusing heterogeneous alert streams into scenarios. 8th ACM Conference on Computer and Communications Security, 2001.
Julisch K. Clustering intrusion detection alarms to support root cause analysis. ACM Transactions on Information and System Security, November 2003.
Ko K., Fraser T., Badger L., Kilpatrick D. Detecting and Countering System Intrusions Using Software Wrappers. 9th USENIX Security Symposium, USA, 2000.
Kreibich C., Sommer R. Policy-Controlled Event Management for Distributed Intrusion Detection. 4th Intl Workshop on Distributed Event-Based Systems, June 2005.
Leckie, Tysen, Bayesian Metrics for SEADS, September 3, 2002, http://www.cs.fsu.edu/~yasinsac/group/slides/leckie3.pdf
Littlewood B. and Strigini L. Redundancy and Diversity in Security. 9th European Symposium on Research in Computer Security, France, 2004.
Maxion, R., Tan, K., The Effects of Algorithmic Diversity on Anomaly Detector Performance, Intl Conference on Dependable Systems & Networks, 01 – July – 2005.
Nguyen, Hung T. and Walker, Elbert A. A First Course in Fuzzy Logic, Chapman & Hall/CRC, 2000.
Mell, P., Hu, V., Lippmann, R., Haines, J., Zissman, M. An Overview of Issues in Testing Intrusion Detection Systems. National Institute of Standards and Technologie (NIST) Interagency Report 7007, June 2003.
Shaw, Ian S., Simões, Marcelo Godoy, Controle e Modelagem Fuzzy, Editora Edgard Blücher Ltda., 1999 Ulvila, Jacob W. and Gaffney, Jr., John E., Evaluation of Intrusion Detection Systems, Journal of Research of the National Institute of Standards and Technology, Volume 108, Number 6, November December 2003.
Axelsson, Stefan, The Base-Rate Fallacy and its Implications for the Difficulty of Intrusion Detection. 6th ACM conference on Computer and Communications Security, 1999.
Bachi, S., Mei, Y., Foo B., Wu Y., Collaborative Intrusion Detection System (CIDS): A Framework for Accurate and Efficient IDS, Proceedings fo the 19th Annual Computer Security Applications Conference, 2003.
Carey N., Clark A., Mohay G. IDS Interoperability and Correlation Using IDMEF and Commodity Systems. Proceedings of the 4th International Conference on Information and Communications Security, December 2002.
Cuppens F., Miège A. Alert Correlation in a Cooperative Intrusion Detection Framework. IEEE Symposium on Security and Privacy, 2002.
Dain O., Cunningham R. Fusing heterogeneous alert streams into scenarios. 8th ACM Conference on Computer and Communications Security, 2001.
Julisch K. Clustering intrusion detection alarms to support root cause analysis. ACM Transactions on Information and System Security, November 2003.
Ko K., Fraser T., Badger L., Kilpatrick D. Detecting and Countering System Intrusions Using Software Wrappers. 9th USENIX Security Symposium, USA, 2000.
Kreibich C., Sommer R. Policy-Controlled Event Management for Distributed Intrusion Detection. 4th Intl Workshop on Distributed Event-Based Systems, June 2005.
Leckie, Tysen, Bayesian Metrics for SEADS, September 3, 2002, http://www.cs.fsu.edu/~yasinsac/group/slides/leckie3.pdf
Littlewood B. and Strigini L. Redundancy and Diversity in Security. 9th European Symposium on Research in Computer Security, France, 2004.
Maxion, R., Tan, K., The Effects of Algorithmic Diversity on Anomaly Detector Performance, Intl Conference on Dependable Systems & Networks, 01 – July – 2005.
Nguyen, Hung T. and Walker, Elbert A. A First Course in Fuzzy Logic, Chapman & Hall/CRC, 2000.
Mell, P., Hu, V., Lippmann, R., Haines, J., Zissman, M. An Overview of Issues in Testing Intrusion Detection Systems. National Institute of Standards and Technologie (NIST) Interagency Report 7007, June 2003.
Shaw, Ian S., Simões, Marcelo Godoy, Controle e Modelagem Fuzzy, Editora Edgard Blücher Ltda., 1999 Ulvila, Jacob W. and Gaffney, Jr., John E., Evaluation of Intrusion Detection Systems, Journal of Research of the National Institute of Standards and Technology, Volume 108, Number 6, November December 2003.
Publicado
28/08/2006
Como Citar
RAGUENET, Inez Freire; MAZIERO, Carlos.
Um Modelo de Composição de Detectores de Intrusão Heterogêneos Baseado em Conjuntos Difusos. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 6. , 2006, Santos.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2006
.
p. 194-207.
DOI: https://doi.org/10.5753/sbseg.2006.20949.
