Simulating Concurrent Intrusions for Testing Intrusion Detection Systems: Parallelizing Intrusions
نویسندگان
چکیده
For testing Intrusion Detection Systems (IDS), it is essential that we be able to simulate intrusions in diierent forms (both sequential and parallelized) in order to comprehensively test and evaluate the detection capability of an IDS. This paper presents an algorithm for automatically transforming a sequential intrusive script into a set of parallel intrusive scripts (formed by a group of parallel threads) which simulate a concurrent intrusion. The main goal of parallelizing an intrusion is to distract an IDS's attention away from the intrusive activity. We identify constraints on the execution order among commands, and the way commands can be classiied based on the eeect of their execution. Synchronization and communication mechanisms are used to guarantee that the execution order among commands is preserved even under the paral-lelized scenario. We show that, experimentally, our work constitutes a major part of testing the ability of an IDS to detect intrusions and is especially useful for the users and developers of IDSs. We show that an intrusion is less likely to be detected if the suspicious activity is distributed over several sessions. Finally, we discuss some aspects of parallelizing intrusive scripts, including some practical diiculties that are open problems for future research.
منابع مشابه
An Edit-Distance Algorithm to Detect Correlated Attacks in Distributed Systems
Intrusion detection systems (IDS)are crucial components of the security mechanisms of today’s computer systems. Existing research on intrusion detection has focused on sequential intrusions. However, intrusions can also be formed by concurrent interactions of multiple processes. Some of the intrusions caused by these interactions cannot be detected using sequential intrusion detection methods. ...
متن کاملA Methodology for TestingIntrusion Detection Systems 1
Intrusion Detection Systems (IDSs) attempt to identify unauthorized use, misuse, and abuse of computer systems. In response to the growth in the use and development of IDSs, we have developed a methodology for testing IDSs. The methodology consists of techniques from the eld of software testing which we have adapted for the speciic purpose of testing IDSs. In this paper, we identify a set of ge...
متن کاملDoing intrusion detection using embedded sensors —
Intrusion detection systems have usually been developed using large host-based components. These components impose an extra load on the system where they run (sometimes even requiring a dedicated system) and are subject to tampering or disabling by an intruder. Additionally, intrusion detection systems have usually obtained information about host behavior through indirect means, such as audit t...
متن کاملAnomaly and Misuse Intrusions Variability Detection
In this paper we discuss our research in developing intrusion detection software framework for modeling, simulation and detection computer system intrusion based on partially ordered events and patterns FEIIDS. The article describes problematic of intrusion detection systems and intrusions detection. We provide concrete design of developed framework based on intrusion signatures threats are mat...
متن کاملEvents Planning in Intrusion Detection Systems
The goal of this paper is to present designed architecture of intrusion detection system based on events planning and intrusion signature. The article describes problematic of the variation of intrusions and intrusion detection systems. The core of the proposed architecture is intrusion signature matching through petri nets that clasify system behaviour and determine potential intrusion of moni...
متن کامل