A decision support system for placement of intrusion detection and prevention devices in large-scale networks

Rami Puzis, Meytal Tubi, Yuval Elovici, Chanan Glezer, Shlomi Dolev

Research output: Contribution to journalArticlepeer-review

13 Scopus citations

Abstract

This article describes an innovative Decision Support System (DSS) for Placement of Intrusion Detection and Prevention Systems (PIDPS) in large-scale communication networks. PIDPS is intended to support network security personnel in optimizing the placement and configuration of malware filtering and monitoring devices within Network Service Providers' (NSP) infrastructure, and enterprise communication networks. PIDPS meshes innovative and state-of-the-art mechanisms borrowed from the domains of graph theory, epidemic modeling, and network simulation. Scalable network exploitation models enable to define the communication patterns induced by network users (thereby establishing a virtual overlay network), and parallel attack models enable a PIDPS user to define various interdependent network attacks such as: Internet worms, Trojans horses, Denial of Service (DoS) attacks, and others. PIDPS incorporates a set of deployment strategies (employing graph-theoretic centrality measures) in order to facilitate intelligent placement of filtering and monitoring devices; as well as a dedicated network simulator in order to evaluate the various deployments. Experiments with PIDPS indicate that incorporating knowledge on the overlay network (network exploitation patterns) into the placement and configuration of malware filtering and monitoring devices substantially improves the effectiveness of intrusion detection and prevention systems in NSP and enterprise networks.

Original languageEnglish
Article number5
JournalACM Transactions on Modeling and Computer Simulation
Volume22
Issue number1
DOIs
StatePublished - 1 Dec 2011

Keywords

  • Decision support systems
  • Intrusion detection
  • Overlay networks

Fingerprint

Dive into the research topics of 'A decision support system for placement of intrusion detection and prevention devices in large-scale networks'. Together they form a unique fingerprint.

Cite this