Planning, Petri Nets, and Intrusion Detection
نویسندگان
چکیده
Detection of intrusions with multiple sources and intrusions where incomplete behavioral data is available is a di cult task. We propose a new intrusion detection architecture combining partial order planning and executable Petri Nets to detect such attacks. Partial Order State Transition Analysis Technique, or POSTAT, increases the exibility of the traditional state analysis approach by allowing unordered events in the signature action sequence.
منابع مشابه
Events Planning in Intrusion Detection Systems
The goal of this paper is to present designed architecture of intrusion detection system based on events planning and intrusion signature. The article describes problematic of the variation of intrusions and intrusion detection systems. The core of the proposed architecture is intrusion signature matching through petri nets that clasify system behaviour and determine potential intrusion of moni...
متن کاملAnomaly and Misuse Intrusions Variability Detection
In this paper we discuss our research in developing intrusion detection software framework for modeling, simulation and detection computer system intrusion based on partially ordered events and patterns FEIIDS. The article describes problematic of intrusion detection systems and intrusions detection. We provide concrete design of developed framework based on intrusion signatures threats are mat...
متن کاملSoccer Goalkeeper Task Modeling and Analysis by Petri Nets
In a robotic soccer team, goalkeeper is an important challenging role, which has different characteristics from the other teammates. This paper proposes a new learning-based behavior model for a soccer goalkeeper robot by using Petri nets. The model focuses on modeling and analyzing, both qualitatively and quantitatively, for the goalkeeper role so that we have a model-based knowledge of the ta...
متن کاملA Pattern Matching Model for Misuse Intrusion Detection
This paper describes a generic model of matching that can be usefully applied to misuse intrusion detection. The model is based on Colored Petri Nets. Guards define the context in which signatures are matched. The notion of start and final states, and paths between them define the set of event sequences matched by the net. Partial order matching can also be specified in this model. The main ben...
متن کاملSoftware Fault Tree and Colored Petri Net Based Specification, Design and Implementation of Agent-Based Intrusion Detection Systems
The integration of Software Fault Tree Analysis (SFTA) (to describe intrusions) and Colored Petri Nets (CPNs) (to specify design) is examined for an Intrusion Detection System (IDS). The IDS under development is a collection of mobile agents that detect, classify, and correlate system and network activities. Software Fault Trees (SFTs), augmented with nodes that describe trust, temporal, and co...
متن کامل