Skip to main content
SpringerLink
Log in

Optimization of NIDS Placement for Protection of Intercommunicating Critical Infrastructures

  • Conference paper
Intelligence and Security Informatics (EuroIsI 2008)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 5376))

Included in the following conference series:

Abstract

Many Critical Infrastructures (CI) use the Internet as a means of providing services to citizens and for dispatching their own transactions. CIs, like many other organizations connected to the Internet, are prone to cyber-attacks. The attacks can originate from their trusted customers or peer CIs. Distributed network intrusion detection systems (NIDS) can be deployed within the network of national Network Service Providers to support cyber-attack mitigation. However, determining the optimal placement of NIDS devices is a complex problem that should take into account budget constraints, network topology, communication patterns, and more. In this paper we model interconnected CIs as a communication overlay network and propose using Group Betweenness Centrality as a guiding heuristic in optimizing placement of NIDS with respect to the overlay network. We analyze the effectiveness of the proposed placement strategy by employing standard epidemiological models and compare it to placement strategies suggested in the literature.

Research is partially supported by Deutsche Telekom AG.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. NCSA : Overview of NCSA Consumer Research Study (April 2008), http://staysafeonline.org/pdf/NSCA_quickquery_survey.pdf

  2. McAfee-NCSA: Online Safety Study (October 2007), http://staysafeonline.org/pdf/McAfee_NCSA_analysis.pdf

  3. Communication Technologies, I.: Technical information bulletin 04-1: Supervisory control and data acquisition (scada) systems (October 2004), http://www.ncs.gov/library/tech_bulletins/2004/tib_04-1.pdf

  4. Gorman, S.P., Schintler, L., Kulkarni, R., Stough, R.: The revenge of distance: Vulnerability analysis of critical information infrastructure. Journal of Contingencies and Crisis Management 12, 48–63 (2004)

    Article  Google Scholar 

  5. Yegneswaran, V., Barford, P., Jha, S.: Global intrusion detection in the domino overlay system. In: NDSS (2004)

    Google Scholar 

  6. Kruegel, C., Valeur, F., Vigna, G., Kemmerer, R.: Stateful intrusion detection for high-speed networks. In: IEEE Symposium on Security and Privacy, pp. 285–294 (May 2002)

    Google Scholar 

  7. Cai, M., Hwang, K., Kwok, Y.K., Song, S., Chen, Y.: Collaborative internet worm containment. IEEE Security and Privacy 3(3), 25–33 (2005)

    Article  Google Scholar 

  8. Borgatti, S.P., Everett, M.G.: A graph-theoretic perspective on centrality. Social Networks 28(4), 466–484 (2006)

    Article  Google Scholar 

  9. Anderson, R.M., May, R.M.: Infectious diseases of humans: dynamics and control. Oxford University Press, Oxford (1992)

    Google Scholar 

  10. Savage, S., Collins, A., Hoffman, E., Snell, J., Anderson, T.: The end-to-end effects of internet path selection. SIGCOMM Comput. Commun. Rev. 29(4), 289–299 (1999)

    Article  Google Scholar 

  11. Kephart, J.O., White, S.R.: Directed-graph epidemiological models of computer viruses. In: Proceedings of the 1991 IEEE Computer Society Symposium on research in Security and Privacy, Oakland, California, pp. 343–359 (May 1991)

    Google Scholar 

  12. Liljenstam, M., Nicol, D.M., Berk, V.H., Gray, R.S.: Simulating realistic network worm traffic for worm warning system design and testing. In: WORM 2003: Proceedings of the 2003 ACM workshop on Rapid malcode, pp. 24–33. ACM, New York (2003)

    Chapter  Google Scholar 

  13. Riley, G.F., Sharif, M.I., Lee, W.: Simulating internet worms. In: MASCOTS 2004: Proceedings of the The IEEE Computer Society’s 12th Annual International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunications Systems, Washington, DC, USA, pp. 268–274. IEEE Computer Society, Los Alamitos (2004)

    Google Scholar 

  14. Zhou, T., Liu, J.G., Bai, W.J., Chen, G., Wang, B.H.: Behaviors of susceptible-infected epidemics on scale-free networks with identical infectivity. Phys. Rev. E 74, 056109 (2006)

    Article  Google Scholar 

  15. Wasserman, S., Faust, K.: Social network analysis: Methods and applications. Cambridge University Press, Cambridge (1994)

    Book  MATH  Google Scholar 

  16. Zanette, D.H., Kuperman, M.: Effects of immunization in small-world epidemics. Physica A 309, 445–452 (2002)

    Article  MATH  Google Scholar 

  17. Pastor-Satorras, R., Vespignani, A.: Immunization of complex networks. Phys. Rev. E 65, 036104 (2002)

    Article  Google Scholar 

  18. Jackson, A., Milliken, W., Santivanez, C., Condell, M., Strayer, W.: A topological analysis of monitor placement. In: Sixth IEEE International Symposium on Network Computing and Applications, NCA 2007, pp. 169–178 (July 2007)

    Google Scholar 

  19. Park, K.: Scalable protection against ddos and worm attacks. DARPA ATO FTN project AFRL contract F30602-01-2-0530, Purdue University, West LaFayette (2004)

    Google Scholar 

  20. Downey, R.G., Fellows, M.R.: Parametrized computational feasibility. Feasible Mathematics 2, 219–244 (1995)

    Article  MATH  Google Scholar 

  21. Barabasi, A.L., Albert, R.: Emergence of scaling in random networks. Science 286, 509–512 (1999)

    Article  MathSciNet  MATH  Google Scholar 

  22. Bollobas, B., Riordan, O.: Robustness and vulnerability of scale-free random graphs. Internet Mathematics 1(1), 1–35 (2003)

    Article  MathSciNet  MATH  Google Scholar 

  23. Faloutsos, M., Faloutsos, P., Faloutsos, C.: On power-law relationships of the internet topology. SIGCOMM Comput. Comm. Rev. 29(4), 251–262 (1999)

    Article  MATH  Google Scholar 

  24. Holme, P.: Congestion and centrality in traffic flow on complex networks. Advances in Complex Systems 6(2), 163–176 (2003)

    Article  MATH  Google Scholar 

  25. Freeman, L.C.: A set of measures of centrality based on betweenness. Sociometry 40(1), 35–41 (1977)

    Article  Google Scholar 

  26. Barthélemy, M.: Betweenness centrality in large complex networks. The European Physical Journal B – Condensed Matter 38(2), 163–168 (2004)

    Google Scholar 

  27. Everett, M.G., Borgatti, S.P.: The centrality of groups and classes. Mathematical Sociology 23(3), 181–201 (1999)

    Article  MATH  Google Scholar 

  28. Puzis, R., Elovici, Y., Dolev, S.: Fast algorithm for successive computation of group betweenness centrality. Phys. Rev. E 76(5), 056709 (2007)

    Article  MathSciNet  Google Scholar 

  29. Brandes, U.: A faster algorithm for betweenness centrality. Mathematical Sociology 25(2), 163–177 (2001)

    Article  MATH  Google Scholar 

  30. Brandes, U.: On variants of shortest-path betweenness centrality and their generic computation. Social Networks 30(2), 136–145 (2008)

    Article  Google Scholar 

  31. Puzis, R., Yagil, D., Elovici, Y., Braha, D.: Collaborative attack on internet users’ anonymity. Internet Research (submitted)

    Google Scholar 

  32. Bloem, M., Alpcan, T., Schmidt, S., Basar, T.: Malware filtering for network security using weighted optimality measures. In: IEEE Conference on Control Applications, Singapore (2007)

    Google Scholar 

  33. Suh, K., Guo, Y., Kurose, J., Towsley, D.: Locating network monitors: Complexity, heuristics, and coverage. Computer Communications 29, 1564–1577 (2006)

    Article  Google Scholar 

  34. Chaudet, C., Fleury, E., Lassous, I.G., Rivano, H., Voge, M.E.: Optimal positioning of active and passive monitoring devices. In: CoNEXT 2005: Proceedings of the 2005 ACM conference on Emerging network experiment and technology, pp. 71–82. ACM, New York (2005)

    Google Scholar 

  35. Newman, M.E.J.: Scientific collaboration networks. ii. shortest paths, weighted networks, and centrality. Phys. Rev. E 64, 016132 (2001)

    Article  Google Scholar 

  36. Watts, D.J., Strogatz, S.H.: Collective dynamics of ‘small-world’ networks. Nature 393, 440–442 (1998)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Deutsche Telekom laboratories at Ben-Gurion University, Israel

    Rami Puzis & Yuval Elovici

  2. Faculty 7, business and management, Technical University of Berlin, Germany

    Marius David Klippel

  3. Department of Computer Science, Ben-Gurion University, Israel

    Shlomi Dolev

Authors
  1. Rami Puzis
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Marius David Klippel
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yuval Elovici
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Shlomi Dolev
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Computer Science Department, Aalborg University Esbjerg, Niels Bohrs Vej 8, 6700, Esbjerg, Denmark

    Daniel Ortiz-Arroyo

  2. Department of Computer Science and Engineering, Aalborg University Esbjerg, Niels Bohrs Vej 8, 6700, Esbjerg, Denmark

    Henrik Legind Larsen

  3. Department of MIS, University of Arizona, 85721, Tucson, AZ, USA

    Daniel Dajun Zeng

  4. Computer Science Department, Aalborg University, DK-6700, Esbjerg, Denmark

    David Hicks

  5. European Commission - European Commission - Joint Research Centre (JRC) IPSC - SeS Unit T.P., Ispra, Italy

    Gerhard Wagner

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Puzis, R., Klippel, M.D., Elovici, Y., Dolev, S. (2008). Optimization of NIDS Placement for Protection of Intercommunicating Critical Infrastructures. In: Ortiz-Arroyo, D., Larsen, H.L., Zeng, D.D., Hicks, D., Wagner, G. (eds) Intelligence and Security Informatics. EuroIsI 2008. Lecture Notes in Computer Science, vol 5376. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-89900-6_20

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-89900-6_20

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-89899-3

  • Online ISBN: 978-3-540-89900-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation