Abstract
Many Critical Infrastructures (CI) use the Internet as a means of providing services to citizens and for dispatching their own transactions. CIs, like many other organizations connected to the Internet, are prone to cyber-attacks. The attacks can originate from their trusted customers or peer CIs. Distributed network intrusion detection systems (NIDS) can be deployed within the network of national Network Service Providers to support cyber-attack mitigation. However, determining the optimal placement of NIDS devices is a complex problem that should take into account budget constraints, network topology, communication patterns, and more. In this paper we model interconnected CIs as a communication overlay network and propose using Group Betweenness Centrality as a guiding heuristic in optimizing placement of NIDS with respect to the overlay network. We analyze the effectiveness of the proposed placement strategy by employing standard epidemiological models and compare it to placement strategies suggested in the literature.
Research is partially supported by Deutsche Telekom AG.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
NCSA : Overview of NCSA Consumer Research Study (April 2008), http://staysafeonline.org/pdf/NSCA_quickquery_survey.pdf
McAfee-NCSA: Online Safety Study (October 2007), http://staysafeonline.org/pdf/McAfee_NCSA_analysis.pdf
Communication Technologies, I.: Technical information bulletin 04-1: Supervisory control and data acquisition (scada) systems (October 2004), http://www.ncs.gov/library/tech_bulletins/2004/tib_04-1.pdf
Gorman, S.P., Schintler, L., Kulkarni, R., Stough, R.: The revenge of distance: Vulnerability analysis of critical information infrastructure. Journal of Contingencies and Crisis Management 12, 48–63 (2004)
Yegneswaran, V., Barford, P., Jha, S.: Global intrusion detection in the domino overlay system. In: NDSS (2004)
Kruegel, C., Valeur, F., Vigna, G., Kemmerer, R.: Stateful intrusion detection for high-speed networks. In: IEEE Symposium on Security and Privacy, pp. 285–294 (May 2002)
Cai, M., Hwang, K., Kwok, Y.K., Song, S., Chen, Y.: Collaborative internet worm containment. IEEE Security and Privacy 3(3), 25–33 (2005)
Borgatti, S.P., Everett, M.G.: A graph-theoretic perspective on centrality. Social Networks 28(4), 466–484 (2006)
Anderson, R.M., May, R.M.: Infectious diseases of humans: dynamics and control. Oxford University Press, Oxford (1992)
Savage, S., Collins, A., Hoffman, E., Snell, J., Anderson, T.: The end-to-end effects of internet path selection. SIGCOMM Comput. Commun. Rev. 29(4), 289–299 (1999)
Kephart, J.O., White, S.R.: Directed-graph epidemiological models of computer viruses. In: Proceedings of the 1991 IEEE Computer Society Symposium on research in Security and Privacy, Oakland, California, pp. 343–359 (May 1991)
Liljenstam, M., Nicol, D.M., Berk, V.H., Gray, R.S.: Simulating realistic network worm traffic for worm warning system design and testing. In: WORM 2003: Proceedings of the 2003 ACM workshop on Rapid malcode, pp. 24–33. ACM, New York (2003)
Riley, G.F., Sharif, M.I., Lee, W.: Simulating internet worms. In: MASCOTS 2004: Proceedings of the The IEEE Computer Society’s 12th Annual International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunications Systems, Washington, DC, USA, pp. 268–274. IEEE Computer Society, Los Alamitos (2004)
Zhou, T., Liu, J.G., Bai, W.J., Chen, G., Wang, B.H.: Behaviors of susceptible-infected epidemics on scale-free networks with identical infectivity. Phys. Rev. EÂ 74, 056109 (2006)
Wasserman, S., Faust, K.: Social network analysis: Methods and applications. Cambridge University Press, Cambridge (1994)
Zanette, D.H., Kuperman, M.: Effects of immunization in small-world epidemics. Physica A 309, 445–452 (2002)
Pastor-Satorras, R., Vespignani, A.: Immunization of complex networks. Phys. Rev. EÂ 65, 036104 (2002)
Jackson, A., Milliken, W., Santivanez, C., Condell, M., Strayer, W.: A topological analysis of monitor placement. In: Sixth IEEE International Symposium on Network Computing and Applications, NCA 2007, pp. 169–178 (July 2007)
Park, K.: Scalable protection against ddos and worm attacks. DARPA ATO FTN project AFRL contract F30602-01-2-0530, Purdue University, West LaFayette (2004)
Downey, R.G., Fellows, M.R.: Parametrized computational feasibility. Feasible Mathematics 2, 219–244 (1995)
Barabasi, A.L., Albert, R.: Emergence of scaling in random networks. Science 286, 509–512 (1999)
Bollobas, B., Riordan, O.: Robustness and vulnerability of scale-free random graphs. Internet Mathematics 1(1), 1–35 (2003)
Faloutsos, M., Faloutsos, P., Faloutsos, C.: On power-law relationships of the internet topology. SIGCOMM Comput. Comm. Rev. 29(4), 251–262 (1999)
Holme, P.: Congestion and centrality in traffic flow on complex networks. Advances in Complex Systems 6(2), 163–176 (2003)
Freeman, L.C.: A set of measures of centrality based on betweenness. Sociometry 40(1), 35–41 (1977)
Barthélemy, M.: Betweenness centrality in large complex networks. The European Physical Journal B – Condensed Matter 38(2), 163–168 (2004)
Everett, M.G., Borgatti, S.P.: The centrality of groups and classes. Mathematical Sociology 23(3), 181–201 (1999)
Puzis, R., Elovici, Y., Dolev, S.: Fast algorithm for successive computation of group betweenness centrality. Phys. Rev. EÂ 76(5), 056709 (2007)
Brandes, U.: A faster algorithm for betweenness centrality. Mathematical Sociology 25(2), 163–177 (2001)
Brandes, U.: On variants of shortest-path betweenness centrality and their generic computation. Social Networks 30(2), 136–145 (2008)
Puzis, R., Yagil, D., Elovici, Y., Braha, D.: Collaborative attack on internet users’ anonymity. Internet Research (submitted)
Bloem, M., Alpcan, T., Schmidt, S., Basar, T.: Malware filtering for network security using weighted optimality measures. In: IEEE Conference on Control Applications, Singapore (2007)
Suh, K., Guo, Y., Kurose, J., Towsley, D.: Locating network monitors: Complexity, heuristics, and coverage. Computer Communications 29, 1564–1577 (2006)
Chaudet, C., Fleury, E., Lassous, I.G., Rivano, H., Voge, M.E.: Optimal positioning of active and passive monitoring devices. In: CoNEXT 2005: Proceedings of the 2005 ACM conference on Emerging network experiment and technology, pp. 71–82. ACM, New York (2005)
Newman, M.E.J.: Scientific collaboration networks. ii. shortest paths, weighted networks, and centrality. Phys. Rev. EÂ 64, 016132 (2001)
Watts, D.J., Strogatz, S.H.: Collective dynamics of ‘small-world’ networks. Nature 393, 440–442 (1998)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Puzis, R., Klippel, M.D., Elovici, Y., Dolev, S. (2008). Optimization of NIDS Placement for Protection of Intercommunicating Critical Infrastructures. In: Ortiz-Arroyo, D., Larsen, H.L., Zeng, D.D., Hicks, D., Wagner, G. (eds) Intelligence and Security Informatics. EuroIsI 2008. Lecture Notes in Computer Science, vol 5376. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-89900-6_20
Download citation
DOI: https://doi.org/10.1007/978-3-540-89900-6_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-89899-3
Online ISBN: 978-3-540-89900-6
eBook Packages: Computer ScienceComputer Science (R0)