Advertisement

A Multi-objective Optimisation Approach to IDS Sensor Placement

  • Hao Chen
  • John A. Clark
  • Juan E. Tapiador
  • Siraj A. Shaikh
  • Howard Chivers
  • Philip Nobles
Conference paper
Part of the Advances in Intelligent and Soft Computing book series (AINSC, volume 63)

Abstract

This paper investigates how intrusion detection system (IDS) sensors should best be placed on a network when there are several competing evaluation criteria. This is a computationally difficult problem and we show how Multi-Objective Genetic Algorithms provide an excellent means of searching for optimal placements.

Keywords

False Alarm Rate Intrusion Detection System Optimal Placement Sensor Placement Heuristic Optimisation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Goldberg, D.E.: Genetic Algorithms in Search, Optimization and Machine Learning. Addison-Wesley Longman Publishing Co., Inc., Boston (1989)zbMATHGoogle Scholar
  2. 2.
    Coello, C.A.C., Nacional, L.: An updated survey of ga-based multiobjective optimization techniques. ACM Computing Surveys 32, 109–143 (1998)CrossRefGoogle Scholar
  3. 3.
    Lu, W., Traore, I.: Detecting new forms of network intrusion using genetic programming. In: Proceedings of the 2003 Congress on Evolutionary Computation (2003)Google Scholar
  4. 4.
    Noel, S., Jajodia, S.: Attack graphs for sensor placement, alert prioritization, and attack response. In: Cyberspace Research Workshop (2007)Google Scholar
  5. 5.
    Rolando, M., Rossi, M., Sanarico, N., Mandrioli, D.: A formal approach to sensor placement and configuration in a network intrusion detection system. In: SESS 2006: Proceedings of the 2006 international workshop on Software engineering for secure systems, pp. 65–71. ACM, New York (2006)CrossRefGoogle Scholar
  6. 6.
    Issariyakul, T., Hossain, E.: An Introduction to Network Simulator Ns2. Springer, Heidelberg (2008)Google Scholar
  7. 7.
    Shaikh, S.A., Chivers, H., Nobles, P., Clark, J.A., Chen, H.: Network reconnaissance. Network Security 11, 12–16 (2008)CrossRefGoogle Scholar
  8. 8.
    Gu, G., Fogla, P., Dagon, D., Lee, W., Skoric, B.: Measuring intrusion detection capability: an information-theoretic approach. In: ASIACCS 2006: Proceedings of the 2006 ACM Symposium on Information, computer and communications security, pp. 90–101. ACM, New York (2006)CrossRefGoogle Scholar
  9. 9.
    Luke, S.: A java-based evolutionary computation research system (2008), http://cs.gmu.edu/~eclab/projects/ecj/
  10. 10.
    Zitzler, E., Laumanns, M., Thiele, L.: Spea2: Improving the strength pareto evolutionary algorithm. Technical Report 103, Swiss Federal Institute of Technology (2001)Google Scholar
  11. 11.
    Shaikh, S.A., Chivers, H., Nobles, P., Clark, J.A., Chen, H.: A deployment value model for intrusion detection sensors. In: 3rd International Conference on Information Security and Assurance. LNCS, vol. 5576, pp. 250–259. Springer, Heidelberg (2009)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Hao Chen
    • 1
  • John A. Clark
    • 1
  • Juan E. Tapiador
    • 1
  • Siraj A. Shaikh
    • 2
  • Howard Chivers
    • 2
  • Philip Nobles
    • 2
  1. 1.Department of Computer ScienceUniversity of YorkYorkUK
  2. 2.Department of Informatics and SensorsCranfield UniversityShrivenhamUK

Personalised recommendations