Testing and validating activity models for network intrusion detection

Marko Määttä, Tomi Räty

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    Abstract

    Models and modelling are effective approaches to describe events or activities of systems or environment. An error or design flaw in the models can cause failures in applications utilizing these models. Therefore, an effective testing and validation approach is required for identifying possible errors and misunderstandings. This paper proposes a process for testing and validating intrusion models used in network intrusion detection. The process can be integrated as part of the intrusion model development process with proper tool support. This will help to identify possible errors in the intrusion model as early as possible. The contribution is to apply well-known aspects from software testing and implement them in the intrusion model testing and validation. The experimental implementation of the proposed process will concentrate on testing intrusion models focusing on detecting port scan attacks. This experiment will indicate that when the testing and validation is part of the intrusion model development process, the intrusion model developer receives immediate feedback and can quickly refine the intrusion model. This increases the confidence of the intrusion model and errors and design misunderstandings are located effectively.
    Original languageEnglish
    Title of host publicationProceedings
    Subtitle of host publicationInternational Conference on Computer & Information Science, ICCIS 2012
    PublisherIEEE Institute of Electrical and Electronic Engineers
    Pages723-728
    ISBN (Print)978-1-4673-1937-9, 978-1-4673-1938-6
    Publication statusPublished - 2012
    MoE publication typeNot Eligible
    EventInternational Conference on Computer & Information Science ICCIS 2012 - Kuala Lumpur, Malaysia
    Duration: 12 Jun 201214 Jun 2012

    Conference

    ConferenceInternational Conference on Computer & Information Science ICCIS 2012
    Abbreviated titleICCIS 2012
    CountryMalaysia
    CityKuala Lumpur
    Period12/06/1214/06/12

    Fingerprint

    Intrusion detection
    Testing
    Software testing

    Keywords

    • intrusion model
    • testing
    • validation
    • network intrusion detection

    Cite this

    Määttä, M., & Räty, T. (2012). Testing and validating activity models for network intrusion detection. In Proceedings: International Conference on Computer & Information Science, ICCIS 2012 (pp. 723-728). IEEE Institute of Electrical and Electronic Engineers .
    Määttä, Marko ; Räty, Tomi. / Testing and validating activity models for network intrusion detection. Proceedings: International Conference on Computer & Information Science, ICCIS 2012. IEEE Institute of Electrical and Electronic Engineers , 2012. pp. 723-728
    @inproceedings{41acb6dad1614d02a6c04414f05ee580,
    title = "Testing and validating activity models for network intrusion detection",
    abstract = "Models and modelling are effective approaches to describe events or activities of systems or environment. An error or design flaw in the models can cause failures in applications utilizing these models. Therefore, an effective testing and validation approach is required for identifying possible errors and misunderstandings. This paper proposes a process for testing and validating intrusion models used in network intrusion detection. The process can be integrated as part of the intrusion model development process with proper tool support. This will help to identify possible errors in the intrusion model as early as possible. The contribution is to apply well-known aspects from software testing and implement them in the intrusion model testing and validation. The experimental implementation of the proposed process will concentrate on testing intrusion models focusing on detecting port scan attacks. This experiment will indicate that when the testing and validation is part of the intrusion model development process, the intrusion model developer receives immediate feedback and can quickly refine the intrusion model. This increases the confidence of the intrusion model and errors and design misunderstandings are located effectively.",
    keywords = "intrusion model, testing, validation, network intrusion detection",
    author = "Marko M{\"a}{\"a}tt{\"a} and Tomi R{\"a}ty",
    note = "Project code: 38713",
    year = "2012",
    language = "English",
    isbn = "978-1-4673-1937-9",
    pages = "723--728",
    booktitle = "Proceedings",
    publisher = "IEEE Institute of Electrical and Electronic Engineers",
    address = "United States",

    }

    Määttä, M & Räty, T 2012, Testing and validating activity models for network intrusion detection. in Proceedings: International Conference on Computer & Information Science, ICCIS 2012. IEEE Institute of Electrical and Electronic Engineers , pp. 723-728, International Conference on Computer & Information Science ICCIS 2012, Kuala Lumpur, Malaysia, 12/06/12.

    Testing and validating activity models for network intrusion detection. / Määttä, Marko; Räty, Tomi.

    Proceedings: International Conference on Computer & Information Science, ICCIS 2012. IEEE Institute of Electrical and Electronic Engineers , 2012. p. 723-728.

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    TY - GEN

    T1 - Testing and validating activity models for network intrusion detection

    AU - Määttä, Marko

    AU - Räty, Tomi

    N1 - Project code: 38713

    PY - 2012

    Y1 - 2012

    N2 - Models and modelling are effective approaches to describe events or activities of systems or environment. An error or design flaw in the models can cause failures in applications utilizing these models. Therefore, an effective testing and validation approach is required for identifying possible errors and misunderstandings. This paper proposes a process for testing and validating intrusion models used in network intrusion detection. The process can be integrated as part of the intrusion model development process with proper tool support. This will help to identify possible errors in the intrusion model as early as possible. The contribution is to apply well-known aspects from software testing and implement them in the intrusion model testing and validation. The experimental implementation of the proposed process will concentrate on testing intrusion models focusing on detecting port scan attacks. This experiment will indicate that when the testing and validation is part of the intrusion model development process, the intrusion model developer receives immediate feedback and can quickly refine the intrusion model. This increases the confidence of the intrusion model and errors and design misunderstandings are located effectively.

    AB - Models and modelling are effective approaches to describe events or activities of systems or environment. An error or design flaw in the models can cause failures in applications utilizing these models. Therefore, an effective testing and validation approach is required for identifying possible errors and misunderstandings. This paper proposes a process for testing and validating intrusion models used in network intrusion detection. The process can be integrated as part of the intrusion model development process with proper tool support. This will help to identify possible errors in the intrusion model as early as possible. The contribution is to apply well-known aspects from software testing and implement them in the intrusion model testing and validation. The experimental implementation of the proposed process will concentrate on testing intrusion models focusing on detecting port scan attacks. This experiment will indicate that when the testing and validation is part of the intrusion model development process, the intrusion model developer receives immediate feedback and can quickly refine the intrusion model. This increases the confidence of the intrusion model and errors and design misunderstandings are located effectively.

    KW - intrusion model

    KW - testing

    KW - validation

    KW - network intrusion detection

    M3 - Conference article in proceedings

    SN - 978-1-4673-1937-9

    SN - 978-1-4673-1938-6

    SP - 723

    EP - 728

    BT - Proceedings

    PB - IEEE Institute of Electrical and Electronic Engineers

    ER -

    Määttä M, Räty T. Testing and validating activity models for network intrusion detection. In Proceedings: International Conference on Computer & Information Science, ICCIS 2012. IEEE Institute of Electrical and Electronic Engineers . 2012. p. 723-728