Testing and validating activity models for network intrusion detection

Marko Määttä, Tomi Räty

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    Abstract

    Models and modelling are effective approaches to describe events or activities of systems or environment. An error or design flaw in the models can cause failures in applications utilizing these models. Therefore, an effective testing and validation approach is required for identifying possible errors and misunderstandings. This paper proposes a process for testing and validating intrusion models used in network intrusion detection. The process can be integrated as part of the intrusion model development process with proper tool support. This will help to identify possible errors in the intrusion model as early as possible. The contribution is to apply well-known aspects from software testing and implement them in the intrusion model testing and validation. The experimental implementation of the proposed process will concentrate on testing intrusion models focusing on detecting port scan attacks. This experiment will indicate that when the testing and validation is part of the intrusion model development process, the intrusion model developer receives immediate feedback and can quickly refine the intrusion model. This increases the confidence of the intrusion model and errors and design misunderstandings are located effectively.
    Original languageEnglish
    Title of host publicationProceedings
    Subtitle of host publicationInternational Conference on Computer & Information Science, ICCIS 2012
    PublisherIEEE Institute of Electrical and Electronic Engineers
    Pages723-728
    ISBN (Print)978-1-4673-1937-9, 978-1-4673-1938-6
    Publication statusPublished - 2012
    MoE publication typeNot Eligible
    EventInternational Conference on Computer & Information Science ICCIS 2012 - Kuala Lumpur, Malaysia
    Duration: 12 Jun 201214 Jun 2012

    Conference

    ConferenceInternational Conference on Computer & Information Science ICCIS 2012
    Abbreviated titleICCIS 2012
    CountryMalaysia
    CityKuala Lumpur
    Period12/06/1214/06/12

    Keywords

    • intrusion model
    • testing
    • validation
    • network intrusion detection

    Fingerprint Dive into the research topics of 'Testing and validating activity models for network intrusion detection'. Together they form a unique fingerprint.

    Cite this