Testing and validating activity models for network intrusion detection

Marko Määttä, Tomi Räty

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

Abstract

Models and modelling are effective approaches to describe events or activities of systems or environment. An error or design flaw in the models can cause failures in applications utilizing these models. Therefore, an effective testing and validation approach is required for identifying possible errors and misunderstandings. This paper proposes a process for testing and validating intrusion models used in network intrusion detection. The process can be integrated as part of the intrusion model development process with proper tool support. This will help to identify possible errors in the intrusion model as early as possible. The contribution is to apply well-known aspects from software testing and implement them in the intrusion model testing and validation. The experimental implementation of the proposed process will concentrate on testing intrusion models focusing on detecting port scan attacks. This experiment will indicate that when the testing and validation is part of the intrusion model development process, the intrusion model developer receives immediate feedback and can quickly refine the intrusion model. This increases the confidence of the intrusion model and errors and design misunderstandings are located effectively.
Original languageEnglish
Title of host publicationProceedings
Subtitle of host publicationInternational Conference on Computer & Information Science, ICCIS 2012
PublisherInstitute of Electrical and Electronic Engineers IEEE
Pages723-728
ISBN (Print)978-1-4673-1937-9, 978-1-4673-1938-6
Publication statusPublished - 2012
MoE publication typeNot Eligible
EventInternational Conference on Computer & Information Science ICCIS 2012 - Kuala Lumpur, Malaysia
Duration: 12 Jun 201214 Jun 2012

Conference

ConferenceInternational Conference on Computer & Information Science ICCIS 2012
Abbreviated titleICCIS 2012
CountryMalaysia
CityKuala Lumpur
Period12/06/1214/06/12

Fingerprint

Intrusion detection
Testing
Software testing

Keywords

  • intrusion model
  • testing
  • validation
  • network intrusion detection

Cite this

Määttä, M., & Räty, T. (2012). Testing and validating activity models for network intrusion detection. In Proceedings: International Conference on Computer & Information Science, ICCIS 2012 (pp. 723-728). Institute of Electrical and Electronic Engineers IEEE.
Määttä, Marko ; Räty, Tomi. / Testing and validating activity models for network intrusion detection. Proceedings: International Conference on Computer & Information Science, ICCIS 2012. Institute of Electrical and Electronic Engineers IEEE, 2012. pp. 723-728
@inproceedings{41acb6dad1614d02a6c04414f05ee580,
title = "Testing and validating activity models for network intrusion detection",
abstract = "Models and modelling are effective approaches to describe events or activities of systems or environment. An error or design flaw in the models can cause failures in applications utilizing these models. Therefore, an effective testing and validation approach is required for identifying possible errors and misunderstandings. This paper proposes a process for testing and validating intrusion models used in network intrusion detection. The process can be integrated as part of the intrusion model development process with proper tool support. This will help to identify possible errors in the intrusion model as early as possible. The contribution is to apply well-known aspects from software testing and implement them in the intrusion model testing and validation. The experimental implementation of the proposed process will concentrate on testing intrusion models focusing on detecting port scan attacks. This experiment will indicate that when the testing and validation is part of the intrusion model development process, the intrusion model developer receives immediate feedback and can quickly refine the intrusion model. This increases the confidence of the intrusion model and errors and design misunderstandings are located effectively.",
keywords = "intrusion model, testing, validation, network intrusion detection",
author = "Marko M{\"a}{\"a}tt{\"a} and Tomi R{\"a}ty",
note = "Project code: 38713",
year = "2012",
language = "English",
isbn = "978-1-4673-1937-9",
pages = "723--728",
booktitle = "Proceedings",
publisher = "Institute of Electrical and Electronic Engineers IEEE",
address = "United States",

}

Määttä, M & Räty, T 2012, Testing and validating activity models for network intrusion detection. in Proceedings: International Conference on Computer & Information Science, ICCIS 2012. Institute of Electrical and Electronic Engineers IEEE, pp. 723-728, International Conference on Computer & Information Science ICCIS 2012, Kuala Lumpur, Malaysia, 12/06/12.

Testing and validating activity models for network intrusion detection. / Määttä, Marko; Räty, Tomi.

Proceedings: International Conference on Computer & Information Science, ICCIS 2012. Institute of Electrical and Electronic Engineers IEEE, 2012. p. 723-728.

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

TY - GEN

T1 - Testing and validating activity models for network intrusion detection

AU - Määttä, Marko

AU - Räty, Tomi

N1 - Project code: 38713

PY - 2012

Y1 - 2012

N2 - Models and modelling are effective approaches to describe events or activities of systems or environment. An error or design flaw in the models can cause failures in applications utilizing these models. Therefore, an effective testing and validation approach is required for identifying possible errors and misunderstandings. This paper proposes a process for testing and validating intrusion models used in network intrusion detection. The process can be integrated as part of the intrusion model development process with proper tool support. This will help to identify possible errors in the intrusion model as early as possible. The contribution is to apply well-known aspects from software testing and implement them in the intrusion model testing and validation. The experimental implementation of the proposed process will concentrate on testing intrusion models focusing on detecting port scan attacks. This experiment will indicate that when the testing and validation is part of the intrusion model development process, the intrusion model developer receives immediate feedback and can quickly refine the intrusion model. This increases the confidence of the intrusion model and errors and design misunderstandings are located effectively.

AB - Models and modelling are effective approaches to describe events or activities of systems or environment. An error or design flaw in the models can cause failures in applications utilizing these models. Therefore, an effective testing and validation approach is required for identifying possible errors and misunderstandings. This paper proposes a process for testing and validating intrusion models used in network intrusion detection. The process can be integrated as part of the intrusion model development process with proper tool support. This will help to identify possible errors in the intrusion model as early as possible. The contribution is to apply well-known aspects from software testing and implement them in the intrusion model testing and validation. The experimental implementation of the proposed process will concentrate on testing intrusion models focusing on detecting port scan attacks. This experiment will indicate that when the testing and validation is part of the intrusion model development process, the intrusion model developer receives immediate feedback and can quickly refine the intrusion model. This increases the confidence of the intrusion model and errors and design misunderstandings are located effectively.

KW - intrusion model

KW - testing

KW - validation

KW - network intrusion detection

M3 - Conference article in proceedings

SN - 978-1-4673-1937-9

SN - 978-1-4673-1938-6

SP - 723

EP - 728

BT - Proceedings

PB - Institute of Electrical and Electronic Engineers IEEE

ER -

Määttä M, Räty T. Testing and validating activity models for network intrusion detection. In Proceedings: International Conference on Computer & Information Science, ICCIS 2012. Institute of Electrical and Electronic Engineers IEEE. 2012. p. 723-728