NSDF: a computer network system description framework and its application to network security

In this work a general framework, termed NSDF, for describing network systems is proposed. Basic elements of this scheme are entities and the relationships established between them. Both entities and relationships are the basis underlying the concept of system state. The dynamics of a network system...

Full description

Saved in:
Bibliographic Details
Published in:Computer networks (Amsterdam, Netherlands : 1999) Netherlands : 1999), 2003-12, Vol.43 (5), p.573-600
Main Authors: Estévez-Tapiador, Juan M., Garcı́a-Teodoro, Pedro, Dı́az-Verdejo, Jesús E.
Format: Article
Language:English
Subjects:
Computer network description
Computer network security
Computer networks
Computer security
Intrusion detection
Intrusion detection systems
Intrusion response
Intrusion taxonomies
Network security
Network topologies
Networks
Studies
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:In this work a general framework, termed NSDF, for describing network systems is proposed. Basic elements of this scheme are entities and the relationships established between them. Both entities and relationships are the basis underlying the concept of system state. The dynamics of a network system can be conceived of as a trajectory in the state space. The term action is used to describe every event which can produce a transition from one state to another. These concepts (entity, relationship, state, and action) are enough to construct a model of the system. Evolution and dynamism are easily captured, and it is possible to monitor the behaviour of the system. With the aim of illustrating the use of the proposed framework, a network state description language derived from NSDF, termed RENDL, is also specified. An immediate application of this framework concerns the network security field. It is shown that concepts like security policing of the site, insecure states, intrusive activities and intrusion response mechanisms can be modelled well. Thus, some imprecise terms used in the security context can be expressed in a uniform, precise way within this framework. Formalizing the above concepts allows us to introduce a generic model to classify currently presented taxonomies related to intrusive activities in network systems. This provides a general context for a better understanding of security flaws and how to develop effective defenses.
ISSN:1389-1286
1872-7069
DOI:10.1016/S1389-1286(03)00291-3