A software fault tree approach to requirements analysis of an intrusion detection system

Guy Helmer, Johnny Wong, Mark Slagell, Vasant Honavar, Les Miller, Robyn Lutz

Research output: Contribution to journalArticle

47 Citations (Scopus)

Abstract

Requirements analysis for an intrusion detection system (IDS) involves deriving requirements for the IDS from analysis of the intrusion domain. When the IDS is, as here, a collection of mobile agents that detect, classify, and correlate system and network activities, the derived requirements include what activities the agent software should monitor, what intrusion characteristics the agents should correlate, where the IDS agents should be placed to feasibly detect the intrusions, and what counter-measures the software should initiate. This paper describes the use of software fault trees for requirements identification and analysis in an IDS. Intrusions are divided into seven stages (following Ruiu), and a fault subtree is developed to model each of the seven stages (reconnaissance, penetration, etc.). Two examples are provided. This approach was found to support requirements evolution (as new intrusions were identified), incremental development of the IDS, and prioritisation of countermeasures.

Original languageEnglish (US)
Pages (from-to)207-220
Number of pages14
JournalRequirements Engineering
Volume7
Issue number4
DOIs
StatePublished - Jan 1 2002

Fingerprint

Intrusion detection
Software agents
Mobile agents

All Science Journal Classification (ASJC) codes

  • Software
  • Information Systems

Cite this

Helmer, Guy ; Wong, Johnny ; Slagell, Mark ; Honavar, Vasant ; Miller, Les ; Lutz, Robyn. / A software fault tree approach to requirements analysis of an intrusion detection system. In: Requirements Engineering. 2002 ; Vol. 7, No. 4. pp. 207-220.
@article{3814eb47c1ae45daa09fdbd99e5737dc,
title = "A software fault tree approach to requirements analysis of an intrusion detection system",
abstract = "Requirements analysis for an intrusion detection system (IDS) involves deriving requirements for the IDS from analysis of the intrusion domain. When the IDS is, as here, a collection of mobile agents that detect, classify, and correlate system and network activities, the derived requirements include what activities the agent software should monitor, what intrusion characteristics the agents should correlate, where the IDS agents should be placed to feasibly detect the intrusions, and what counter-measures the software should initiate. This paper describes the use of software fault trees for requirements identification and analysis in an IDS. Intrusions are divided into seven stages (following Ruiu), and a fault subtree is developed to model each of the seven stages (reconnaissance, penetration, etc.). Two examples are provided. This approach was found to support requirements evolution (as new intrusions were identified), incremental development of the IDS, and prioritisation of countermeasures.",
author = "Guy Helmer and Johnny Wong and Mark Slagell and Vasant Honavar and Les Miller and Robyn Lutz",
year = "2002",
month = "1",
day = "1",
doi = "10.1007/s007660200016",
language = "English (US)",
volume = "7",
pages = "207--220",
journal = "Requirements Engineering",
issn = "0947-3602",
publisher = "Springer London",
number = "4",

}

A software fault tree approach to requirements analysis of an intrusion detection system. / Helmer, Guy; Wong, Johnny; Slagell, Mark; Honavar, Vasant; Miller, Les; Lutz, Robyn.

In: Requirements Engineering, Vol. 7, No. 4, 01.01.2002, p. 207-220.

Research output: Contribution to journalArticle

TY - JOUR

T1 - A software fault tree approach to requirements analysis of an intrusion detection system

AU - Helmer, Guy

AU - Wong, Johnny

AU - Slagell, Mark

AU - Honavar, Vasant

AU - Miller, Les

AU - Lutz, Robyn

PY - 2002/1/1

Y1 - 2002/1/1

N2 - Requirements analysis for an intrusion detection system (IDS) involves deriving requirements for the IDS from analysis of the intrusion domain. When the IDS is, as here, a collection of mobile agents that detect, classify, and correlate system and network activities, the derived requirements include what activities the agent software should monitor, what intrusion characteristics the agents should correlate, where the IDS agents should be placed to feasibly detect the intrusions, and what counter-measures the software should initiate. This paper describes the use of software fault trees for requirements identification and analysis in an IDS. Intrusions are divided into seven stages (following Ruiu), and a fault subtree is developed to model each of the seven stages (reconnaissance, penetration, etc.). Two examples are provided. This approach was found to support requirements evolution (as new intrusions were identified), incremental development of the IDS, and prioritisation of countermeasures.

AB - Requirements analysis for an intrusion detection system (IDS) involves deriving requirements for the IDS from analysis of the intrusion domain. When the IDS is, as here, a collection of mobile agents that detect, classify, and correlate system and network activities, the derived requirements include what activities the agent software should monitor, what intrusion characteristics the agents should correlate, where the IDS agents should be placed to feasibly detect the intrusions, and what counter-measures the software should initiate. This paper describes the use of software fault trees for requirements identification and analysis in an IDS. Intrusions are divided into seven stages (following Ruiu), and a fault subtree is developed to model each of the seven stages (reconnaissance, penetration, etc.). Two examples are provided. This approach was found to support requirements evolution (as new intrusions were identified), incremental development of the IDS, and prioritisation of countermeasures.

UR - http://www.scopus.com/inward/record.url?scp=15944398393&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=15944398393&partnerID=8YFLogxK

U2 - 10.1007/s007660200016

DO - 10.1007/s007660200016

M3 - Article

AN - SCOPUS:15944398393

VL - 7

SP - 207

EP - 220

JO - Requirements Engineering

JF - Requirements Engineering

SN - 0947-3602

IS - 4

ER -