TY - JOUR
T1 - A software fault tree approach to requirements analysis of an intrusion detection system
AU - Helmer, Guy
AU - Wong, Johnny
AU - Slagell, Mark
AU - Honavar, Vasant
AU - Miller, Les
AU - Lutz, Robyn
PY - 2002/1/1
Y1 - 2002/1/1
N2 - Requirements analysis for an intrusion detection system (IDS) involves deriving requirements for the IDS from analysis of the intrusion domain. When the IDS is, as here, a collection of mobile agents that detect, classify, and correlate system and network activities, the derived requirements include what activities the agent software should monitor, what intrusion characteristics the agents should correlate, where the IDS agents should be placed to feasibly detect the intrusions, and what counter-measures the software should initiate. This paper describes the use of software fault trees for requirements identification and analysis in an IDS. Intrusions are divided into seven stages (following Ruiu), and a fault subtree is developed to model each of the seven stages (reconnaissance, penetration, etc.). Two examples are provided. This approach was found to support requirements evolution (as new intrusions were identified), incremental development of the IDS, and prioritisation of countermeasures.
AB - Requirements analysis for an intrusion detection system (IDS) involves deriving requirements for the IDS from analysis of the intrusion domain. When the IDS is, as here, a collection of mobile agents that detect, classify, and correlate system and network activities, the derived requirements include what activities the agent software should monitor, what intrusion characteristics the agents should correlate, where the IDS agents should be placed to feasibly detect the intrusions, and what counter-measures the software should initiate. This paper describes the use of software fault trees for requirements identification and analysis in an IDS. Intrusions are divided into seven stages (following Ruiu), and a fault subtree is developed to model each of the seven stages (reconnaissance, penetration, etc.). Two examples are provided. This approach was found to support requirements evolution (as new intrusions were identified), incremental development of the IDS, and prioritisation of countermeasures.
UR - http://www.scopus.com/inward/record.url?scp=15944398393&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=15944398393&partnerID=8YFLogxK
U2 - 10.1007/s007660200016
DO - 10.1007/s007660200016
M3 - Article
AN - SCOPUS:15944398393
SN - 0947-3602
VL - 7
SP - 207
EP - 220
JO - Requirements Engineering
JF - Requirements Engineering
IS - 4
ER -