Behavioral network engineering: Making intrusion detection become autonomic
D'Antonio S., Esposito M., Oliviero F., Romano SP., Salvi D.
In this paper we present an interesting case of what we call behavioral network engineering, i.e. an approach to optimize network operation by exploiting information about user's behavior. Behavioral information is needed both to characterize the overall usage context of the network and to describe the specific attitudes of single users. Indeed, in a network which is autonomically managed global knowledge of the current network "situation" is of paramount importance to optimally exploit available network resources. Furthermore, in case the behavior of single individuals can significantly impact network operation, it becomes mandatory to hold more fine-grained information. Distributed Denial of Service (DDoS) attacks represent an interesting example, since attack patterns can definitely be seen as particular (i.e. malicious) behaviors. To better illustrate the above concepts, we present an Intrusion Detection System (IDS) designed around the behavioral network engineering paradigm and relying on a flow monitoring system used for behavior summarization.