Title :
Monitor placement for stepping stone analysis
Author :
Tang, Yongping ; Liverpool, Yema ; Daniels, Thomas E.
Author_Institution :
Dept. of Electr. & Comput. Eng., Iowa State Univ., Ames, IA
Abstract :
The precondition for stepping-stone analysis is to record network events through network monitors. Little work has been done on how to place monitors. In this paper, we propose the technique for the optimal placement of passive monitors in a network where there are constraints on the number of available monitors for deployment. The placement problem is defined in terms of information theory metrics. For a given number of monitors and network topology, average entropy and "worst-case" entropy that describe the remaining uncertainty in the origin of an attack when monitors work perfectly are considered as the optimal object. A brief proof that the worst-case deployment problem is NP-complete is presented. Greedy algorithms based on graph centrality heuristics for finding high quality deployments are introduced to solve this problem. An automatic monitor placement tool, which implements our approach, is developed and we use real network topology in the experiments to evaluate our results
Keywords :
entropy; graph theory; greedy algorithms; telecommunication network management; telecommunication network topology; automatic monitor placement tool; entropy; graph centrality heuristics; greedy algorithm; information theory metric; network topology; stepping-stone analysis; Computer hacking; Computerized monitoring; Electrooculography; Entropy; Greedy algorithms; Information security; Information theory; Internet; Network topology; Uncertainty;
Conference_Titel :
Performance, Computing, and Communications Conference, 2006. IPCCC 2006. 25th IEEE International
Conference_Location :
Phoenix, AZ
Print_ISBN :
1-4244-0198-4
DOI :
10.1109/.2006.1629446
