A Petri net-based framework of intrusion detection systems

Intrusion Detection Systems (IDSes) are very important for network security. Some IDSes store the models of attackers´ behaviors into their database, and compare action sequences with the models to identify attacks. IDSes must cope with new attacks. This would increase the number of models stored in the database. In this paper, we proposed a Petri net-based framework of IDSes. This consists of two primary functions: detection and updating. In the detection function, we first model an attacker´s behavior as a Petri net, and then use the model to detect attacks. In the updating function, we can fuse two or more similar models into one model thanks to Petri net theory. We showed the effectiveness of the framework with an application example and an experiment.