Hassen Sallay's Selected Publications

    2018

  1. Bayesian inference by reversible jump MCMC for clustering based on finite generalized inverted Dirichlet mixtures, (IF= 2.367) Download the paper
    Bourouis, S., Al-Osaimi, F.R., Bouguila, N., Sallay, H., Aldosari, F., Al Mashrgy, M.,
    (2018) Soft Computing, pp. 1-15. Article in Press.

    ABSTRACT:

    The goal of constructing models from examples has been approached from different perspectives. Statistical methods have been widely used and proved effective in generating accurate models. Finite Gaussian mixture models have been widely used to describe a wide variety of random phenomena and have played a prominent role in many attempts to develop expressive statistical models in machine learning. However, their effectiveness is limited to applications where underlying modeling assumptions (e.g., the per-components densities are Gaussian) are reasonably satisfied. Thus, much research efforts have been devoted to developing better alternatives. In this paper, we focus on constructing statistical models from positive vectors (i.e., vectors whose elements are strictly greater than zero) for which the generalized inverted Dirichlet (GID) mixture has been shown to be a flexible and powerful parametric framework. In particular, we propose a Bayesian density estimation method based upon mixtures of GIDs. The consideration of Bayesian learning is interesting in several respects. It allows to take uncertainty into account by introducing prior information about the parameters, it allows simultaneous parameters estimation and model selection, and it allows to overcome learning problems related to over- or under-fitting. Indeed, we develop a reversible jump Markov Chain Monte Carlo sampler for GID mixtures that we apply for simultaneous clustering and feature selection in the context of some challenging real-world applications concerning scene classification, action recognition, and video forgery detection. © 2018 Springer-Verlag GmbH Germany, part of Springer Nature

  2. Intrusion detection systems alerts reduction: New approach for forensics readiness
    Akremi, A., Sallay, H., Rouached, M.,
    (2018) Security and Privacy Management, Techniques, and Protocols, pp. 255-275.

    ABSTRACT:

    Investigators search usually for any kind of events related directly to an investigation case to both limit the search space and propose new hypotheses about the suspect. Intrusion detection system (IDS) provide relevant information to the forensics experts since it detects the attacks and gathers automatically several pertinent features of the network in the attack moment. Thus, IDS should be very effective in term of detection accuracy of new unknown attacks signatures, and without generating huge number of false alerts in high speed networks. This tradeoff between keeping high detection accuracy without generating false alerts is today a big challenge. As an effort to deal with false alerts generation, the authors propose new intrusion alert classifier, named Alert Miner (AM), to classify efficiently in near real-time the intrusion alerts in HSN. AM uses an outlier detection technique based on an adaptive deduced association rules set to classify the alerts automatically and without human assistance. © 2018, IGI Global.

  3. EP-based infinite inverted dirichlet mixture learning: Application to image spam detection Download the paper
    Fan, W., Bourouis, S., Bouguila, N., Aldosari, F., Sallay, H., Khayyat, K.M.J.,
    (2018) Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 10868 LNAI, pp. 342-354.

    ABSTRACT:

    We propose in this paper a new fully unsupervised model based on a Dirichlet process prior and the inverted Dirichlet distribution that allows the automatic inferring of clusters from data. The main idea is to let the number of mixture components increases as new vectors arrive. This allows answering the model selection problem in a elegant way since the resulting model can be viewed as an infinite inverted Dirichlet mixture. An expectation propagation (EP) inference methodology is developed to learn this model by obtaining a full posterior distribution on its parameters. We validate the model on a challenging application namely image spam filtering to show the merits of the framework. © 2018, Springer International Publishing AG, part of Springer Nature.

  4. 2017

  5. Online Learning of Hierarchical Pitman-Yor Process Mixture of Generalized Dirichlet Distributions with Feature Selection, ( IF= 7.982) Download the paper
    Fan, W., Sallay, H., Bouguila, N.,
    (2017) IEEE Transactions on Neural Networks and Learning Systems, 28 (9), art. no. 7488264, pp. 2048-2061.

    ABSTRACT:

    In this paper, a novel statistical generative model based on hierarchical Pitman-Yor process and generalized Dirichlet distributions (GDs) is presented. The proposed model allows us to perform joint clustering and feature selection thanks to the interesting properties of the GD distribution. We develop an online variational inference algorithm, formulated in terms of the minimization of a Kullback-Leibler divergence, of our resulting model that tackles the problem of learning from high-dimensional examples. This variational Bayes formulation allows simultaneously estimating the parameters, determining the model's complexity, and selecting the appropriate relevant features for the clustering structure. Moreover, the proposed online learning algorithm allows data instances to be processed in a sequential manner, which is critical for large-scale and real-time applications. Experiments conducted using challenging applications, namely, scene recognition and video segmentation, where our approach is viewed as an unsupervised technique for visual learning in high-dimensional spaces, showed that the proposed approach is suitable and promising. © 2012 IEEE.

  6. Video forgery detection using a Bayesian RJMCMC-based approach Download the paper
    Bourouis, S., Al-Osaimi, F.R., Bouguila, N., Sallay, H., Aldosari, F., Al Mashrgy, M.,
    (2018) Proceedings of IEEE/ACS International Conference on Computer Systems and Applications, AICCSA, 2017-October, pp. 71-75.

    ABSTRACT:

    We propose a Bayesian approach to learn finite generalized inverted Dirichlet mixture models. The developed approach performs simultaneous parameters estimation, model complexity determination, and feature selection via a reversible jump Markov Chain Monte Carlo (RJMCMC) algorithm. A challenging application that concerns video forgery detection is deployed to validate our statistical framework and to show its merits. © 2017 IEEE.

  7. 2016

  8. Variational learning of hierarchical infinite generalized Dirichlet mixture models and applications, (IF= 2.367) Download the paper
    Fan, W., Sallay, H., Bouguila, N., Bourouis, S.,
    (2016) Soft Computing, 20 (3), pp. 979-990.

    ABSTRACT:

    Data clustering is a fundamental unsupervised learning task in several domains such as data mining, computer vision, information retrieval, and pattern recognition. In this paper, we propose and analyze a new clustering approach based on both hierarchical Dirichlet processes and the generalized Dirichlet distribution, which leads to an interesting statistical framework for data analysis and modelling. Our approach can be viewed as a hierarchical extension of the infinite generalized Dirichlet mixture model previously proposed in Bouguila and Ziou (IEEE Trans Neural Netw 21(1):107–122, 2010). The proposed clustering approach tackles the problem of modelling grouped data where observations are organized into groups that we allow to remain statistically linked by sharing mixture components. The resulting clustering model is learned using a principled variational Bayes inference-based algorithm that we have developed. Extensive experiments and simulations, based on two challenging applications namely images categorization and web service intrusion detection, demonstrate our model usefulness and merits. © 2014, Springer-Verlag Berlin Heidelberg.

  9. Towards a built-in digital forensics-aware framework for web services
    Akremi, A., Sallay, H., Rouached, M., Sriti, M.-F., Abid, M.,
    (2016) Proceedings - 2015 11th International Conference on Computational Intelligence and Security, CIS 2015, art. no. 7397109, pp. 367-370.
    ABSTRACT:

    In this paper, we consider digital forensics in the context of Web services based infrastructures. We propose a built in forensics aware framework called (Fi4SOA). Fi4SOA uses Sherwood Applied Business Security (SABSA) methodology to merge forensics properties with business requirements at service design phase, and a reasoning machine over a new proposed ontology to define forensics properties and monitor forensics events at run time phase. © 2015 IEEE.

  10. 2015

  11. A hierarchical Dirichlet process mixture of generalized Dirichlet distributions for feature selection, (IF=1.747) Download the paper
    Fan, W., Sallay, H., Bouguila, N., Bourouis, S.,
    (2015) Computers and Electrical Engineering, 43, pp. 48-65.

    ABSTRACT:

    This paper addresses the problem of identifying meaningful patterns and trends in data via clustering (i.e. automatically dividing a data set into meaningful homogenous sub-groups such that the data within the same sub-group are very similar, and data in different sub-groups are very different). The clustering framework that we propose is based on the generalized Dirichlet distribution, which is widely accepted as a flexible modeling approach, and a hierarchical Dirichlet process mixture prior. A main advantage of the adopted hierarchical Dirichlet process is that it provides a principled elegant nonparametric Bayesian approach to model selection by supposing that the number of mixture components can go to infinity. In addition to capturing the structure of the data, the combination of hierarchical Dirichlet process and generalized Dirichlet distribution is shown to offer a natural efficient solution to the feature selection problem when dealing with high-dimensional data. We develop two variational learning approaches (i.e. batch and incremental) for learning the parameters of the proposed model. The batch algorithm examines the entire data set at once while the incremental one learns the model one step at a time (i.e. update the model's parameters each time new data are introduced). The utility of the proposed approach is demonstrated on real applications namely face detection, facial expression recognition, human gesture recognition, and off-line writer identification. The obtained results show clearly the merits of our statistical framework. © 2015 Elsevier Ltd

  12. Intrusion detection alert management for high-speed networks: Current researches and applications, (IF= 0.904) Download the paper
    Sallay, H., Bourouis, S.,
    (2015) Security and Communication Networks, 8 (18), pp. 4362-4372.

    ABSTRACT:

    We propose an intrusion detection alert classifier based on a discriminative machine learning approach satisfying high-speed networks constraints. We mainly address the huge number of alerts and the high level rate of false ones produced in such environment. The classifier is based on online-adaptive support vector machine schemes. We demonstrate the utility of the developed method through extensive simulations and experiments against three data sets. Our intrusion alert classifier is crucial for forensics expert alert analysis and security threats understanding. It assists in taking the appropriate defensive and investigative actions, and therefore, it enhances the forensics readiness process. © 2015 John Wiley & Sons, Ltd.

  13. Human action recognition using accelerated variational learning of infinite dirichlet mixture models Download the paper
    Fan, W., Sallay, H., Bouguila, N., Du, J.-X.
    ,(2016) Proceedings - 2015 IEEE 14th International Conference on Machine Learning and Applications, ICMLA 2015, art. no. 7424356, pp. 451-456.

    ABSTRACT:

    Exploiting Dirichlet process mixture models (also known as infinite mixture models) to model visual and textual data is now standard weapon in the arsenal of machine learning. This paper proposes a new accelerated variational inference approach to learn Dirichlet process mixture models with Dirichlet distributions. The choice of using Dirichlet distribution as the basic distribution is mainly due to its flexibility for modeling proportional data. Indeed, this kind of data is naturally generated by several applications involving the representation of texts, images and videos using the bag-of-words (or "visual words" in the case of images and videos) approach. The potential of the developed learning framework is shown using a challenging real application namely human action recognition in videos. © 2015 IEEE.

    Forensics-aware web services composition and ranking
    Akremi, A., Sallay, H., Rouached, M., Bouaziz, R., Abid, M.,
    (2015) 17th International Conference on Information Integration and Web-Based Applications and Services, iiWAS 2015 - Proceedings, art. no. 56, .
    ABSTRACT:

    Web service composition has been extensively studied in recent years. Although a lot of new models and mechanisms have been proposed, many issues in service composition still remain unsolved. Among them, forensics examination is one of the major concerns. As opposed to traditional forensics implementations, applying forensics to Web service infrastructures introduces novel problems such as the need for neutrality, comprehensiveness, and reliability. Existing approaches fail to recognize that even optimized strategies for service selection and composition involve the exchange of large amounts of potentially sensitive data, causing potentially serious forensics leaks. Consequently, forensics is still among the key challenges that keep hampering service composition-based solutions. In this context, this paper proposes a built in forensicsaware framework for Web services (Fi4SOA). Fi4SOA uses Sherwood Applied Business Security (SABSA) methodology to merge forensics properties with business requirements at service design phase. It uses reasoning machine over a new proposed ontology to define forensics properties and monitor forensics events at run time phase. © 2015 ACM.

  14. Web Service Intrusion Detection Using a Probabilistic Framework Download the paper
    Sallay, H., Bourouis, S., Bouguila, N.,
    (2015) Advances in Intelligent Systems and Computing, 1089, pp. 161-166.

    ABSTRACT:

    In this paper, we propose an anomaly-based approach to detect intrusions attempts that may target web services. These intrusions (or attacks) are modeled as outliers (or noise) within a principled probabilistic framework. The proposed framework is based on finite Gaussian mixtures and allows the detection of both previously seen and unknown attacks against web services. The main idea of our framework is based on the consideration of malicious requests as outliers within our finite mixture model. Using this idea the intrusion detection problem is reduced to an adversarial classification problem. The merits of the proposed approach are shown using a data set containing both normal and intrusive requests, which were collected from a large real-life web service. © Springer International Publishing Switzerland 2015.

  15. 2014

  16. A service oriented communication model for high speed intrusion detection systems Download the paper
    Rouached, M., Sallay, H.,
    (2014) International Journal of Business Information Systems, 17 (3), pp. 323-339.

    ABSTRACT:

    The growing need for information sharing among different networks poses a great security challenge. One of the key aspects of this challenge is deploying intrusion detection systems (IDSs) that can operate in heterogeneous and large scale environments. This is particularly difficult because the majority of existing IDSs are not designed to work in a cooperative fashion. The integration becomes more difficult when we should reduce computing and memory costs incurred by the high speed IDSs communication. Service oriented architecture (SOA) is one of the key paradigms that enables the deployment of services at large-scale over the internet domain and its integration with IDSs may open new pathways for novel applications and research. Characteristics such as platform transparency and loose coupling make the web services technology a good choice for IDS integration. In this context, this paper presents a lightweight RESTful communication model for coordinating different entities of a high speed distributed IDS. Copyright © 2014 Inderscience Enterprises Ltd.

  17. A semantic QoS-aware web services composition framework Download the paper
    Rouached, M., Sallay, H.,
    (2014) International Journal of Business Information Systems, 17 (1), pp. 94-111.

    ABSTRACT:

    Composition of web services has received much interest to support business-to-business or enterprise application integration. However, for this composition to be effective, web services should be semantically described and developed tools must enable to select appropriate services based on functional requirements that deal with the desired functionality of the composite service, and non-functional concerns that relate to issues like performance and availability. This presents a challenging task due to the increasing number of available web services with their descriptions remaining in the syntactic level. In this paper, we propose a semantic QoS-aware web services composition framework. This framework considers a two-stage composition process. An abstract composition stage consists in semantically constructing a composition of available services that provides the desired functionality. Then, a concrete composition stage turns the abstract plan into an executable composition by selecting the appropriate web service instances based on QoS parameters.. © 2014 Inderscience Enterprises Ltd.

  18. An efficient intrusion alerts miner for forensics readiness in high speed networks
    Akremi, A., Sallay, H., Rouached, M.,
    (2014) International Journal of Information Security and Privacy, 8 (1), pp. 62-78.
    ABSTRACT:

    Intrusion Detection System is considered as a core tool in the collection of forensically relevant evidentiary data in real or near real time from the network. The emergence of High Speed Network (HSN) and Service oriented architecture/Web Services (SOA/WS) putted the IDS in face of a typical big data management problem. The log files that IDS generates are very enormous making very fastidious and both compute and memory intensive the forensics readiness process. Furthermore the high level rate of wrong alerts complicates the forensics expert alert analysis and it disproves its performance, efficiency and ability to select the best relevant evidences to attribute attacks to criminals. In this context, we propose Alert Miner (AM), an intrusion alert classifier, which classifies efficiently in near real-time the intrusion alerts in HSN for Web services. AM uses an outlier detection technique based on an adaptive deduced association rules set to classify the alerts automatically and without human assistance. AM reduces false positive alerts without losing high sensitivity (up to 95%) and accuracy up to (97%). Therefore AM facilitates the alert analysis process and allows the investigators to focus their analysis on the most critical alerts on near real-time scale and to postpone less critical alerts for an off-line log analysis. Copyright © 2014, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.

  19. A hierarchical infinite generalized dirichlet mixture model with feature selection Download the paper
    Fan, W., Sallay, H., Bouguila, N., Bourouis, S.
    ,(2014) Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 8779 LNAI, pp. 1-10.

    ABSTRACT:

    We propose a nonparametric Bayesian approach, based on hierarchical Dirichlet processes and generalized Dirichlet distributions, for simultaneous clustering and feature selection. The resulting statistical model is learned within a variational framework that we have developed. The merits of the developed model are shown via extensive simulations and experiments when applied to the challenging problem of images categorization. © 2014 Springer International Publishing Switzerland.

  20. 2013

  21. A real time adaptive intrusion detection alert classifier for high speed networks Download the paper
    Sallay, H., Ammar, A., Saad, M.B., Bourouis, S.,
    (2013) Proceedings - IEEE 12th International Symposium on Network Computing and Applications, NCA 2013, art. no. 6623644, pp. 73-80.

    ABSTRACT:

    With the emergence of High Speed Network (HSN), the manual intrusion alert detection become an extremely laborious and time-consuming task since it requires an experienced skilled staff in security fields and need a deep analysis. In addition, the batch model of alert management is no longer adequate given that labeling is a continuous time process since incoming intrusion alerts are often collected continuously in time. Furthermore, the static model is no longer appropriate due to the fluctuation nature of the number of alerts incurred by Internet traffic fluctuation nature. This paper proposes an efficient real time adaptive intrusion detection alert classifier dedicated for high speed network. Our classifier is based an online self-trained SVM algorithm with several learning strategies and execution modes. We evaluate our classifier against three different data-sets and the performance study shows an excellent results in term of accuracy and efficiency. The predictive local learning strategy presents a good tradeoff between accuracy and time processing. In addition, it does not involve a human intervention which make it an excellent solution that satisfy high speed network alert management challenges. © 2013 IEEE.

  22. Anomaly intrusion detection using incremental learning of an infinite mixture model with feature selection Download the paper
    Fan, W., Bouguila, N., Sallay, H.,
    (2013) Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 8171 LNAI, pp. 364-373.

    ABSTRACT:

    We propose an incremental nonparametric Bayesian approach for clustering. Our approach is based on a Dirichlet process mixture of generalized Dirichlet (GD) distributions. Unlike classic clustering approaches, our model does not require the number of clusters to be pre-defined. Moreover, an unsupervised feature selection scheme is integrated into the proposed nonparametric framework to improve clustering performance. By learning the proposed model using an incremental variational framework, the number of clusters as well as the features weights can be automatically and simultaneously computed. The effectiveness and merits of the proposed approach are investigated on a challenging application namely anomaly intrusion detection. © 2013 Springer-Verlag.

  23. RESTful web services for high speed intrusion detection systems Download the paper
    Rouached, M., Sallay, H.,
    (2013) Proceedings - IEEE 20th International Conference on Web Services, ICWS 2013, art. no. 6649639, pp. 621-622.

    ABSTRACT:

    Since current heterogeneous Intrusion Detection Systems (IDSs) have not been designed to work in a cooperative manner, sharing security information among them poses a serious challenge especially in large-scale High Speed Networks (HSN) environment. The integration become more difficult when we should reduce computing and memory costs incurred by the high speed IDSs communication. Fortunately Web Services technology represents a good choice for IDSs integration thanks to its characteristics such as platform transparency and loose coupling. In this context, this paper presents a lightweight RESTful Communication model for coordinating different high speed distributed IDSs. Experimental results show an important gain in terms of data exchanged size and transmission time. © 2013 IEEE.

  24. other selected publications

  25. An efficient formal framework for intrusion detection systems Download the paper
    Rouached, M., Sallay, H.,
    (2012) Procedia Computer Science, 10, pp. 968-975.

    ABSTRACT:

    Traffic anomalies and attacks are commonplace in today's networks, and identifying them rapidly and accurately is critical for large network operators. Intrusion detection systems are an important component of defensive measures protecting computer systems and networks from abuse. For an intrusion detection system, it is important to detect previously known attacks with high accuracy. However, detecting previously unseen attacks is equally important in order to minimize the losses as a result of a successful intrusion. It is also equally important to detect attacks at an early stage in order to minimize their impact. To address these challenges, this paper proposes to improve the efficiency of the network intrusion detection process by including an Event Calculus based specification to detect the registered and expected behaviour of the whole network. © 2012 Published by Elsevier Ltd.

  26. Wild-inspired intrusion detection system framework for high speed networks π/φ IDS framework
    Sallay, H., Rouached, M., Ammar, A., Ben Fredj, O., Al-Shalfan, K., Ben Saad, M.,
    (2011) International Journal of Information Security and Privacy, 5 (4), pp. 47-58.
    ABSTRACT:

    While the rise of the Internet and the high speed networks made information easier to acquire, faster to exchange and more flexible to share, it also made the cybernetic attacks and crimes easier to perform, more accurate to hit the target victim and more flexible to conceal the crime evidences. Although people are in an unsafe digital environment, they often feel safe. Being aware of this fact and this fiction, the authors draw in this paper a security framework aiming to build real-time security solutions in the very narrow context of high speed networks. This framework is called π/φ since it is inspired by the elefant self-defense behavior which yields p (22 security tasks for 7 security targets). Copyright © 2011, IGI Global.

  27. Towards an integrated intrusion detection monitoring in high speed networks Download the paper
    Sallay, H.,
    (2011) Journal of Computer Science, 7 (7), pp. 1094-1104.

    ABSTRACT:

    Problem statement: Security Management has become a critical aspect for large scale distributed systems. Particularly, recent Distributed Intrusion Detection Systems (DIDS) schemes in High Speed Networks (HSN) have raised new serious management problems and challenges. Increasing the effectiveness of IDS monitoring is primordial to satisfy the restrictive constraints in such large multi-domains environment for narrow context of HSN. Approach: We consider the intrusion detection monitoring as a two facets entity: one at local level (single domain) and another at the global one (multi-domains). Through the local level, evolution of single domain intrusion detection process (vulnerability data collection, alert generation and sensor configuration according to some improvement scenarios) can be monitored. The global level represents evolution of multi-domain intrusion detection process as well as the eventual security defending process through overall network (policy generation, load balancing operations and global alert correlation). Differentiating these two facets, leads to the design of a scalable intrusion detection management solution. Results: The effectiveness of DIDS management in HSN had been studied and an IDS scalable monitoring architecture for multi-domains had been proposed. Several scenarios of Snort IDS showed an improvement on the performance of real-time detection. An integration of a set of tools provided a convivial IDS monitoring platform. Conclusion: To satisfy the constraints of Intrusion detection process in term of real-time and efficiency in HSN we need to monitor efficiently the IDS process. In this context, the management framework outlined is more appropriate, convenient and efficient. The herein proposed architecture, the snort IDS improvement techniques and the integrated platform played a crucial role in improving of IDS real-time monitoring. © 2011 Science Publications.

  28. On Arabic texts compression and searching
    Sallay, H.,
    (2010) Journal of Digital Information Management, 8 (6), pp. 355-361.
    ABSTRACT:

    With the dramatic increasing of electronic Arabic content, the text compression techniques will play a major role in several domains and applications such as search engines, data archiving, searching and retrieval from huge databases. Mainly the combination of compression and indexing techniques allows the interesting possibility to work directly on the compressed textual files or databases, which results saving time and resources. The existing compression techniques and tools are generic and do not consider the specific characteristics of the Arabic language such as its derivative nature. Mainly compression techniques should be based on the morphology characteristics of the Arabic language, its grammatical characteristics, the texts subject, and their statistical characteristics. The paper surveys the state of the art of the Arabic texts compression techniques and tools and identifies some research tracks that should be explored in future. It presents also some dedicated Arabic text compression algorithms which save more physical space and speed up the data retrieval text files by searching in their compressed form.

  29. A standard-compliant integrated security framework
    Sallay, H., Al-Shalfan, K.,
    (2010) Advances in E-Activities, Information Security and Privacy, ISP'10, pp. 77-84.
    ABSTRACT:

    Security intrusion incidents have dramatically risen over the last decade. The organizations are becoming more and more aware of the importance of safeguarding their critical information. They need also to measure the degree of compliance of their security measures with the standards to enhance their degree of security, avoid the lack of accountability problem, and satisfy the regulatory obligations. While there are many tools and practices that can reduce security risks, there is a real need for security framework that specifies a security model and architecture in order to satisfy these security requirements. In this paper, we propose a preliminary specification of such a framework. A security model as well as an architecture able to perform automated and procedural security safeguards are proposed. In addition, an implementation guideline of the proposed architecture (AMANSystem) based on active network approach is presented.

  30. Formal analysis of intrusion detection systems for high speed networks
    Rouached, M., Sallay, H., Fredj, O.B., Ammar, A., Al-Shalfan, K., Saad, M.B.,
    (2010) Advances in E-Activities, Information Security and Privacy, ISP'10, pp. 109-114.
    ABSTRACT:

    Network Intrusion Detection System (NIDS) is an important and practical tool for network security. To guarantee a precise detection, the NIDS must detect packets at a wire speed. However, with the recent trend of high-speed networks, the capability of a single NIDS cannot meet the speed's demand, resulting in rising of false negatives. To address this problem, Specification-based techniques have been proposed as a promising alternative that combine the strengths of misuse and anomaly detection. In this paper, we present an event calculus (EC) based framework towards the formal analysis of NIDS. This framework checks that security requirements and assumptions are preserved at run-time by monitoring the satisfaction of EC formulas that formalize them using the detection rules. This can be done by observing the network at run-time and checking observations against specified network behavior trying to detect deviations from what is specified.

  31. On Distributed Intrusion Detection Systems design for high speed networks
    Fredj, O.B., Sallay, H., Ammar, A., Rouached, M., Al-Shalfan, K., Saad, M.B.,
    (2010) Advances in E-Activities, Information Security and Privacy, ISP'10, pp. 115-120.
    ABSTRACT:

    This article states the need of High Performance Computing (HPC) for Distributed Intrusion Detection Systems (DIDS) and discusses the design requirements of the system. Since high-speed networks are the performance key in HPC, the article studies the mapping of the different requirements over the software and hardware features of high-speed networks. The study has resulted in several recommendation for the design of IDS over HSN, starting from the communication protocol and the programming model that should be adopted, to the way the system should handle the communication flow, the memory management and the data transfer between IDS sensors.

  32. A highly distributed dynamic IP multicast accounting and management framework Download the paper
    Sallay, H., Festor, O.,
    (2003) IFIP Advances in Information and Communication Technology, 118, pp. 45-58.

    ABSTRACT:

    We present a highly distributed management architecture dedicated to IP multicast services. This architecture relies on a three level hierarchical model over which both management data and functions are distributed. We show how the architecture can be used to support an extended multicast accounting algorithm which adapts itself to the dynamics of a multicast tree and detail the implementation of the proposed framework using active network technology. © 2003 by Springer Science+Business Media Dordrecht.

  33. A distributed management platform for integrated multicast monitoring Download the paper
    Sallay, H., State, R., Festor, O.,
    (2002) IEEE Symposium Record on Network Operations and Management Symposium, pp. 483-495.

    ABSTRACT:

    While multicast services are becoming very attractive, their large deployment and commercial use is currently slowed down partly due to the lack of integrated management solutions for the components that participate to the operation of these services at various levels. Excellent standalone components exist today and are good candidates for the integration. Joined and interfaced with standard management platforms, they cover most of the functions retaled to multicast service monitoring. In this paper we present the resulting architecture of one integration effort which combines two multicast management tools for topology monitoring, pre-event testing and in-situ monitoring. The proposed architecture is used for service level monitoring and data collection.