{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,7,8]],"date-time":"2025-07-08T12:28:33Z","timestamp":1751977713853,"version":"3.41.0"},"reference-count":51,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2011,12,1]],"date-time":"2011-12-01T00:00:00Z","timestamp":1322697600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Model. Comput. Simul."],"published-print":{"date-parts":[[2011,12]]},"abstract":"<jats:p>This article describes an innovative Decision Support System (DSS) for Placement of Intrusion Detection and Prevention Systems (PIDPS) in large-scale communication networks. PIDPS is intended to support network security personnel in optimizing the placement and configuration of malware filtering and monitoring devices within Network Service Providers\u2019 (NSP) infrastructure, and enterprise communication networks. PIDPS meshes innovative and state-of-the-art mechanisms borrowed from the domains of graph theory, epidemic modeling, and network simulation. Scalable network exploitation models enable to define the communication patterns induced by network users (thereby establishing a virtual overlay network), and parallel attack models enable a PIDPS user to define various interdependent network attacks such as: Internet worms, Trojans horses, Denial of Service (DoS) attacks, and others. PIDPS incorporates a set of deployment strategies (employing graph-theoretic centrality measures) in order to facilitate intelligent placement of filtering and monitoring devices; as well as a dedicated network simulator in order to evaluate the various deployments. Experiments with PIDPS indicate that incorporating knowledge on the overlay network (network exploitation patterns) into the placement and configuration of malware filtering and monitoring devices substantially improves the effectiveness of intrusion detection and prevention systems in NSP and enterprise networks.<\/jats:p>","DOI":"10.1145\/2043635.2043640","type":"journal-article","created":{"date-parts":[[2011,12,27]],"date-time":"2011-12-27T15:22:22Z","timestamp":1324999342000},"page":"1-26","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":19,"title":["A Decision Support System for Placement of Intrusion Detection and Prevention Devices in Large-Scale Networks"],"prefix":"10.1145","volume":"22","author":[{"given":"Rami","family":"Puzis","sequence":"first","affiliation":[{"name":"Ben-Gurion University"}]},{"given":"Meytal","family":"Tubi","sequence":"additional","affiliation":[{"name":"Ben-Gurion University"}]},{"given":"Yuval","family":"Elovici","sequence":"additional","affiliation":[{"name":"Ben-Gurion University"}]},{"given":"Chanan","family":"Glezer","sequence":"additional","affiliation":[{"name":"Ben-Gurion University and Ariel University Center of Samaria"}]},{"given":"Shlomi","family":"Dolev","sequence":"additional","affiliation":[{"name":"Ben-Gurion University"}]}],"member":"320","published-online":{"date-parts":[[2011,12]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"crossref","unstructured":"Anderson R. M. and May R. M. 1992. Infectious Diseases of Humans: Dynamics and Control. Oxford University Press. Anderson R. M. and May R. M. 1992. Infectious Diseases of Humans: Dynamics and Control . Oxford University Press.","DOI":"10.1093\/oso\/9780198545996.001.0001"},{"key":"e_1_2_1_2_1","unstructured":"AOL\/NCSA. 2005. Online safety study. http:\/\/www.staysafeonline.org\/pdf\/safety_study_2005.pdf. AOL\/NCSA. 2005. Online safety study. http:\/\/www.staysafeonline.org\/pdf\/safety_study_2005.pdf."},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1126\/science.286.5439.509"},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.socnet.2005.11.005"},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.socnet.2007.11.001"},{"volume-title":"Proceedings of the 1st International Conference on Simulation Tools and Techniques for Communications, Networks and Systems. 33","author":"Bye R.","key":"e_1_2_1_6_1","unstructured":"Bye , R. , Schmidt , S. , Luther , K. , and Albayrak , S . 2008. Application-level simulation for network security . In Proceedings of the 1st International Conference on Simulation Tools and Techniques for Communications, Networks and Systems. 33 . Bye, R., Schmidt, S., Luther, K., and Albayrak, S. 2008. Application-level simulation for network security. In Proceedings of the 1st International Conference on Simulation Tools and Techniques for Communications, Networks and Systems. 33."},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2005.63"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/1284680.1284681"},{"volume-title":"Proceedings of the 24th International Conference on Distributed Computing and Systems. 312--319","author":"Chen S.","key":"e_1_2_1_9_1","unstructured":"Chen , S. and Tang , Y . 2004. Slowing down internet worms . In Proceedings of the 24th International Conference on Distributed Computing and Systems. 312--319 , Tokyo, Japan. Chen, S. and Tang, Y. 2004. Slowing down internet worms. In Proceedings of the 24th International Conference on Distributed Computing and Systems. 312--319, Tokyo, Japan."},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1186\/1751-0473-3-3"},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/1095810.1095824"},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/1734213.1734219"},{"key":"e_1_2_1_13_1","volume-title":"eDare(II&III) project","author":"Labs BGU","year":"2006","unstructured":"DT Labs @ BGU , eDare(II&III) project . 2006 . Beta release of PIDPS can be obtained from Deutsche Telekom Laboratories at Ben-Gurion University . http:\/\/tlabs.bgu.ac.il\/edare23. DTLabs@BGU, eDare(II&III) project. 2006. Beta release of PIDPS can be obtained from Deutsche Telekom Laboratories at Ben-Gurion University. http:\/\/tlabs.bgu.ac.il\/edare23."},{"key":"e_1_2_1_14_1","unstructured":"Ediger B. 2005. Simulating network worms. http:\/\/www.users.qwest.net\/eballen1\/nws\/ (accessed 06\/08). Ediger B. 2005. Simulating network worms. http:\/\/www.users.qwest.net\/eballen1\/nws\/ (accessed 06\/08)."},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-74565-5_5"},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1080\/0022250X.1999.9990219"},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.2307\/3033543"},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1016\/0378-8733(78)90021-7"},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1111\/j.0966-0879.2004.00435.x"},{"key":"e_1_2_1_20_1","unstructured":"Harris Interactive. 2006. Survey reveals the majority of U.S. adult computer users are unprotected from malware. www.harrisinteractive.com\/news\/newsletters\/clientnews\/2006_ESET.pdf. Harris Interactive . 2006. Survey reveals the majority of U.S. adult computer users are unprotected from malware. www.harrisinteractive.com\/news\/newsletters\/clientnews\/2006_ESET.pdf."},{"volume-title":"Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy. IEEE, 343--359","author":"Kephart J. O.","key":"e_1_2_1_21_1","unstructured":"Kephart , J. O. and White , S. R . 1991. Directed-graph epidemiological models of computer viruses . In Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy. IEEE, 343--359 . Kephart, J. O. and White, S. R. 1991. Directed-graph epidemiological models of computer viruses. In Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy. IEEE, 343--359."},{"volume-title":"Proceedings of the 2005 International Conference on Computational Intelligence for Modeling Control and Automation (CIMCA\u201905)","author":"Kotenko I.","key":"e_1_2_1_22_1","unstructured":"Kotenko , I. and Ulanov , A . 2005. The software environment for multi-agent simulation of defense mechanisms against DDOS attacks . In Proceedings of the 2005 International Conference on Computational Intelligence for Modeling Control and Automation (CIMCA\u201905) . 283--289. Kotenko, I. and Ulanov, A. 2005. The software environment for multi-agent simulation of defense mechanisms against DDOS attacks. In Proceedings of the 2005 International Conference on Computational Intelligence for Modeling Control and Automation (CIMCA\u201905). 283--289."},{"key":"e_1_2_1_23_1","volume-title":"Proceedings of the IEEE Symposium on Security and Privacy. IEEE, 285--294","author":"Kruegel C.","year":"2002","unstructured":"Kruegel , C. , Valeur , F. , Vigna , G. , and Kemmerer . R. 2002 . Stateful intrusion detection for high-speed networks . In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, 285--294 . Kruegel, C., Valeur, F., Vigna, G., and Kemmerer. R. 2002. Stateful intrusion detection for high-speed networks. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, 285--294."},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/948187.948193"},{"key":"e_1_2_1_25_1","unstructured":"Mcafee-NCSA. 2007. Online safety study. http:\/\/staysafeonline.org\/pdf\/McAfee_NCSA_analysis.pdf. Mcafee-NCSA. 2007. Online safety study. http:\/\/staysafeonline.org\/pdf\/McAfee_NCSA_analysis.pdf."},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/964725.633041"},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/637201.637244"},{"volume-title":"Proceedings of the 22th IEEE Conference on Computer Communications. IEEE.","author":"Moore D.","key":"e_1_2_1_28_1","unstructured":"Moore , D. , Shannon , C. , Voelker , G. , and Savage , S . 2003. Internet quarantine: Requirements for containing self-propagating code . In Proceedings of the 22th IEEE Conference on Computer Communications. IEEE. Moore, D., Shannon, C., Voelker, G., and Savage, S. 2003. Internet quarantine: Requirements for containing self-propagating code. In Proceedings of the 22th IEEE Conference on Computer Communications. IEEE."},{"key":"e_1_2_1_29_1","unstructured":"NCSA. 2008. Overview of NCSA consumer research study. NCSA. 2008. Overview of NCSA consumer research study."},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1103\/PhysRevE.69.026113"},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/1028788.1028808"},{"volume-title":"Scalable protection against DDoS and worm attacks. DARPA ATO FTN project AFRL contract F30602-01-2-0530","author":"Park K.","key":"e_1_2_1_32_1","unstructured":"Park , K. 2004. Scalable protection against DDoS and worm attacks. DARPA ATO FTN project AFRL contract F30602-01-2-0530 , Purdue University , West Lafayette . Park, K. 2004. Scalable protection against DDoS and worm attacks. DARPA ATO FTN project AFRL contract F30602-01-2-0530, Purdue University, West Lafayette."},{"key":"e_1_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1103\/PhysRevLett.86.3200"},{"key":"e_1_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1103\/PhysRevE.65.036104"},{"key":"e_1_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1103\/PhysRevE.76.056709"},{"key":"e_1_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.5555\/1365534.1365539"},{"key":"e_1_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-89900-6_20"},{"volume-title":"Proceedings of the IEEE 12th Annual International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunications Systems(MASCOTS). IEEE Computer Society, 268--274","author":"Riley G. F.","key":"e_1_2_1_38_1","unstructured":"Riley , G. F. , Sharif , M. I. , and Lee , W . 2004. Simulating internet worms . In Proceedings of the IEEE 12th Annual International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunications Systems(MASCOTS). IEEE Computer Society, 268--274 . Riley, G. F., Sharif, M. I., and Lee, W. 2004. Simulating internet worms. In Proceedings of the IEEE 12th Annual International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunications Systems(MASCOTS). IEEE Computer Society, 268--274."},{"key":"e_1_2_1_39_1","doi-asserted-by":"crossref","unstructured":"Schwartz Y. Shavitt Y. and Weinsberg U. 2010. On the diversity stability and symmetry of end-to-end internet routes. In Global Internet. Schwartz Y. Shavitt Y. and Weinsberg U. 2010. On the diversity stability and symmetry of end-to-end internet routes. In Global Internet .","DOI":"10.1109\/INFCOMW.2010.5466669"},{"key":"e_1_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSMCC.2010.2068544"},{"key":"e_1_2_1_41_1","volume-title":"GLOWS: A high fidelity worm simulator. Tech. rep. CIS-TR-2006-11","author":"Stafford S.","year":"2006","unstructured":"Stafford , S. , Li , J. , Ehrenkranz , T. , and Knickerbocker , P . 2006 . GLOWS: A high fidelity worm simulator. Tech. rep. CIS-TR-2006-11 , University of Oregon. Stafford, S., Li, J., Ehrenkranz, T., and Knickerbocker, P. 2006. GLOWS: A high fidelity worm simulator. Tech. rep. CIS-TR-2006-11, University of Oregon."},{"key":"e_1_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/TNET.2007.909678"},{"key":"e_1_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1038\/30918"},{"volume-title":"Proceedings of the 13th USENIX Security Symposium. 29--44","author":"Weaver N.","key":"e_1_2_1_44_1","unstructured":"Weaver , N. , Staniford , S. , and Paxson V . 2004. Very fast containment of scanning worms . In Proceedings of the 13th USENIX Security Symposium. 29--44 . Weaver, N., Staniford, S., and Paxson V. 2004. Very fast containment of scanning worms. In Proceedings of the 13th USENIX Security Symposium. 29--44."},{"key":"e_1_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/PADS.2005.7"},{"key":"e_1_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2009.11.002"},{"key":"e_1_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1016\/S0378-4371(02)00618-0"},{"volume-title":"Proceedings of IEEE INFOCOM. 594--602","author":"Zegura E. W.","key":"e_1_2_1_48_1","unstructured":"Zegura , E. W. , Calvert , K. L. , and Bhattacharjee , S . 1996. How to model an internetwork . In Proceedings of IEEE INFOCOM. 594--602 . Zegura, E. W., Calvert, K. L., and Bhattacharjee, S. 1996. How to model an internetwork. In Proceedings of IEEE INFOCOM. 594--602."},{"key":"e_1_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/885651.781053"},{"key":"e_1_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1103\/PhysRevE.74.056109"},{"key":"e_1_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/586110.586130"}],"container-title":["ACM Transactions on Modeling and Computer Simulation"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2043635.2043640","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2043635.2043640","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T09:54:19Z","timestamp":1750240459000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2043635.2043640"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2011,12]]},"references-count":51,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2011,12]]}},"alternative-id":["10.1145\/2043635.2043640"],"URL":"https:\/\/doi.org\/10.1145\/2043635.2043640","relation":{},"ISSN":["1049-3301","1558-1195"],"issn-type":[{"type":"print","value":"1049-3301"},{"type":"electronic","value":"1558-1195"}],"subject":[],"published":{"date-parts":[[2011,12]]},"assertion":[{"value":"2010-05-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2011-06-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2011-12-01","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}