Performance, Computing, and Communications Conference, 2002. 21st IEEE International (2006)

Phoenix, AZ, USA

Apr. 10, 2006 to Apr. 12, 2006

ISBN: 1-4244-0198-4

pp: 68

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/.2006.1629446

Y. Liverpool , Dept. of Electr.&Comput. Eng., Iowa State Univ., Ames, IA, USA

Y. Tang , Dept. of Electr.&Comput. Eng., Iowa State Univ., Ames, IA, USA

T.E. Daniels , Dept. of Electr.&Comput. Eng., Iowa State Univ., Ames, IA, USA

ABSTRACT

The precondition for stepping-stone analysis is to record network events through network monitors. Little work has been done on how to place monitors. In this paper, we propose the technique for the optimal placement of passive monitors in a network where there are constraints on the number of available monitors for deployment. The placement problem is defined in terms of information theory metrics. For a given number of monitors and network topology, average entropy and "worst-case" entropy that describe the remaining uncertainty in the origin of an attack when monitors work perfectly are considered as the optimal object. A brief proof that the worst-case deployment problem is NP-complete is presented. Greedy algorithms based on graph centrality heuristics for finding high quality deployments are introduced to solve this problem. An automatic monitor placement tool, which implements our approach, is developed and we use real network topology in the experiments to evaluate our results.

INDEX TERMS

automatic monitor placement tool, stepping-stone analysis, information theory metric, network topology, entropy, greedy algorithm, graph centrality heuristics

CITATION

Y. Liverpool,
Y. Tang,
T.E. Daniels,
"Monitor placement for stepping stone analysis",

*Performance, Computing, and Communications Conference, 2002. 21st IEEE International*, vol. 00, no. , pp. 68, 2006, doi:10.1109/.2006.1629446