Skip to Main Content
An intrusion detection system (IDS) is a collection of sensors (often in the form of mobile agents) that collect data (security related events), classify them and trigger an alarm when unwanted manipulations to regular network behaviour is detected. Activities of attackers and network are time dependent. In the paper, fault trees with time dependencies (FTTD) are used to describe intrusions with emphasis put on timing properties. In FTTD, events and gates are characterized by time parameters. FTTD are used in verification whether the IDS reacts sufficiently quick on the intrusions. As an example, "the victim trusts the intruder" attack is analysed.