Affiliation:
1. Henan University of Animal Husbandry and Economy
2. Zhengzhou University
Abstract
Compared with the Intrusion Detection (ID) based on pattern matching, the model-checking-based methods can find the complex attacks. But their rates of missing report are still high. To solve this problem, we firstly use the Interval Temporal Logic with Past Construct (ITLPC) formulae to describe some signatures for network attacks. And then, we can use some automata to establish models of audit logs. On the basis of it, automata, i.e., attack models, and ITLPC formulae, i.e., signatures, constitute the two inputs of the ITLPC model checking algorithm. Therefore, a new model-checking-based ID algorithm is obtained by calling the ITLPC algorithm. Compared with the existing methods, the new method is more powerful, as shown in the experimental simulations.
Publisher
Trans Tech Publications, Ltd.
Reference7 articles.
1. M Roger, J Goubault-Larrecq, Log Auditing through Model-Checking, Proceedings of the 14th IEEE workshop on Computer Security Foundations, IEEE Computer Society Washington, DC, USA, 220-234, (2001).
2. J Olivain, J Goubault-Larrecq, The Orchids Intrusion Detection Tool, Proceedings of the 17th International Conference on Computer Aided Verification, Lecture Notes in Computer Science, 3576: 286-290, Springer, Edinburgh, Scotland, UK, (2005).
3. J Goubault-Larrecq , J Olivain, A Smell of Orchids, Runtime Verification: 8th International Workshop, RV 2008, pp.1-20, Budapest, Hungary, March 30, (2008).
4. W Zhu, Z Wang, H Zhang, A novel algorithm for Intrusion Detection based on Model Checking Interval Temporal Logic, China Communications, 8(3): 66-72, (2011).
5. W Zhu, Y Wang, Q Zhou, An intrusion detection method based on modeling checking of projection temporal logic. Network security technology and application, 3: 25-27, (2010).