Automatic creation of models for network intrusion detection

2012 Computing, Communications and Applications Conference Pub Date : 2012-02-21 DOI:10.1109/COMCOMAP.2012.6154805

M. Maatta, T. Raty

{"title":"Automatic creation of models for network intrusion detection","authors":"M. Maatta, T. Raty","doi":"10.1109/COMCOMAP.2012.6154805","DOIUrl":null,"url":null,"abstract":"This paper proposes a tool which can create models for network intrusion detection. The created models are stored in Extensible Mark-up Language (XML) notation that describe packet level details, such as protocol header information, and in Message Sequence Chart (MSC) notation which is used for describing scenario information of network activities, for example describing a port scan with vulnerability exploitation attempt. The proposed tool will utilize Snort rules in the model creation process where a Snort rule is transformed into XML and MSC models. Besides Snort rules, the proposed tool is able to utilize network traffic traces stored in a packet capture format (Pcap). These traces may contain diverse set of different network activities that are relevant in gaining unauthorized access to computer systems or networks. Using these traces the proposed tool can create XML and MSC models that depict the malicious activities. The experimental utilization of the proposed tool will indicate that the XML and MSC models can be created fast and automatically using two separate sources and this will reduce the amount manual work required in the modelling process.","PeriodicalId":281865,"journal":{"name":"2012 Computing, Communications and Applications Conference","volume":"30 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-02-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 Computing, Communications and Applications Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/COMCOMAP.2012.6154805","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

Abstract

This paper proposes a tool which can create models for network intrusion detection. The created models are stored in Extensible Mark-up Language (XML) notation that describe packet level details, such as protocol header information, and in Message Sequence Chart (MSC) notation which is used for describing scenario information of network activities, for example describing a port scan with vulnerability exploitation attempt. The proposed tool will utilize Snort rules in the model creation process where a Snort rule is transformed into XML and MSC models. Besides Snort rules, the proposed tool is able to utilize network traffic traces stored in a packet capture format (Pcap). These traces may contain diverse set of different network activities that are relevant in gaining unauthorized access to computer systems or networks. Using these traces the proposed tool can create XML and MSC models that depict the malicious activities. The experimental utilization of the proposed tool will indicate that the XML and MSC models can be created fast and automatically using two separate sources and this will reduce the amount manual work required in the modelling process.

查看原文本刊更多论文

自动创建网络入侵检测模型

本文提出了一种可以创建网络入侵检测模型的工具。创建的模型以可扩展标记语言(Extensible markup Language, XML)表示法存储，该表示法描述数据包级别的详细信息，例如协议头信息;以消息序列图(Message Sequence Chart, MSC)表示法存储，该表示法用于描述网络活动的场景信息，例如描述带有漏洞利用尝试的端口扫描。建议的工具将在将Snort规则转换为XML和MSC模型的模型创建过程中利用Snort规则。除了Snort规则之外，建议的工具还能够利用以数据包捕获格式(Pcap)存储的网络流量跟踪。这些痕迹可能包含各种不同的网络活动，这些活动与获取对计算机系统或网络的未经授权的访问有关。使用这些跟踪，建议的工具可以创建描述恶意活动的XML和MSC模型。所提出的工具的实验使用表明，XML和MSC模型可以使用两个独立的源快速和自动地创建，这将减少建模过程中所需的手工工作量。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2012 Computing, Communications and Applications Conference

自引率

0.00%

发文量