基于adm逻辑的TCP/IP攻击规范与检测

The Second International Conference on Availability, Reliability and Security (ARES'07) Pub Date : 2007-04-10 DOI:10.1109/ARES.2007.142

Meriam Ben-Ghorbel-Talbi, Mehdi Talbi, M. Mejri

{"title":"基于adm逻辑的TCP/IP攻击规范与检测","authors":"Meriam Ben-Ghorbel-Talbi, Mehdi Talbi, M. Mejri","doi":"10.1109/ARES.2007.142","DOIUrl":null,"url":null,"abstract":"Intrusion detection systems (IDS) are considered nowadays as one of the most important components in the security architecture of information systems. For misuse-based IDS also known as signature based IDS, the efficiency of detection is highly correlated to the quality of signatures. It is therefore very important to select a suitable formal language that provides both high expressiveness and simplicity when specifying attack signatures. It is also fundamental to have a user friendly and automatic tool allowing the specification and the verification of these signatures. This paper shows the efficiency and the suitability of the ADM-logic and formal language to specify a large variety of signatures characterizing attacks based on the TCP/IP protocols. A prototype of an IDS based on this logic will be also introduced","PeriodicalId":383015,"journal":{"name":"The Second International Conference on Availability, Reliability and Security (ARES'07)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Specification and Detection of TCP/IP Based Attacks Using the ADM-Logic\",\"authors\":\"Meriam Ben-Ghorbel-Talbi, Mehdi Talbi, M. Mejri\",\"doi\":\"10.1109/ARES.2007.142\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Intrusion detection systems (IDS) are considered nowadays as one of the most important components in the security architecture of information systems. For misuse-based IDS also known as signature based IDS, the efficiency of detection is highly correlated to the quality of signatures. It is therefore very important to select a suitable formal language that provides both high expressiveness and simplicity when specifying attack signatures. It is also fundamental to have a user friendly and automatic tool allowing the specification and the verification of these signatures. This paper shows the efficiency and the suitability of the ADM-logic and formal language to specify a large variety of signatures characterizing attacks based on the TCP/IP protocols. A prototype of an IDS based on this logic will be also introduced\",\"PeriodicalId\":383015,\"journal\":{\"name\":\"The Second International Conference on Availability, Reliability and Security (ARES'07)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2007-04-10\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"The Second International Conference on Availability, Reliability and Security (ARES'07)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ARES.2007.142\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"The Second International Conference on Availability, Reliability and Security (ARES'07)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ARES.2007.142","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

摘要

入侵检测系统是当今信息系统安全体系结构中最重要的组成部分之一。对于基于误用的入侵检测(也称为基于签名的入侵检测)，检测效率与签名的质量高度相关。因此，在指定攻击签名时，选择一种既具有高表达性又简单的合适的形式语言非常重要。拥有一个用户友好的自动工具来规范和验证这些签名也是非常重要的。本文展示了adm逻辑和形式语言在描述基于TCP/IP协议的攻击特征时的有效性和适用性。本文还将介绍基于这种逻辑的IDS原型

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Specification and Detection of TCP/IP Based Attacks Using the ADM-Logic

Intrusion detection systems (IDS) are considered nowadays as one of the most important components in the security architecture of information systems. For misuse-based IDS also known as signature based IDS, the efficiency of detection is highly correlated to the quality of signatures. It is therefore very important to select a suitable formal language that provides both high expressiveness and simplicity when specifying attack signatures. It is also fundamental to have a user friendly and automatic tool allowing the specification and the verification of these signatures. This paper shows the efficiency and the suitability of the ADM-logic and formal language to specify a large variety of signatures characterizing attacks based on the TCP/IP protocols. A prototype of an IDS based on this logic will be also introduced

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

The Second International Conference on Availability, Reliability and Security (ARES'07)

自引率

0.00%

发文量