Intrusion Detection as Passive Testing: Linguistic Support with TTCN-3 (Extended Abstract)

Authors:
Krzysztof M. Brzezinski
Affiliations:
Institute of Telecommunications, Warsaw University of Technology, Nowowiejska 15/19, 00-665 Warszawa, Poland
Venue:
DIMVA '07 Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Year:
2007

Citing 13
Cited 0

Towards a taxonomy of intrusion-detection systems

Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on computer network security
Bro: a system for detecting network intruders in real-time

Computer Networks: The International Journal of Computer and Telecommunications Networking
STATL: an attack language for state-based intrusion detection

Journal of Computer Security
Distributed Performance Monitoring: Methods, Tools, and Applications

IEEE Transactions on Parallel and Distributed Systems
Experiences with Specification-Based Intrusion Detection

RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
On the Design of the New Testing Language TTCN-3

TestCom '00 Proceedings of the IFIP TC6/WG6.1 13th International Conference on Testing Communicating Systems: Tools and Techniques
Timed TTCN-3 - A Real-time Extension for TTCN-3

TestCom '02 Proceedings of the IFIP 14th International Conference on Testing Communicating Systems XIV
A TTCN-3 Based Online Test and Validation Platform for Internet Services

ISADS '03 Proceedings of the The Sixth International Symposium on Autonomous Decentralized Systems (ISADS'03)
Test Purposes: Adapting the Notion of Specification to Testing

Proceedings of the 16th IEEE international conference on Automated software engineering
Execution monitoring of security-critical programs in distributed systems: a Specification-based approach

SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Beyond bloom filters: from approximate membership checks to approximate state machines

Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Synthesizing fast intrusion prevention/detection systems from high-level specifications

SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
An EFSM-based intrusion detection system for ad hoc networks

ATVA'05 Proceedings of the Third international conference on Automated Technology for Verification and Analysis

Quantified Score

Hi-index	0.00

Visualization

Abstract

We explore the idea of using the internationally standardized test language TTCN-3 (Testing and Test Control Notation) as a platform for Intrusion Detection (ID) systems. Intrusion detection is treated as an application of verification by passive testing. It is argued that TTCN contains many features embodied in various "detection languages", and is relevant for ID. As a case study, we discuss a TTCN-based IDS for detecting the Smurfattack.