Automatic generation of functional vectors using the extended finite state machine model
ACM Transactions on Design Automation of Electronic Systems (TODAES)
Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
STATL: an attack language for state-based intrusion detection
Journal of Computer Security
Experiences with Specification-Based Intrusion Detection
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Testable Use Cases in the Abstract State Machine Language
APAQS '01 Proceedings of the Second Asia-Pacific Conference on Quality Software
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Detecting Intrusions Specified in a Software Specification Language
COMPSAC '05 Proceedings of the 29th Annual International Computer Software and Applications Conference - Volume 01
Monitoring and Diagnosing Malicious Attacks with Autonomic Software
ER '09 Proceedings of the 28th International Conference on Conceptual Modeling
Hi-index | 0.00 |
There exist a number of Intrusion Detection Systems (IDSs) that detect computer attacks based on some defined attack scenarios. The attack scenarios or security requirements in some of these IDSs are specified in attack specification languages which are separate from software specification languages. The use of two different languages for software specification and attack specification may generate redundant and conflicting requirements. The advantage of using the same language for both functional specifications and attacks specifications is that software designers can address the two different issues without learning the two types of languages. We present a method of using a software specification language called Abstract State Machine Language (AsmL) as an attack specification language for the open source IDS Snort. This work provides AsmL users an IDS that they can use without knowing how to write Snort rules. We automatically translate attack scenarios written in AsmL into Snort rules with context information. The original Snort is modified so that it can use the rules automatically generated by the translator. Adding context information to Snort rules improves the detection capability of Snort. To show the efficacy of our presented approach, we have built a prototype and evaluated it using a number of well-known attack scenarios.