An introduction to Estelle: a specification language for distributed systems
Computer Networks and ISDN Systems - Special Issue: Protocol Specification and Testing
State Transition Analysis: A Rule-Based Intrusion Detection Approach
IEEE Transactions on Software Engineering
Computer-Aided Reasoning: An Approach
Computer-Aided Reasoning: An Approach
The Art and Science of Computer Security
The Art and Science of Computer Security
System Health and Intrusion Monitoring Using a Hierarchy of Constraints
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Proving Theorems About Java-Like Byte Code
Correct System Design, Recent Insight and Advances, (to Hans Langmaack on the occasion of his retirement from his professorship at the University of Kiel)
ACL2 Theorems About Commercial Microprocessors
FMCAD '96 Proceedings of the First International Conference on Formal Methods in Computer-Aided Design
ANSS '03 Proceedings of the 36th annual symposium on Simulation
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
A specification-based intrusion detection system for AODV
Proceedings of the 1st ACM workshop on Security of ad hoc and sensor networks
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
A General Cooperative Intrusion Detection Architecture for MANETs
IWIA '05 Proceedings of the Third IEEE International Workshop on Information Assurance
Hi-index | 0.00 |
As mobile ad hoc networks (MANETs) are increasingly deployed in critical environments, security becomes a paramount issue. The dynamic and decentralized nature of MANETs makes their protocols very vulnerable to attacks, for example, by malicious insiders, who can cause packets to be misrouted or cause other nodes to have improper configuration. This paper addresses security issues of auto-configuration protocols in ad hoc networks. Auto-configuration protocols enable nodes to obtain configuration information (e.g., an IP address) so that they can communicate with other nodes in the network. We describe a formal approach to modeling and reasoning about auto-configuration protocols to support the detection of malicious insider nodes. With respect to this family of protocols, our approach defines a global security requirement for a network that characterizes the "good" behavior of individual nodes to assure the global property. This behavior becomes local detection rules that define a distributed specification-based intrusion detection system aimed at detecting malicious insider nodes. We formally prove that the local detection rules (identifying activity that is monitored) together with “assumptions” that identify system properties which are not monitored imply the global security requirement. This approach, novel to the field of intrusion detection, can, in principle, yield an intrusion detection system that detects any attack, even unknown attacks, that can imperil the global security requirement.