Alternation and the computational complexity of logic programs
Journal of Logic Programming
The complexity of propositional linear temporal logics
Journal of the ACM (JACM)
Information Processing Letters
Abstract interpretation and application to logic programs
Journal of Logic Programming
An automata-theoretic approach to linear temporal logic
Proceedings of the VIII Banff Higher order workshop conference on Logics for concurrency : structure versus automata: structure versus automata
Classification and detection of computer intrusions
Classification and detection of computer intrusions
Programming Perl
Computers and Intractability: A Guide to the Theory of NP-Completeness
Computers and Intractability: A Guide to the Theory of NP-Completeness
Implementing a Generalized Tool for Network Monitoring
LISA '97 Proceedings of the 11th Conference on Systems Administration
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Bro: a system for detecting network intruders in real-time
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Formal Specification of Intrusion Signatures and Detection Rules
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Using DAML+OIL to classify intrusive behaviours
The Knowledge Engineering Review
A framework for concrete reputation-systems with applications to history-based access control
Proceedings of the 12th ACM conference on Computer and communications security
Information Processing Letters
An automata-theoretic approach to constraint LTL
Information and Computation
A logical framework for history-based access control and reputation systems
Journal of Computer Security
Extending orchids for intrusion detection in 802.11 wireless networks
NOTERE '08 Proceedings of the 8th international conference on New technologies in distributed systems
Runtime Verification
A First-Order Policy Language for History-Based Transaction Monitoring
ICTAC '09 Proceedings of the 6th International Colloquium on Theoretical Aspects of Computing
Information Processing Letters
Monitoring security policies with metric first-order temporal logic
Proceedings of the 15th ACM symposium on Access control models and technologies
Formal analysis of intrusion detection systems for high speed networks
ISPACT'10 Proceedings of the 9th WSEAS international conference on Advances in e-activities, information security and privacy
Some ideas on virtualized system security, and monitors
DPM'10/SETOP'10 Proceedings of the 5th international Workshop on data privacy management, and 3rd international conference on Autonomous spontaneous security
A semantic framework for data analysis in networked systems
Proceedings of the 8th USENIX conference on Networked systems design and implementation
Policy auditing over incomplete logs: theory, implementation and applications
Proceedings of the 18th ACM conference on Computer and communications security
Policy monitoring in first-order temporal logic
CAV'10 Proceedings of the 22nd international conference on Computer Aided Verification
The ORCHIDS intrusion detection tool
CAV'05 Proceedings of the 17th international conference on Computer Aided Verification
Understanding and protecting privacy: formal semantics and principled audit mechanisms
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Exploiting traces in program analysis
TACAS'06 Proceedings of the 12th international conference on Tools and Algorithms for the Construction and Analysis of Systems
TrustBus'07 Proceedings of the 4th international conference on Trust, Privacy and Security in Digital Business
Model-driven, network-context sensitive intrusion detection
MODELS'07 Proceedings of the 10th international conference on Model Driven Engineering Languages and Systems
A formal data-centric approach for passive testing of communication protocols
IEEE/ACM Transactions on Networking (TON)
DBSec'13 Proceedings of the 27th international conference on Data and Applications Security and Privacy XXVII
Privacy-preserving audit for broker-based health information exchange
Proceedings of the 4th ACM conference on Data and application security and privacy
| Hi-index | 0.01 |
Abstract: Log auditing is a basic intrusion detection mechanism, whereby attacks are detected by uncovering matches of sequences of events against signatures. We argue that this is naturally expressed as a model-checking problem against linear Kripke models. A variant of the classic linear time temporal logic of Manna and Pnueli with first-order variables is first investigated in this framework. But this logic is in dire need of refinement, as far as expressiveness and efficiency are concerned. We therefore propose a second, less standard logic consisting of flat, Wolper-style linear-time formulae. We describe an efficient on-line algorithm, making the approach attractive for complex log auditing tasks. We also present a few optimizations that the use of a formal semantics affords us.