Specification and Detection of TCP/IP Based Attacks Using the ADM-Logic

Authors:
Meriam Ben Ghorbel;Mehdi Talbi;Mohamed Mejri
Affiliations:
Digital Security Unit, Higher School of Communication,Tunis, Tunisia;Digital Security Unit, Higher School of Communication,Tunis, Tunisia;Laval University,Quebec, Canada
Venue:
ARES '07 Proceedings of the The Second International Conference on Availability, Reliability and Security
Year:
2007

Citing 0
Cited 1

Data reduction by identification and correlation of TCP/IP attack attributes for network forensics

Proceedings of the International Conference & Workshop on Emerging Trends in Technology

Quantified Score

Hi-index	0.00

Visualization

Abstract

Intrusion detection systems (IDS) are considered nowadays as one of the most important components in the security architecture of information systems. For a Misusebased IDS, also known as signature based IDS, the effi- ciency of detection is highly correlated to the quality of signatures. It is therefore very important to select a suitable formal language that provides both high expressiveness and simplicity when specifying attack signatures. It is also fundamental to have a user friendly and automatic tool allowing the specification and the verification of these signatures. This paper shows the efficiency and the suitability of the ADM-logic as a and formal language to specify a large variety of signatures characterizing attacks based on the TCP/IP protocols. A prototype of an IDS based on this logic will be also introduced.