Data reduction by identification and correlation of TCP/IP attack attributes for network forensics
Proceedings of the International Conference & Workshop on Emerging Trends in Technology
Hi-index | 0.00 |
Intrusion detection systems (IDS) are considered nowadays as one of the most important components in the security architecture of information systems. For a Misusebased IDS, also known as signature based IDS, the effi- ciency of detection is highly correlated to the quality of signatures. It is therefore very important to select a suitable formal language that provides both high expressiveness and simplicity when specifying attack signatures. It is also fundamental to have a user friendly and automatic tool allowing the specification and the verification of these signatures. This paper shows the efficiency and the suitability of the ADM-logic as a and formal language to specify a large variety of signatures characterizing attacks based on the TCP/IP protocols. A prototype of an IDS based on this logic will be also introduced.