Modeling and detection of complex attacks
| Data(s) |
01/09/2007
|
|---|---|
| Resumo |
A complex attack is a sequence of temporally and spatially separated legal and illegal actions each of which can be detected by various IDS but as a whole they constitute a powerful attack. IDS fall short of detecting and modeling complex attacks therefore new methods are required. This paper presents a formal methodology for modeling and detection of complex attacks in three phases: (1) we extend basic attack tree (AT) approach to capture temporal dependencies between components and expiration of an attack, (2) using enhanced AT we build a tree automaton which accepts a sequence of actions from input message streams from various sources if there is a traversal of an AT from leaves to root, and (3) we show how to construct an enhanced parallel automaton that has each tree automaton as a subroutine. We use simulation to test our methods, and provide a case study of representing attacks in WLANs. |
| Identificador | |
| Publicador |
IEEE Conference Publications |
| Relação |
DOI:10.1109/SECCOM.2007.4550338 Camtepe, S. A. & Yener, B. (2007) Modeling and detection of complex attacks. In Proceedings of the Third International Conference on Security and Privacy in Communications Networks and the Workshops, 2007, IEEE Conference Publications , Nice, France, 234 -243. |
| Fonte |
School of Electrical Engineering & Computer Science; Information Security Institute; Science & Engineering Faculty |
| Palavras-Chave | #080303 Computer System Security #080307 Operating Systems #Automata #Intrusion detection #Attack trees #Attack graphs |
| Tipo |
Conference Paper |
