Title :
A misuse-based network Intrusion Detection System using Temporal Logic and stream processing
Author :
Ahmed, Abdulbasit ; Lisitsa, Alexei ; Dixon, Clare
Author_Institution :
Dept. of Comput. Sci., Univ. of Liverpool, Liverpool, UK
Abstract :
Intrusion Detection Systems (IDS) aim to detect the actions that attempt to compromise the confidentiality, availability, and integrity of a resource by monitoring the events occurring in computer systems and/or networks. Stream data processing is a database technology applied to flows of data. Temporal Logic is a formalism for representing change over time. This paper proposes the development of a network intrusion detection system by combining temporal formalisms for representing attack patterns with stream processing for intruder detection. The experimental results show that this combination successfully was able to detect all the attacks of that type in the test data. Additionally, the solution provides a concise and unambiguous way to formally represent attack signatures and it is extensible and scalable.
Keywords :
database management systems; digital signatures; security of data; temporal logic; attack signatures; database technology; misuse based network intrusion detection system; stream data processing; temporal formalisms; temporal logic; IP networks; Intrusion detection; Matched filters; Monitoring; Protocols; Semantics; Syntactics;
Conference_Titel :
Network and System Security (NSS), 2011 5th International Conference on
Conference_Location :
Milan
Print_ISBN :
978-1-4577-0458-1
DOI :
10.1109/ICNSS.2011.6059953
