Specification and Detection of TCP/IP Based Attacks Using the ADM-Logic

Author

Ghorbel, Meriam Ben ; Talbi, Mehdi ; Mejri, Mohamed

Author_Institution

Digital Security Unit, Higher Sch. of Commun., Tunis

fYear

2007

fDate

10-13 April 2007

Firstpage

206

Lastpage

212

Abstract

Intrusion detection systems (IDS) are considered nowadays as one of the most important components in the security architecture of information systems. For misuse-based IDS also known as signature based IDS, the efficiency of detection is highly correlated to the quality of signatures. It is therefore very important to select a suitable formal language that provides both high expressiveness and simplicity when specifying attack signatures. It is also fundamental to have a user friendly and automatic tool allowing the specification and the verification of these signatures. This paper shows the efficiency and the suitability of the ADM-logic and formal language to specify a large variety of signatures characterizing attacks based on the TCP/IP protocols. A prototype of an IDS based on this logic will be also introduced

Keywords

formal languages; formal specification; formal verification; security of data; transport protocols; ADM logic; TCP/IP based attack detection; TCP/IP based attack specification; formal language; intrusion detection systems; misuse-based IDS; security architecture; signature specification; signature verification; signature-based IDS; Communication system security; Formal languages; Information security; Information systems; Intrusion detection; Logic; Protection; Protocols; Prototypes; TCPIP;

fLanguage

English

Publisher

ieee

Conference_Titel

Availability, Reliability and Security, 2007. ARES 2007. The Second International Conference on

Conference_Location

Vienna

Print_ISBN

0-7695-2775-2

Type

conf

DOI

10.1109/ARES.2007.142

Filename

4159805