• DocumentCode
    1952247
  • Title

    Modeling and detection of complex attacks

  • Author

    Camtepe, Seyit Ahmet ; Yener, Bulent

  • Author_Institution
    Computer Science Department, Rensselaer Polytechnic Institute, USA
  • fYear
    2007
  • fDate
    17-21 Sept. 2007
  • Firstpage
    234
  • Lastpage
    243
  • Abstract
    A complex attack is a sequence of temporally and spatially separated legal and illegal actions each of which can be detected by various IDS but as a whole they constitute a powerful attack. IDS fall short of detecting and modeling complex attacks therefore new methods are required. This paper presents a formal methodology for modeling and detection of complex attacks in three phases: (1) we extend basic attack tree (AT) approach to capture temporal dependencies between components and expiration of an attack, (2) using enhanced AT we build a tree automaton which accepts a sequence of actions from input message streams from various sources if there is a traversal of an AT from leaves to root, and (3) we show how to construct an enhanced parallel automaton that has each tree automaton as a subroutine. We use simulation to test our methods, and provide a case study of representing attacks in WLANs.
  • Keywords
    Algorithms; Automata; Collaboration; Computer science; Databases; Intrusion detection; Law; Legal factors; Phase detection; Testing;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Security and Privacy in Communications Networks and the Workshops, 2007. SecureComm 2007. Third International Conference on
  • Conference_Location
    Nice, France
  • Print_ISBN
    978-1-4244-0974-7
  • Electronic_ISBN
    978-1-4244-0975-4
  • Type

    conf

  • DOI
    10.1109/SECCOM.2007.4550338
  • Filename
    4550338
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1952247