• DocumentCode
    3307987
  • Title

    Protocol anomaly detection and verification

  • Author

    Yoo, InSeon

  • Author_Institution
    Dept. of Informatics, Fribourg Univ., Switzerland
  • fYear
    2004
  • fDate
    10-11 June 2004
  • Firstpage
    74
  • Lastpage
    81
  • Abstract
    ´How to distinguish protocol anomalies from network traffic?´ ´How to normalize protocol usage against misuse problem based on the same protocol specification?´ and ´How to detect and verify protocol anomalies in realtime?´, we seek to answer these questions. In order to solve these questions, we have normalized layer-3 and layer-4 protocol usage, and we have designed a packet verifier with a packet inspection engine and a SanityChecker. In this work, we specify TCP transaction behaviours declaratively in a high-level language called Specification and Description Language (SDL). This specification is compiled into an inspection engine program for observing packets. In addition, the SanityChecker covers protocol header anomalies.
  • Keywords
    formal specification; formal verification; security of data; specification languages; transport protocols; TCP transaction behaviour; description language; formal specification; formal verification; network traffic; packet inspection engine; packet verifier; protocol anomaly detection; specification language; Computer crime; Diffserv networks; High level languages; Inspection; Internet; Logic; Search engines; Telecommunication traffic; Transport protocols; Viruses (medical);
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Information Assurance Workshop, 2004. Proceedings from the Fifth Annual IEEE SMC
  • Print_ISBN
    0-7803-8572-1
  • Type

    conf

  • DOI
    10.1109/IAW.2004.1437800
  • Filename
    1437800
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3307987