Intrusion Detection Prototype Based on ADM-Logic

Intrusion detection systems (IDS) are considered nowadays as one of the most important components in the security architecture of information systems. For a Misuse-based IDS, also known as signature based IDS, the efficiency of detection is highly correlated to the quality of signatures. It is therefore very important to select a suitable formal language that provides both high expressiveness and simplicity when specifying attack signatures. It is also fundamental to have a user friendly and automatic tool allowing the specification and the verification of these signatures. This paper shows the efficiency and the suitability of the ADM-logic as a formal language to specify properties characterizing a large variety of attack scenario, and focus on the design and implementation details of our intrusion detection prototype based on this logic.