Formal Specification for Fast Automatic IDS Training
نویسندگان
چکیده
A characterization of the behavior of an application is fundamental for the anomaly-based intrusion detection. This paper illustrates a methodology for the synthesis of the behavior of an application program in terms of the set of system calls invoked by the program. The methodology is completely automated, with the exception of the description of the high level specification of the application program, which is demanded to the system analyst. The technology employed (VSP/CVS) for such synthesis minimizes the efforts required to code the specification of the application. The methodology is completely independent from the intrusion detection tool adopted, and appears suitable to derive the expected behavior of a secure WEB server that can effectively support the increasing request of security that affects the ecommerce. As a case study, the methodology is applied to the Post Office Protocol, the ipop3d daemon.
منابع مشابه
Towards Automatic Deduction and Event Reconstruction Using Forensic Lucid and Probabilities to Encode the IDS Evidence
Introduction. We apply the theoretical framework and formal model of the observation tuple with the credibility weight for forensic analysis of the IDS data and the corresponding event reconstruction. Forensic Lucid – a forensic case modeling and specification language is used for the task. In the ongoing theoretical and practical work, Forensic Lucid is augmented with the Dempster-Shafer theor...
متن کاملFormal Reasoning About Intrusion Detection Systems
We present a formal framework for the analysis of intrusion detection systems (IDS) that employ declarative rules for attack recognition, e.g. specification-based intrusion detection. Our approach allows reasoning about the effectiveness of an IDS. A formal framework is built with the theorem prover ACL2 to analyze and improve detection rules of IDSs. SHIM (System Health and Intrusion Monitorin...
متن کاملIntrusion Detection Prototype Based on ADM-Logic
Intrusion detection systems (IDS) are considered nowadays as one of the most important components in the security architecture of information systems. For a Misuse-based IDS, also known as signature based IDS, the efficiency of detection is highly correlated to the quality of signatures. It is therefore very important to select a suitable formal language that provides both high expressiveness a...
متن کاملWeb Service Choreography Verification Using Z Formal Specification
Web Service Choreography Description Language (WS-CDL) describes and orchestrates the services interactions among multiple participants. WS-CDL verification is essential since the interactions would lead to mismatches. Existing works verify the messages ordering, the flow of messages, and the expected results from collaborations. In this paper, we present a Z specification of WS-CDL. Besides ve...
متن کاملA Preliminary Approach to the Automatic Extraction of Business Rules from Unrestricted Text in the Banking Industry
This paper addresses the problem of extracting formal statements, in the form of business rules, from free text descriptions of financial products or services. This automatic process is integrated in the banking software factory, permitting business analysts the formal specification, direct implementation and fast deployment of new products. This system is fully integrated with the typical soft...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2002