An Intrusion Detection Model Based Upon Intrusion Detection Markup Language

Due to the rapid growth of networked computer resources and the increasing importance of related applications, intrusions which threaten the infrastructure of these applications have are critical problems. In recent years, several intrusion detection systems designed to identify and detect possible intrusion behaviors. In this work, an intrusion detection model is proposed to for building an intrusion detection system which can solve problems involved in building an intrusion detection systems, including pattern representation, computability, performance, extendibility and maintenance problems. In this model, IDML is first designed to express intrusion patterns, and these patterns are transformed into intrusion pattern state machines. Once the intrusion pattern state machines are obtained, the corresponding intrusion detection mechanism that can use these state machines to detect intrusions is designed. To evaluate the performance of our model, an IDML-based intrusion detection experimental system based upon this architecture has been implemented.