A model of the behavior of network objects in distributed computer systems
- 34 Downloads
A model designed for the analysis of intrusion detection methods is described. The model also helps validate such methods and estimate their complexity. In terms of this model, a new intrusion detection method is proposed, its validity is proved, and its computational complexity is evaluated. It differs from the available expert-based methods in that it does not impose constraints on the behavior being detected and makes it possible to detect unknown or modified attacks.
KeywordsIntrusion Detection Active Object Safe State Attack Detection Attack Pattern
Unable to display preview. Download preview PDF.
- 1.Amoroso, E.G., Intrusion Detection, Sparta, NJ: Intrusion. Net Books, 1999.Google Scholar
- 2.Ranum, M.J., Experiences Benchmarking Intrusion Detection Systems, http://www.snort.org /docs/Benchmarking-IDS-NFR.pdf.
- 3.Smelyanskii, R.L., A Model of the Operation of Distributed Computer Systems, Vestn. Mosk. Univ., Ser. 15, Vychisl. Mat. Kibern., No. 3, pp. 3–21.Google Scholar
- 4.Eckmann, S.T., Vigna, G., and Kemmerer, R.A., STATL: An Attack Language for State-Based Intrusion Detection, Depart. Of Computer Science, Univ. of California: Santa Barbara, 2000.Google Scholar
- 5.Sheyner, O., Scenario Graphs and Attack Graphs, PhD thesis, SCS, Carnegie Mellon Univ., 2004.Google Scholar
- 6.Smelyanskii, R.L. and Gamayunov, D.Yu., Modern Noncommercial Tools for Attack Detection, Moscow: Faculty of Computational Mathematics and Cybernetics, Mosc. Gos. Univ., 2002.Google Scholar
- 7.Smelyanskii, R.L. and Kachalin, A.I., Application of Neuron Networks for Detecting of Anomalous Behavior of Objects in Computer Networks, Moscow: Faculty of Computational Mathematics and Cybernetics, Mosc. Gos. Univ., 2004.Google Scholar
- 8.Gorodetski, V.I. and Kotenko, I.V., Attacks against Computer Network: Formal Grammar-Based Framework and Simulation Tool, St. Petersburg Institute for Informatics and Automation, RAID, 2002, pp. 219–238.Google Scholar
- 9.GOST (State Standard) R 50922-96: Information Protection: Main Terms and Definitions, 1996.Google Scholar