Abstract
ADeLe is an attack description language designed to model a database of known attack scenarios. As the descriptions might contain executable attack code, it allows one to test the efficiency of given Intrusion Detection Systems (IDS). Signatures can also be extracted from the descriptions to configure a particular IDS.
Chapter PDF
Similar content being viewed by others
References
M. Bishop. A standard audit trail format. Technical report, Department of Computer Science, University of California at Davis, 1995.
F. Cuppens and R. Ortalo. Lambda: A language to model a database for detection of attacks. In Proceedings of the Third International Workshop on the Recent Advances in Intrusion Detection (RAID’ 2000), October 2000.
D. Curry. Intrusion detection message exchange format, extensible markup language (xml) document type definition. draft-ietf-idwg-idmef-xml-02.txt, December 2000.
R. Deraison. The nessus attack scripting language reference guide. http://www.nessus.org, September 1999.
S. T. Eckmann, G. Vigna, and R. A. Kemmerer. Statl: An attack language for state-based intrusion detection. In Proceedings of the ACM Workshop on Intrusion Detection, November 2000.
R. Feiertag, C. Kahn, P. Porras, D. Schnackenberg, S. Staniford-Chen, and B. Tung. A common intrusion specification language (cisl). specification draft, http://www.gidos.org, June 1999.
J. D. Howard and T. A. Longstaff. A common language for computer security incidents. Technical Report SAND98-8667, Sandia National Laboratories, October 1998.
V. Jacobson, C. Leres, and S. McCanne. Tcpdump 3.5 documentation. http://www.tcpdump.org, 2000.
K. Kendall. A database of computer attacks for the evaluation of intrusion detection systems. Master’s thesis, Department of Electrical Engineering and Computer Science, Massachusetts Institute of Technology, June 1999.
S. Kumar and E. H. Spafford. A software architecture to support misuse intrusion detection. Technical Report CSD-TR-95-009, The COAST Project Department of Computer Sciences, Purdue University, 1995.
L. M’e. Gassata, a genetic algorithm as an alternative tool for security audit trails analysis. In Proceedings of the first international workshop on the Recent Advances in Intrusion Detection (RAID’98), 1998.
V. Paxson. Bro: A system for detecting network intruders in real-time. In Proceedings of the 7th Usenix Security Symposium, January 1998.
M. Roesch. Snort-lightweight intrusion detection for networks. In Proceedings of the USENIX LISA’ 99 conference, November 1999.
Secure Networks. Custom Attack Simulation Language (CASL), January 1998.
Sun Microsystems, Inc. Sunshield basic security module guide. Solaris Documentation.
E. Turner and R. Zachary. Securenet pro software’s snp-l scripting system. White paper, http://www.intrusion.com, July 2000.
G. Vigna, S. T. Eckmann, and R. A. Kemmerer. Attack languages. In Proceedings of the IEEE Information Survivability Workshop, October 2000.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 IFIP International Federation for Information Processing
About this paper
Cite this paper
Michel, C., Mé, L. (2001). ADeLe: An Attack Description Language for Knowledge-Based Intrusion Detection. In: Dupuy, M., Paradinas, P. (eds) Trusted Information. SEC 2001. IFIP International Federation for Information Processing, vol 65. Springer, Boston, MA. https://doi.org/10.1007/0-306-46998-7_25
Download citation
DOI: https://doi.org/10.1007/0-306-46998-7_25
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-7923-7389-6
Online ISBN: 978-0-306-46998-5
eBook Packages: Springer Book Archive