ADeLe: An Attack Description Language for Knowledge-Based Intrusion Detection
ADeLe is an attack description language designed to model a database of known attack scenarios. As the descriptions might contain executable attack code, it allows one to test the efficiency of given Intrusion Detection Systems (IDS). Signatures can also be extracted from the descriptions to configure a particular IDS.
KeywordsIntrusion detection attack description language
- M. Bishop. A standard audit trail format. Technical report, Department of Computer Science, University of California at Davis, 1995.Google Scholar
- F. Cuppens and R. Ortalo. Lambda: A language to model a database for detection of attacks. In Proceedings of the Third International Workshop on the Recent Advances in Intrusion Detection (RAID’ 2000), October 2000.Google Scholar
- D. Curry. Intrusion detection message exchange format, extensible markup language (xml) document type definition. draft-ietf-idwg-idmef-xml-02.txt, December 2000.Google Scholar
- R. Deraison. The nessus attack scripting language reference guide. http://www.nessus.org, September 1999.
- S. T. Eckmann, G. Vigna, and R. A. Kemmerer. Statl: An attack language for state-based intrusion detection. In Proceedings of the ACM Workshop on Intrusion Detection, November 2000.Google Scholar
- R. Feiertag, C. Kahn, P. Porras, D. Schnackenberg, S. Staniford-Chen, and B. Tung. A common intrusion specification language (cisl). specification draft, http://www.gidos.org, June 1999.
- J. D. Howard and T. A. Longstaff. A common language for computer security incidents. Technical Report SAND98-8667, Sandia National Laboratories, October 1998.Google Scholar
- V. Jacobson, C. Leres, and S. McCanne. Tcpdump 3.5 documentation. http://www.tcpdump.org, 2000.
- K. Kendall. A database of computer attacks for the evaluation of intrusion detection systems. Master’s thesis, Department of Electrical Engineering and Computer Science, Massachusetts Institute of Technology, June 1999.Google Scholar
- S. Kumar and E. H. Spafford. A software architecture to support misuse intrusion detection. Technical Report CSD-TR-95-009, The COAST Project Department of Computer Sciences, Purdue University, 1995.Google Scholar
- L. M’e. Gassata, a genetic algorithm as an alternative tool for security audit trails analysis. In Proceedings of the first international workshop on the Recent Advances in Intrusion Detection (RAID’98), 1998.Google Scholar
- V. Paxson. Bro: A system for detecting network intruders in real-time. In Proceedings of the 7th Usenix Security Symposium, January 1998.Google Scholar
- M. Roesch. Snort-lightweight intrusion detection for networks. In Proceedings of the USENIX LISA’ 99 conference, November 1999.Google Scholar
- Secure Networks. Custom Attack Simulation Language (CASL), January 1998.Google Scholar
- Sun Microsystems, Inc. Sunshield basic security module guide. Solaris Documentation.Google Scholar
- E. Turner and R. Zachary. Securenet pro software’s snp-l scripting system. White paper, http://www.intrusion.com, July 2000.
- G. Vigna, S. T. Eckmann, and R. A. Kemmerer. Attack languages. In Proceedings of the IEEE Information Survivability Workshop, October 2000.Google Scholar