Skip to main content
SpringerLink
Log in

A Model for the Semantics of Attack Signatures in Misuse Detection Systems

  • Conference paper
Information Security (ISC 2004)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3225))

Included in the following conference series:

Abstract

Misuse Detection systems identify evidence of attacks by searching for patterns of known attacks (signatures). A main problem in this context is the modeling and specification of attack signatures. A couple of languages are proposed in the literature, which differ in the aspects of signatures that can be described. Some aspects that can be specified in one language cannot be expressed in another. In this paper we present a model for the semantics of attack signatures that systematically enumerates the different aspects that characterize attack signatures. The presented model represents a kind of a checklist for the development of a signature specification language or for the comparison of existing signature specification languages.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Eckmann, St. T.; Vigna, G.; Kemmerer, R. A.: STATL: an Attack Language for Statebased Intrusion Detection. In: Proc. of the ACM Workshop on Intrusion Detection, Athens, Greece (November 2000)

    Google Scholar 

  2. Michel, C., Me, L.: ADeLe: an Attack Description Language for Knowledge-based Intrusion Detection, in Proc. of the Internat. In: Conference on Information Security, June 2001, Kluwer Academic Publishers, Dordrecht (2001)

    Google Scholar 

  3. Cuppens, F., Ortalo, R.: LAMBDA: A Language to Model a Database for Detection of Attacks. In: Debar, H., Mé, L., Wu, S.F. (eds.) RAID 2000. LNCS, vol. 1907, pp. 197–216. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  4. Pouzol, J.-P., Ducassé, M.: From Declarative Signatures to Misuse IDS. In: Lee, W., Mé, L., Wespi, A. (eds.) RAID 2001. LNCS, vol. 2212, pp. 1–21. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  5. Meier, M., Bischof, N., Holz, T.: SHEDEL - A Simple Hierarchical Event Description Language for Specifying Attack Signatures. In: Proc. of the 17th International Conference on Information Security, pp. 559–571. Kluwer Academic Publishers, Dordrecht (2002)

    Google Scholar 

  6. Zimmer, D.: A Meta-Model for the Definition of the Semantics of Complex Events in Active Database Management Systems (in German). PhD Thesis, University of Paderborn, Shaker-Verlag, ISBN: 3-8265-3744-0 (1998)

    Google Scholar 

  7. Zimmer, D., Unland, R.: On the Semantics of Complex Events in Active Database Management Systems. In: Proc. of the 15th International Conference on Data Engineering, pp. 392–399. IEEE Computer Society Press, Los Alamitos (1999)

    Google Scholar 

  8. Vigna, G., Eckmann, S.T., Kemmerer, R.A.: Attack Languages, in: Proc. of the IEEE Information Survivability Workshop, Boston, MA (October 2000)

    Google Scholar 

  9. Kumar, S.: Classification and Detection of Computer Intrusions, PhD Thesis, Purdue University (1995)

    Google Scholar 

  10. Dayal, U., Buchmann, A., Chakravarthy, S.: The HiPAC Project. In: Active Database Systems, pp. 1–55860. Morgan Kaufmann, San Francisco (1996) ISBN: 1-55860-304-2

    Google Scholar 

  11. Chakravarthy, S., Krishnaprasad, V., Anwar, E., Kim, S.: Composite Events for Active Databases: Semantics, Contexts and Detection. In: Proc. of the 20th International Conference on Very Large Databases, pp. 606–617 (1994)

    Google Scholar 

  12. Collet, C., Coupaye, T.: Composite Events in NAOS. In: Proc. of the seventh International Conference on Database and Expert Systems Applications, pp. 475–481 (1996)

    Google Scholar 

  13. Berndtsson, M.: ACCOD: An approach to an Active Object-Oriented DBMS. Master thesis, University of Skövde (1991)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Science Department, Brandenburg University of Technology Cottbus, P.O. Box 101344, 03013, Cottbus, Germany

    Michael Meier

Authors
  1. Michael Meier
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institute of psychology, Chinese Academy of Sciences, 100101, Beijing, P.R. China

    Kan Zhang

  2. Department of Software & Information Systems, The University of North Carolina at Charlotte, 9201 University City Blvd, 28223-0001, Charlotte, NC, USA

    Yuliang Zheng

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Meier, M. (2004). A Model for the Semantics of Attack Signatures in Misuse Detection Systems. In: Zhang, K., Zheng, Y. (eds) Information Security. ISC 2004. Lecture Notes in Computer Science, vol 3225. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30144-8_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-30144-8_14

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-23208-7

  • Online ISBN: 978-3-540-30144-8

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation