LAMBDA: A Language to Model a Database for Detection of Attacks

Cuppens, Frédéric; Ortalo, Rodolphe

doi:10.1007/3-540-39945-3_13

Frédéric Cuppens⁷ &
Rodolphe Ortalo⁸

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 1907))

Included in the following conference series:

International Workshop on Recent Advances in Intrusion Detection

1210 Accesses
146 Citations

Abstract

This article presents an attack description language. This language is based on logic and uses a declarative approach. In the language, the conditions and effects of an attack are described with logical formulas related to the state of the target computer system. The various steps of the attack process are associated to events, which may be combined using specific algebraic operators. These elements provide a description of the attack from the point of view of the attacker. They are complemented with additional elements corresponding to the point of view of intrusion detection systems and audit programs. These detection and verification aspects provide the language user with means to tailor the description of the attack to the needs of a specific intrusion detection system or a specific environment.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Feiertag, R., Kahn, Porras, Schnackenberg, D., Staniford-Chen, S., Tung, B., “A Common Intrusion Specification Language (CISL)”, Common Intrusion Detection Framework (CIDF) working group, June 11, 1999.
Google Scholar
Debar, H., Huang, M. and Donahoo, D., “Intrusion Detection Exchange Format Data Model”, draft-ietf-idwg-data-model-02.txt, Internet Draft, IDWG, Internet Engineering Task Force, March 7, 2000, work in progress.
Google Scholar
Wood, M., “Intrusion Detection Message Exchange Requirements”, draft-ietf-idwg-requirements-02.txt, Internet Draft, IDWG, Internet Engineering Task Force, October 21, 1999, work in progress.
Google Scholar
Curry, D., “Intrusion Detection Message Exchange Format Extensible Markup Language (XML) Document Type Definition”, draft-ietf-idwg-idmef-xml-01.txt, Internet Draft, IDWG, Internet Engineering Task Force, March 15, 2000, work in progress.
Google Scholar
W. Baldwin Robert, Su-Kuang: Rule-based Security Checking, Technical report, Programming Systems Research Group, Lab. for Computer Science, MIT, May 1994.
Google Scholar
Zerkle, D. and Levitt, K., “NetKuang-a Multi-Host Configuration Vulnerability Checker”, in 6th USENIX Security Symposium, San Jose, CA, USA, July 1996.
Google Scholar
Ming-Yuh Huang, Thomas W. Wicks, “A Large-scale Distributed Intrusion Detection Framework Based on Attack Strategy Analysis”, First International Workshop on the Recent Advances in Intrusion Detection RAID’98, Louvain-la-Neuve, Belgium, September 14–16, 1998.
Google Scholar
Sadri, F. and Kowalski, R., “Variants of the event calculus”, Proc. of ICLP, MIT Press, 1995.
Google Scholar
A. Mounji and B. Le Charlier, “Continuous Assessment of a Unix Configuration: Integrating Intrusion Detection and Configuration Analysis”, in Proceedings of the ISOC’97 Symposium on Network and Distributed System Security, San Diego, USA, February 1997.
Google Scholar
A. Mounji, Languages and Tools for Rule-Based Distributed Intrusion Detection, PhD thesis, Computer Science Institute, Université de Namur, Belgium, September 1997.
Google Scholar
Ilgun, K., “USTAT: A real-time intrusion detection system for Unix”, in IEEE Symposium on Security and Privacy, pp. 16–29, 1993.
Google Scholar
Sandeep Kumar, Classification and Detection of Computer Intrusion, Ph. D. thesis, Department of Computer Science, Purdue University, West Lafayette, IN, USA, August 1995.
Google Scholar
Teresa Lunt, “IDES: An intelligent system for detecting intruders”, in Computer Security, Threats and Countermeasures, November 1990.
Google Scholar
Hervé Debar, Marc Dacier and Andreas Wespi, A Revised Taxonomy for Intrusion-Detection Systems, Research Report RZ3176 (#93222), IBM Research, Zurich Research Laboratory, 23 p., October 25, 1999.
Google Scholar

Download references

Author information

Authors and Affiliations

ONERA, Centre de Toulouse, 2, avenue Edouard Belin, 31055, Toulouse cedex 4, France
Frédéric Cuppens
NEUROCOM, Ter Sud A - Z.I. La Plaine, 5, avenue Marcel Dassault, 31500, Toulouse, France
Rodolphe Ortalo

Authors

Frédéric Cuppens
View author publications
You can also search for this author in PubMed Google Scholar
Rodolphe Ortalo
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

France Télécom R & D, 42 Rue des Coutoures, 14000, Caen, France
Hervé Debar
SUPELEC, BP 28, 35511, Cesson Sevigne Cedex, France
Ludovic Mé
Department of Computer Science, 2063 Engineering II, University of California at Davis, One Shields Avenue, Davis, CA, 95616-8562, USA
S. Felix Wu

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Cuppens, F., Ortalo, R. (2000). LAMBDA: A Language to Model a Database for Detection of Attacks. In: Debar, H., Mé, L., Wu, S.F. (eds) Recent Advances in Intrusion Detection. RAID 2000. Lecture Notes in Computer Science, vol 1907. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-39945-3_13

Download citation

DOI: https://doi.org/10.1007/3-540-39945-3_13
Published: 11 November 2000
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-41085-0
Online ISBN: 978-3-540-39945-2
eBook Packages: Springer Book Archive

Publish with us

Policies and ethics