IDEAS home Printed from https://ideas.repec.org/a/hin/jnlmpe/621203.html
   My bibliography  Save this article

A Novel Algorithm for Intrusion Detection Based on RASL Model Checking

Author

Listed:
  • Weijun Zhu
  • Qinglei Zhou
  • Weidong Yang
  • Haibin Zhang

Abstract

The interval temporal logic (ITL) model checking (MC) technique enhances the power of intrusion detection systems (IDSs) to detect concurrent attacks due to the strong expressive power of ITL. However, an ITL formula suffers from difficulty in the description of the time constraints between different actions in the same attack. To address this problem, we formalize a novel real-time interval temporal logic—real-time attack signature logic (RASL). Based on such a new logic, we put forward a RASL model checking algorithm. Furthermore, we use RASL formulas to describe attack signatures and employ discrete timed automata to create an audit log. As a result, RASL model checking algorithm can be used to automatically verify whether the automata satisfy the formulas, that is, whether the audit log coincides with the attack signatures. The simulation experiments show that the new approach effectively enhances the detection power of the MC-based intrusion detection methods for a number of telnet attacks, p-trace attacks, and the other sixteen types of attacks. And these experiments indicate that the new algorithm can find several types of real-time attacks, whereas the existing MC-based intrusion detection approaches cannot do that.

Suggested Citation

  • Weijun Zhu & Qinglei Zhou & Weidong Yang & Haibin Zhang, 2013. "A Novel Algorithm for Intrusion Detection Based on RASL Model Checking," Mathematical Problems in Engineering, Hindawi, vol. 2013, pages 1-10, March.
    • Handle: RePEc:hin:jnlmpe:621203
    DOI: 10.1155/2013/621203
    as

    Download full text from publisher

    File URL: http://downloads.hindawi.com/journals/MPE/2013/621203.pdf
    Download Restriction: no
    File URL: http://downloads.hindawi.com/journals/MPE/2013/621203.xml
    Download Restriction: no
    File URL: https://libkey.io/10.1155/2013/621203?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    More about this item

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:hin:jnlmpe:621203. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Mohamed Abdelhakeem (email available below). General contact details of provider: https://www.hindawi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.