Attacks Against Computer Network: Formal Grammar-Based Framework and Simulation Tool

The paper presents an approach and formal framework for modeling attacks against computer network and its software implementation on the basis of a multi-agent architecture. The model of an attack is considered as a complex process of contest of adversary entities those are malefactor or team of malefactors, on the one hand, and network security system implementing a security policy, on the other hand. The paper focuses on the conceptual justification of the chosen approach, specification of the basic components composing attack model, formal frameworks for specification of the above components and their interaction in simulation procedure. The peculiarities of the developed approach are the followings: (1) malefactor's intention-centric attack modeling; (2) multi-level attack specification; (3) ontology-based distributed attack model structuring; (4) attributed stochastic LL(2) context-free grammar for formal specification of attack scenarios and its components (simple attacks); (5) using operation of formal grammar substitution for specification of multi-level structure of attacks; (6) state machine-based formal grammar framework implementation; (7) on-line generation of the malefactor's activity resulting from the reaction of the attacked network security system.

[1]  Jong Sou Park,et al.  Network Security Modeling and Cyber Attack Simulation Methodology , 2001, ACISP.

[2]  Ludovic Mé,et al.  ADeLe: An Attack Description Language for Knowledge-Based Intrusion Detection , 2001, SEC.

[3]  Dominique Alessandri,et al.  Towards a Taxonomy of Intrusion Detection Systems and Attacks , 2001 .

[4]  Suresh L. Konda,et al.  A Simulation Model for Managing Survivability of Networked Information Systems , 2000 .

[5]  Biswanath Mukherjee,et al.  A Software Platform for Testing Intrusion Detection Systems , 1997, IEEE Softw..

[6]  Matt Bishop,et al.  A standard audit trail format , 1995 .

[7]  Frédéric Cuppens,et al.  LAMBDA: A Language to Model a Database for Detection of Attacks , 2000, Recent Advances in Intrusion Detection.

[8]  Eugene H. Spafford,et al.  Software vulnerability analysis , 1998 .

[9]  Fred Cohen,et al.  Simulating cyber attacks, defences, and consequences , 1999, Comput. Secur..

[10]  Milind Tambe,et al.  Towards Flexible Teamwork , 1997, J. Artif. Intell. Res..

[11]  Richard Lippmann,et al.  The 1999 DARPA off-line intrusion detection evaluation , 2000, Comput. Networks.

[12]  Alfred V. Aho,et al.  The Theory of Parsing, Translation, and Compiling , 1972 .

[13]  Giovanni Vigna,et al.  NetSTAT: a network-based intrusion detection approach , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[14]  King-Sun Fu,et al.  Syntactic Methods in Pattern Recognition , 1974, IEEE Transactions on Systems, Man, and Cybernetics.

[15]  John Mhugh The 1998 Lincoln Laboratory IDS evaluation : A critique , 2000 .

[16]  Giovanni Vigna,et al.  STATL: An Attack Language for State-Based Intrusion Detection , 2002, J. Comput. Secur..

[17]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[18]  Igor V. Kotenko,et al.  Software Development Kit for Multi-agent Systems Design and Implementation , 2001, CEEMAS.

[19]  Fred Cohen,et al.  Information system attacks: A preliminary classification scheme , 1997, Comput. Secur..

[20]  Andrew P. Moore,et al.  Attack Modeling for Information Security and Survivability , 2001 .

[21]  Erland Jonsson,et al.  How to systematically classify computer security intrusions , 1997, S&P 1997.

[22]  Andrew Stewart Distributed Metastasis : A Computer Network Penetration Methodology , 1999 .

[23]  M. Chung,et al.  Simulating Concurrent Intrusionsfor Testing Intrusion Detection Systems : Parallelizing Intrusions , 1995 .

[24]  John McHugh,et al.  The 1998 Lincoln Laboratory IDS Evaluation , 2000, Recent Advances in Intrusion Detection.

[25]  Shyhtsun Felix Wu,et al.  Intrusion-detection for incident-response, using a military battlefield-intelligence process , 2000, Comput. Networks.

[26]  Ming-Yuh Huang,et al.  A large scale distributed intrusion detection framework based on attack strategy analysis , 1999, Comput. Networks.

[27]  Shyhtsun Felix Wu,et al.  Intrusion Detection for an On-Going Attack , 1999, Recent Advances in Intrusion Detection.

[28]  Richard A. Kemmerer,et al.  State Transition Analysis: A Rule-Based Intrusion Detection Approach , 1995, IEEE Trans. Software Eng..

[29]  Thomas A. Longstaff,et al.  A common language for computer security incidents , 1998 .

[30]  David A. Curry,et al.  Intrusion detection message exchange format: Extensible markup language (xml) document type de nitio , 2001 .

[31]  David Icove,et al.  Computer crime - a crimefighter's handbook , 1995, Computer security.

[32]  John McHugh,et al.  Intrusion and intrusion detection , 2001, International Journal of Information Security.

[33]  Frédéric Cuppens,et al.  Computer Security - ESORICS 2000 , 2000, Lecture Notes in Computer Science.