Benchmark Tests for the Model-Checking-Based IDS Algorithms

A fundamental concern for the security community is to identify the comprehensive comparable performance of various intrusion detection algorithms which are based on the Model Checking (MC) techniques. To address this open issue, we conduct the benchmark tests for the model-checking-based intrusion detection systems algorithms. At first, linear temporal logic, interval temporal logic and real-time attack signature logic are employed respectively to establish formula models for twenty-four types of attacks selected from KDDCUP, i.e., the annual data mining and knowledge discovery competition organized by association for computing machinery. And then, a standard intrusion set, called intrusion set for intrusion detection based on model checking, which is a behavior version of a subset of KDDCUP, is constructed. On the basis of it, detection abilities and efficiency of the intrusion detection algorithms based on model checking the three logics mentioned above are compared exhaustively. The experimental results illustrate the efficiency and abilities of these three algorithms. It is beneficial for selecting the suitable MC-based algorithms in actual deployment of intrusion detection systems.

[1]  Stefan Katzenbeisser,et al.  Proactive Detection of Computer Worms Using Model Checking , 2010, IEEE Transactions on Dependable and Secure Computing.

[2]  Feng Xiao,et al.  Network traffic classification based on transfer learning , 2018, Comput. Electr. Eng..

[3]  Roberto Giacobazzi,et al.  Unveiling metamorphism by abstract interpretation of code properties , 2015, Theor. Comput. Sci..

[4]  Jean Goubault-Larrecq,et al.  The Orchids Intrusion Detection Tool , 2005, CAV.

[5]  Benjamin Charles Moszkowski Reasoning about Digital Circuits , 1983 .

[6]  Weijun Zhu,et al.  An intrusion detection algorithm for wireless networks based on ASDL , 2018, IEEE/CAA Journal of Automatica Sinica.

[7]  Houbing Song,et al.  Digital image watermarking method based on DCT and fractal encoding , 2017, IET Image Process..

[8]  Ilsun You,et al.  On IoT Misbehavior Detection in Cyber Physical Systems , 2018, 2018 IEEE 23rd Pacific Rim International Symposium on Dependable Computing (PRDC).

[9]  Tayssir Touili,et al.  Pushdown Model Checking for Malware Detection , 2012, TACAS.

[10]  Saman A. Zonouz,et al.  Detecting Industrial Control Malware Using Automated PLC Code Analytics , 2014, IEEE Security & Privacy.

[11]  Weidong Yang,et al.  A Novel Algorithm for Intrusion Detection Based on RASL Model Checking , 2013 .

[12]  Li Zhang,et al.  A decision procedure for propositional projection temporal logic with infinite models , 2008, Acta Informatica.

[13]  Zhenhua Duan,et al.  Complexity of propositional projection temporal logic with star , 2009, Math. Struct. Comput. Sci..

[14]  Zheng Pan,et al.  A NOVEL FAST FRACTAL IMAGE COMPRESSION METHOD BASED ON DISTANCE CLUSTERING IN HIGH DIMENSIONAL SPHERE SURFACE , 2017 .

[15]  Ilsun You,et al.  Misbehavior Detection of Embedded IoT Devices in Medical Cyber Physical Systems , 2018, 2018 IEEE/ACM International Conference on Connected Health: Applications, Systems and Engineering Technologies (CHASE).

[16]  Jean Goubault-Larrecq,et al.  Log auditing through model-checking , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[17]  Zhou Qing-lei On the Decidability of Satisfiability of Discrete TITL Formulae , 2010 .

[18]  Zhang Yan A Method of Intrusion Detection Based on Model-Checking , 2005 .

[19]  J. Koenderink Q… , 2014, Les noms officiels des communes de Wallonie, de Bruxelles-Capitale et de la communaute germanophone.

[20]  Karl Henrik Johansson,et al.  Modeling of hybrid systems , 2004 .

[21]  Guy Tremblay,et al.  Extending orchids for intrusion detection in 802.11 wireless networks , 2008, NOTERE.

[22]  Samy Faddel,et al.  Physical-Model-Checking to Detect Switching-Related Attacks in Power Systems , 2018, Sensors.

[23]  Stephan Merz,et al.  Model Checking , 2000 .

[24]  Guanglu Sun,et al.  Internet Traffic Classification Based on Incremental Support Vector Machines , 2018, Mob. Networks Appl..