论文信息 - Effective event description using trend template language and efficient intrusion detection

Effective event description using trend template language and efficient intrusion detection

Trend template language, TTL, is considerably a new approach for describing computer intrusion events. Its inherent strength of linguistic constructs could help describe events more effectively which can help detection process overcome limitations of current intrusion detection techniques to detect attack trends. Some researches have been already conducted establishing the strength and possibilities of TTL as an event description language over some traditional approaches. This article goes further with TTL and dissects the possibilities and limitations of TTL and trend detection with practical view point.

Phan Minh Dung | Md. Ahsan Habib | P. M. Dung | Md. Ahsan Habib

[1] John B. Shoven,et al. I , Edinburgh Medical and Surgical Journal.

[2] Sourmitra Dutta,et al. Temporal reasoning in medical expert systems , 1988, Proceedings of the Symposium on the Engineering of Computer-Based Medical.

[3] Ira J. Haimowitz,et al. Knowledge-based trend detection and diagnosis , 1994 .

[4] A. One,et al. Smashing The Stack For Fun And Profit , 1996 .

[5] Kristopher Kendall,et al. A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems , 1999 .

[6] J. Doyle. SOME REPRESENTATIONAL LIMITATIONS OF THE COMMON INTRUSION SPECI?CATION LANGUAGE , 1999 .

[7] I. Kohane,et al. Event Recognition Beyond Signature and Anomaly , 2001 .

[8] Giovanni Vigna,et al. STATL: An Attack Language for State-Based Intrusion Detection , 2002, J. Comput. Secur..

[9] J. Chow. An Assessment of the DARPA IDS Evaluation Dataset Using Snort S Terry Brugger , 2005 .

[10] Aaas News,et al. Book Reviews , 1893, Buffalo Medical and Surgical Journal.

[11] Detectors should be characterized by likelihood ratios , not posterior probabilities , .