论文信息 - Cooperative intrusion detection model based on scenario

Cooperative intrusion detection model based on scenario

When a new intrusion means is developed, many intrusion methods can be derived by exchanging the command sequences or by replacing commands with the functionally similar commands, which makes the detection of the developed intrusion very difficult. To overcome this problem, a cooperative intrusion detection model based on scenario is proposed, which is consisted of 5 layers. Topological order, isomorphic transformation and state transition analysis method are applied in the text. For an intrusion case we generate all the possible derived intrusions as an intrusion base. Based on this intrusion base, we present an efficient method to detect such intrusions by using finite automaton. Further, we apply data fusion to analysis suspicious data. A derived intrusion can be seen as an unknown intrusion, in this sense the technique presented in this paper can detect some unknown intrusions.

Wei Zhang | Xiufen Fu | Shaohua Teng | Wenwei Tan

[1] Stephanie Forrest,et al. Intrusion Detection Using Sequences of System Calls , 1998, J. Comput. Secur..

[2] Josef Pieprzyk,et al. Case-based reasoning for intrusion detection , 1996, Proceedings 12th Annual Computer Security Applications Conference.

[3] Richard A. Kemmerer,et al. Penetration state transition analysis: A rule-based intrusion detection approach , 1992, [1992] Proceedings Eighth Annual Computer Security Application Conference.

[4] Richard A. Kemmerer,et al. State Transition Analysis: A Rule-Based Intrusion Detection Approach , 1995, IEEE Trans. Software Eng..

[5] Stephen Northcutt,et al. Network Intrusion Detection: An Analyst's Hand-book , 1999 .

[6] A HofmeyrSteven,et al. Intrusion detection using sequences of system calls , 1998 .

[7] Li Jia. Correlation Analysis for Distributed Intrusion Alert , 2004 .

[8] Isij Monitor,et al. Network Intrusion Detection: An Analyst’s Handbook , 2000 .

[9] Lian Yi. A Study on Information Exchange and Cooperation in Distributed Intrusion Detection Systems , 2005 .

[10] Zhang Wei. Construction of Intrusion Detection Model for Scenario-based and State Transition Analysis , 2005 .

[11] R. Sekar,et al. A fast automaton-based method for detecting anomalous program behaviors , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.