From Intrusion Detection to Software Design

I believe the single most important reason why we are so helpless against cyber-attackers is that present systems are not supervisable. This opinion is developed in years spent working on network intrusion detection, both as academic and entrepreneur. I believe we need to start writing software and systems that are supervisable by design; in particular, we should do this for embedded devices. In this paper, I present a personal view on the field of intrusion detection, and conclude with some consideration on software design.

[1]  Amir Pnueli,et al.  PSL Model Checking and Run-Time Verification Via Testers , 2006, FM.

[2]  Sandro Etalle,et al.  N-Gram against the Machine: On the Feasibility of the N-Gram Network Analysis for Binary Protocols , 2012, RAID.

[3]  Thomas Henry Ptacek,et al.  Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection , 1998 .

[4]  Karl N. Levitt,et al.  Execution monitoring of security-critical programs in distributed systems: a specification-based approach , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[5]  R. Sekar,et al.  Specification-based anomaly detection: a new approach for detecting network intrusions , 2002, CCS '02.

[6]  Mahesh Viswanathan,et al.  Foundations for the Run-Time Monitoring of Reactive Systems - Fundamentals of the MaC Language , 2004, ICTAC.

[7]  Ing-Ray Chen,et al.  A survey of intrusion detection techniques for cyber-physical systems , 2014, ACM Comput. Surv..

[8]  Jerry den Hartog,et al.  Encryption in ICS networks: A blessing or a curse? , 2017, 2017 IEEE International Conference on Smart Grid Communications (SmartGridComm).

[9]  Vern Paxson,et al.  Outside the Closed World: On Using Machine Learning for Network Intrusion Detection , 2010, 2010 IEEE Symposium on Security and Privacy.

[10]  Marco Bozzano,et al.  Symbolic Synthesis of Observability Requirements for Diagnosability , 2012, AAAI.

[11]  Barbara G. Ryder,et al.  A Formal Framework for Program Anomaly Detection , 2015, RAID.

[12]  Marc Dacier,et al.  A revised taxonomy for intrusion-detection systems , 2000, Ann. des Télécommunications.

[13]  Jerry den Hartog,et al.  Hunting the Unknown - White-Box Database Leakage Detection , 2014, DBSec.