Detecting intrusions specified in a software specification language

To protect software against malicious activities, organizations are required to monitor security breaches. Intrusion detection systems (IDS) are those kinds of monitoring tools that have gained a considerable amount of popularity, A number of specification-based IDSs have been proposed, where security requirements or attack scenarios are specified using some languages. Currently, attack specification languages are being deployed for describing security requirements. Use of two different languages for software specification and security specification invites a number of unwanted but complicated issues, such as duplication of requirements specification effort as well as the existence of redundant and conflicting requirements. In this paper, we present an intrusion detection technique that uses a formal software specification language called abstract state machine language (AsmL) for the specification of security requirements. We present a framework, and develop the algorithm for the IDS that interprets the AsmL attack scenario specifications in order to detect intrusions. Moreover, we discuss case studies where the presented intrusion detection system is used to detect attacks.

[1]  LanguagesGiovanni,et al.  Attack Languages , 2007 .

[2]  Premkumar T. Devanbu,et al.  Software engineering for security: a roadmap , 2000, ICSE '00.

[3]  R. Sekar,et al.  A fast automaton-based method for detecting anomalous program behaviors , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[4]  J. Wang,et al.  Proceedings of the 29th Annual International Computer Software and Applications Conference—Workshops and Fast Abstracts COMPSAC 2005 , 2005 .

[5]  Giovanni Vigna,et al.  STATL: An Attack Language for State-Based Intrusion Detection , 2002, J. Comput. Secur..

[6]  R. Sekar,et al.  Experiences with Specification-Based Intrusion Detection , 2001, Recent Advances in Intrusion Detection.

[7]  Richard A. Kemmerer,et al.  State Transition Analysis: A Rule-Based Intrusion Detection Approach , 1995, IEEE Trans. Software Eng..

[8]  Koral Ilgun,et al.  USTAT: a real-time intrusion detection system for UNIX , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.