Automatic creation of models for network intrusion detection

Marko Määttä, Tomi Räty

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    2 Citations (Scopus)

    Abstract

    This paper proposes a tool which can create models for network intrusion detection. The created models are stored in Extensible Mark-up Language (XML) notation that describe packet level details, such as protocol header information, and in Message Sequence Chart (MSC) notation which is used for describing scenario information of network activities, for example describing a port scan with vulnerability exploitation attempt. The proposed tool will utilize Snort rules in the model creation process where a Snort rule is transformed into XML and MSC models. Besides Snort rules, the proposed tool is able to utilize network traffic traces stored in a packet capture format (Pcap). These traces may contain diverse set of different network activities that are relevant in gaining unauthorized access to computer systems or networks. Using these traces the proposed tool can create XML and MSC models that depict the malicious activities. The experimental utilization of the proposed tool will indicate that the XML and MSC models can be created fast and automatically using two separate sources and this will reduce the amount manual work required in the modelling process. (24 refs.)
    Original languageEnglish
    Title of host publicationProceedings
    Subtitle of host publicationComputing, Communications and Applications Conference, ComComAp 2012
    Place of PublicationLos Alamitos, CA, USA
    PublisherIEEE Institute of Electrical and Electronic Engineers
    Pages231-237
    ISBN (Electronic)978-1-4577-1719-2
    ISBN (Print)978-1-4577-1717-8
    DOIs
    Publication statusPublished - 2012
    MoE publication typeNot Eligible
    EventComputing, Communications and Applications Conference, ComComAp 2012 - Hong Kong, China
    Duration: 11 Jan 201213 Jan 2012

    Conference

    ConferenceComputing, Communications and Applications Conference, ComComAp 2012
    Abbreviated titleComComAp 2012
    CountryChina
    CityHong Kong
    Period11/01/1213/01/12

    Fingerprint

    Intrusion detection
    XML
    Computer networks
    Computer systems
    Network protocols

    Keywords

    • Modelling
    • XML
    • MSC
    • network intrusion detection
    • Snort rule
    • Pcap

    Cite this

    Määttä, M., & Räty, T. (2012). Automatic creation of models for network intrusion detection. In Proceedings: Computing, Communications and Applications Conference, ComComAp 2012 (pp. 231-237). Los Alamitos, CA, USA: IEEE Institute of Electrical and Electronic Engineers . https://doi.org/10.1109/ComComAp.2012.6154805
    Määttä, Marko ; Räty, Tomi. / Automatic creation of models for network intrusion detection. Proceedings: Computing, Communications and Applications Conference, ComComAp 2012. Los Alamitos, CA, USA : IEEE Institute of Electrical and Electronic Engineers , 2012. pp. 231-237
    @inproceedings{4388e58ae7d54838a37c8e3722077626,
    title = "Automatic creation of models for network intrusion detection",
    abstract = "This paper proposes a tool which can create models for network intrusion detection. The created models are stored in Extensible Mark-up Language (XML) notation that describe packet level details, such as protocol header information, and in Message Sequence Chart (MSC) notation which is used for describing scenario information of network activities, for example describing a port scan with vulnerability exploitation attempt. The proposed tool will utilize Snort rules in the model creation process where a Snort rule is transformed into XML and MSC models. Besides Snort rules, the proposed tool is able to utilize network traffic traces stored in a packet capture format (Pcap). These traces may contain diverse set of different network activities that are relevant in gaining unauthorized access to computer systems or networks. Using these traces the proposed tool can create XML and MSC models that depict the malicious activities. The experimental utilization of the proposed tool will indicate that the XML and MSC models can be created fast and automatically using two separate sources and this will reduce the amount manual work required in the modelling process. (24 refs.)",
    keywords = "Modelling, XML, MSC, network intrusion detection, Snort rule, Pcap",
    author = "Marko M{\"a}{\"a}tt{\"a} and Tomi R{\"a}ty",
    note = "Project code: 38713",
    year = "2012",
    doi = "10.1109/ComComAp.2012.6154805",
    language = "English",
    isbn = "978-1-4577-1717-8",
    pages = "231--237",
    booktitle = "Proceedings",
    publisher = "IEEE Institute of Electrical and Electronic Engineers",
    address = "United States",

    }

    Määttä, M & Räty, T 2012, Automatic creation of models for network intrusion detection. in Proceedings: Computing, Communications and Applications Conference, ComComAp 2012. IEEE Institute of Electrical and Electronic Engineers , Los Alamitos, CA, USA, pp. 231-237, Computing, Communications and Applications Conference, ComComAp 2012, Hong Kong, China, 11/01/12. https://doi.org/10.1109/ComComAp.2012.6154805

    Automatic creation of models for network intrusion detection. / Määttä, Marko; Räty, Tomi.

    Proceedings: Computing, Communications and Applications Conference, ComComAp 2012. Los Alamitos, CA, USA : IEEE Institute of Electrical and Electronic Engineers , 2012. p. 231-237.

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    TY - GEN

    T1 - Automatic creation of models for network intrusion detection

    AU - Määttä, Marko

    AU - Räty, Tomi

    N1 - Project code: 38713

    PY - 2012

    Y1 - 2012

    N2 - This paper proposes a tool which can create models for network intrusion detection. The created models are stored in Extensible Mark-up Language (XML) notation that describe packet level details, such as protocol header information, and in Message Sequence Chart (MSC) notation which is used for describing scenario information of network activities, for example describing a port scan with vulnerability exploitation attempt. The proposed tool will utilize Snort rules in the model creation process where a Snort rule is transformed into XML and MSC models. Besides Snort rules, the proposed tool is able to utilize network traffic traces stored in a packet capture format (Pcap). These traces may contain diverse set of different network activities that are relevant in gaining unauthorized access to computer systems or networks. Using these traces the proposed tool can create XML and MSC models that depict the malicious activities. The experimental utilization of the proposed tool will indicate that the XML and MSC models can be created fast and automatically using two separate sources and this will reduce the amount manual work required in the modelling process. (24 refs.)

    AB - This paper proposes a tool which can create models for network intrusion detection. The created models are stored in Extensible Mark-up Language (XML) notation that describe packet level details, such as protocol header information, and in Message Sequence Chart (MSC) notation which is used for describing scenario information of network activities, for example describing a port scan with vulnerability exploitation attempt. The proposed tool will utilize Snort rules in the model creation process where a Snort rule is transformed into XML and MSC models. Besides Snort rules, the proposed tool is able to utilize network traffic traces stored in a packet capture format (Pcap). These traces may contain diverse set of different network activities that are relevant in gaining unauthorized access to computer systems or networks. Using these traces the proposed tool can create XML and MSC models that depict the malicious activities. The experimental utilization of the proposed tool will indicate that the XML and MSC models can be created fast and automatically using two separate sources and this will reduce the amount manual work required in the modelling process. (24 refs.)

    KW - Modelling

    KW - XML

    KW - MSC

    KW - network intrusion detection

    KW - Snort rule

    KW - Pcap

    U2 - 10.1109/ComComAp.2012.6154805

    DO - 10.1109/ComComAp.2012.6154805

    M3 - Conference article in proceedings

    SN - 978-1-4577-1717-8

    SP - 231

    EP - 237

    BT - Proceedings

    PB - IEEE Institute of Electrical and Electronic Engineers

    CY - Los Alamitos, CA, USA

    ER -

    Määttä M, Räty T. Automatic creation of models for network intrusion detection. In Proceedings: Computing, Communications and Applications Conference, ComComAp 2012. Los Alamitos, CA, USA: IEEE Institute of Electrical and Electronic Engineers . 2012. p. 231-237 https://doi.org/10.1109/ComComAp.2012.6154805