Automatic creation of models for network intrusion detection

Marko Määttä, Tomi Räty

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

2 Citations (Scopus)

Abstract

This paper proposes a tool which can create models for network intrusion detection. The created models are stored in Extensible Mark-up Language (XML) notation that describe packet level details, such as protocol header information, and in Message Sequence Chart (MSC) notation which is used for describing scenario information of network activities, for example describing a port scan with vulnerability exploitation attempt. The proposed tool will utilize Snort rules in the model creation process where a Snort rule is transformed into XML and MSC models. Besides Snort rules, the proposed tool is able to utilize network traffic traces stored in a packet capture format (Pcap). These traces may contain diverse set of different network activities that are relevant in gaining unauthorized access to computer systems or networks. Using these traces the proposed tool can create XML and MSC models that depict the malicious activities. The experimental utilization of the proposed tool will indicate that the XML and MSC models can be created fast and automatically using two separate sources and this will reduce the amount manual work required in the modelling process. (24 refs.)
Original languageEnglish
Title of host publicationProceedings
Subtitle of host publicationComputing, Communications and Applications Conference, ComComAp 2012
Place of PublicationLos Alamitos, CA, USA
PublisherInstitute of Electrical and Electronic Engineers IEEE
Pages231-237
ISBN (Electronic)978-1-4577-1719-2
ISBN (Print)978-1-4577-1717-8
DOIs
Publication statusPublished - 2012
MoE publication typeNot Eligible
EventComputing, Communications and Applications Conference, ComComAp 2012 - Hong Kong, China
Duration: 11 Jan 201213 Jan 2012

Conference

ConferenceComputing, Communications and Applications Conference, ComComAp 2012
Abbreviated titleComComAp 2012
CountryChina
CityHong Kong
Period11/01/1213/01/12

Fingerprint

Intrusion detection
XML
Computer networks
Computer systems
Network protocols

Keywords

  • Modelling
  • XML
  • MSC
  • network intrusion detection
  • Snort rule
  • Pcap

Cite this

Määttä, M., & Räty, T. (2012). Automatic creation of models for network intrusion detection. In Proceedings: Computing, Communications and Applications Conference, ComComAp 2012 (pp. 231-237). Los Alamitos, CA, USA: Institute of Electrical and Electronic Engineers IEEE. https://doi.org/10.1109/ComComAp.2012.6154805
Määttä, Marko ; Räty, Tomi. / Automatic creation of models for network intrusion detection. Proceedings: Computing, Communications and Applications Conference, ComComAp 2012. Los Alamitos, CA, USA : Institute of Electrical and Electronic Engineers IEEE, 2012. pp. 231-237
@inproceedings{4388e58ae7d54838a37c8e3722077626,
title = "Automatic creation of models for network intrusion detection",
abstract = "This paper proposes a tool which can create models for network intrusion detection. The created models are stored in Extensible Mark-up Language (XML) notation that describe packet level details, such as protocol header information, and in Message Sequence Chart (MSC) notation which is used for describing scenario information of network activities, for example describing a port scan with vulnerability exploitation attempt. The proposed tool will utilize Snort rules in the model creation process where a Snort rule is transformed into XML and MSC models. Besides Snort rules, the proposed tool is able to utilize network traffic traces stored in a packet capture format (Pcap). These traces may contain diverse set of different network activities that are relevant in gaining unauthorized access to computer systems or networks. Using these traces the proposed tool can create XML and MSC models that depict the malicious activities. The experimental utilization of the proposed tool will indicate that the XML and MSC models can be created fast and automatically using two separate sources and this will reduce the amount manual work required in the modelling process. (24 refs.)",
keywords = "Modelling, XML, MSC, network intrusion detection, Snort rule, Pcap",
author = "Marko M{\"a}{\"a}tt{\"a} and Tomi R{\"a}ty",
note = "Project code: 38713",
year = "2012",
doi = "10.1109/ComComAp.2012.6154805",
language = "English",
isbn = "978-1-4577-1717-8",
pages = "231--237",
booktitle = "Proceedings",
publisher = "Institute of Electrical and Electronic Engineers IEEE",
address = "United States",

}

Määttä, M & Räty, T 2012, Automatic creation of models for network intrusion detection. in Proceedings: Computing, Communications and Applications Conference, ComComAp 2012. Institute of Electrical and Electronic Engineers IEEE, Los Alamitos, CA, USA, pp. 231-237, Computing, Communications and Applications Conference, ComComAp 2012, Hong Kong, China, 11/01/12. https://doi.org/10.1109/ComComAp.2012.6154805

Automatic creation of models for network intrusion detection. / Määttä, Marko; Räty, Tomi.

Proceedings: Computing, Communications and Applications Conference, ComComAp 2012. Los Alamitos, CA, USA : Institute of Electrical and Electronic Engineers IEEE, 2012. p. 231-237.

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

TY - GEN

T1 - Automatic creation of models for network intrusion detection

AU - Määttä, Marko

AU - Räty, Tomi

N1 - Project code: 38713

PY - 2012

Y1 - 2012

N2 - This paper proposes a tool which can create models for network intrusion detection. The created models are stored in Extensible Mark-up Language (XML) notation that describe packet level details, such as protocol header information, and in Message Sequence Chart (MSC) notation which is used for describing scenario information of network activities, for example describing a port scan with vulnerability exploitation attempt. The proposed tool will utilize Snort rules in the model creation process where a Snort rule is transformed into XML and MSC models. Besides Snort rules, the proposed tool is able to utilize network traffic traces stored in a packet capture format (Pcap). These traces may contain diverse set of different network activities that are relevant in gaining unauthorized access to computer systems or networks. Using these traces the proposed tool can create XML and MSC models that depict the malicious activities. The experimental utilization of the proposed tool will indicate that the XML and MSC models can be created fast and automatically using two separate sources and this will reduce the amount manual work required in the modelling process. (24 refs.)

AB - This paper proposes a tool which can create models for network intrusion detection. The created models are stored in Extensible Mark-up Language (XML) notation that describe packet level details, such as protocol header information, and in Message Sequence Chart (MSC) notation which is used for describing scenario information of network activities, for example describing a port scan with vulnerability exploitation attempt. The proposed tool will utilize Snort rules in the model creation process where a Snort rule is transformed into XML and MSC models. Besides Snort rules, the proposed tool is able to utilize network traffic traces stored in a packet capture format (Pcap). These traces may contain diverse set of different network activities that are relevant in gaining unauthorized access to computer systems or networks. Using these traces the proposed tool can create XML and MSC models that depict the malicious activities. The experimental utilization of the proposed tool will indicate that the XML and MSC models can be created fast and automatically using two separate sources and this will reduce the amount manual work required in the modelling process. (24 refs.)

KW - Modelling

KW - XML

KW - MSC

KW - network intrusion detection

KW - Snort rule

KW - Pcap

U2 - 10.1109/ComComAp.2012.6154805

DO - 10.1109/ComComAp.2012.6154805

M3 - Conference article in proceedings

SN - 978-1-4577-1717-8

SP - 231

EP - 237

BT - Proceedings

PB - Institute of Electrical and Electronic Engineers IEEE

CY - Los Alamitos, CA, USA

ER -

Määttä M, Räty T. Automatic creation of models for network intrusion detection. In Proceedings: Computing, Communications and Applications Conference, ComComAp 2012. Los Alamitos, CA, USA: Institute of Electrical and Electronic Engineers IEEE. 2012. p. 231-237 https://doi.org/10.1109/ComComAp.2012.6154805