Automatic creation of models for network intrusion detection

Marko Määttä, Tomi Räty

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    2 Citations (Scopus)


    This paper proposes a tool which can create models for network intrusion detection. The created models are stored in Extensible Mark-up Language (XML) notation that describe packet level details, such as protocol header information, and in Message Sequence Chart (MSC) notation which is used for describing scenario information of network activities, for example describing a port scan with vulnerability exploitation attempt. The proposed tool will utilize Snort rules in the model creation process where a Snort rule is transformed into XML and MSC models. Besides Snort rules, the proposed tool is able to utilize network traffic traces stored in a packet capture format (Pcap). These traces may contain diverse set of different network activities that are relevant in gaining unauthorized access to computer systems or networks. Using these traces the proposed tool can create XML and MSC models that depict the malicious activities. The experimental utilization of the proposed tool will indicate that the XML and MSC models can be created fast and automatically using two separate sources and this will reduce the amount manual work required in the modelling process. (24 refs.)
    Original languageEnglish
    Title of host publicationProceedings
    Subtitle of host publicationComputing, Communications and Applications Conference, ComComAp 2012
    Place of PublicationLos Alamitos, CA, USA
    PublisherIEEE Institute of Electrical and Electronic Engineers
    ISBN (Electronic)978-1-4577-1719-2
    ISBN (Print)978-1-4577-1717-8
    Publication statusPublished - 2012
    MoE publication typeNot Eligible
    EventComputing, Communications and Applications Conference, ComComAp 2012 - Hong Kong, China
    Duration: 11 Jan 201213 Jan 2012


    ConferenceComputing, Communications and Applications Conference, ComComAp 2012
    Abbreviated titleComComAp 2012
    CityHong Kong


    • Modelling
    • XML
    • MSC
    • network intrusion detection
    • Snort rule
    • Pcap


    Dive into the research topics of 'Automatic creation of models for network intrusion detection'. Together they form a unique fingerprint.

    Cite this