Abstract
This paper proposes a tool which can create models for network
intrusion detection. The created models are stored in Extensible Mark-up
Language (XML) notation that describe packet level details, such as protocol
header information, and in Message Sequence Chart (MSC) notation which is
used for describing scenario information of network activities, for example
describing a port scan with vulnerability exploitation attempt. The proposed
tool will utilize Snort rules in the model creation process where a Snort
rule is transformed into XML and MSC models. Besides Snort rules, the
proposed tool is able to utilize network traffic traces stored in a packet
capture format (Pcap). These traces may contain diverse set of different
network activities that are relevant in gaining unauthorized access to
computer systems or networks. Using these traces the proposed tool can create
XML and MSC models that depict the malicious activities. The experimental
utilization of the proposed tool will indicate that the XML and MSC models
can be created fast and automatically using two separate sources and this
will reduce the amount manual work required in the modelling process. (24
refs.)
Original language | English |
---|---|
Title of host publication | Proceedings |
Subtitle of host publication | Computing, Communications and Applications Conference, ComComAp 2012 |
Place of Publication | Los Alamitos, CA, USA |
Publisher | IEEE Institute of Electrical and Electronic Engineers |
Pages | 231-237 |
ISBN (Electronic) | 978-1-4577-1719-2 |
ISBN (Print) | 978-1-4577-1717-8 |
DOIs | |
Publication status | Published - 2012 |
MoE publication type | Not Eligible |
Event | Computing, Communications and Applications Conference, ComComAp 2012 - Hong Kong, China Duration: 11 Jan 2012 → 13 Jan 2012 |
Conference
Conference | Computing, Communications and Applications Conference, ComComAp 2012 |
---|---|
Abbreviated title | ComComAp 2012 |
Country/Territory | China |
City | Hong Kong |
Period | 11/01/12 → 13/01/12 |
Keywords
- Modelling
- XML
- MSC
- network intrusion detection
- Snort rule
- Pcap