STATL: An attack language for state-based intrusion detection
نویسندگان
چکیده
منابع مشابه
STATL: An Attack Language for State-Based Intrusion Detection
STATL is an extensible state/transition-based attack description language designed to support intrusion detection. The language allows one to describe computer penetrations as sequences of actions that an attacker performs to compromise a computer system. A STATL description of an attack scenario can be used by an intrusion detection system to analyze a stream of events and detect possible ongo...
متن کاملADeLe: An Attack Description Language for Knowledge-Based Intrusion Detection
ADeLe is an attack description language designed to model a database of known attack scenarios. As the descriptions might contain executable attack code, it allows one to test the efficiency of given Intrusion Detection Systems (IDS). Signatures can also be extracted from the descriptions to configure a particular IDS.
متن کاملAn Intrusion Detection Model Based Upon Intrusion Detection Markup Language
Due to the rapid growth of networked computer resources and the increasing importance of related applications, intrusions which threaten the infrastructure of these applications have are critical problems. In recent years, several intrusion detection systems designed to identify and detect possible intrusion behaviors. In this work, an intrusion detection model is proposed to for building an in...
متن کاملIntrusion Detection for an On-Going Attack
An intrusion-detection system (IDS) for an on-going attack is described. Prior to an attack, an IDS operates in anticipation of a general threat. During an attack, the IDS can deal less in the general and more in the particularnamely, particulars about attackers and attacked devices. A profile of the attacker is developed, using information he reveals about himself during his attacks. Principle...
متن کاملReal-Time intrusion detection alert correlation and attack scenario extraction based on the prerequisite consequence approach
Alert correlation systems attempt to discover the relations among alerts produced by one or more intrusion detection systems to determine the attack scenarios and their main motivations. In this paper a new IDS alert correlation method is proposed that can be used to detect attack scenarios in real-time. The proposed method is based on a causal approach due to the strength of causal methods in ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Journal of Computer Security
سال: 2002
ISSN: 1875-8924,0926-227X
DOI: 10.3233/jcs-2002-101-204