Abstract
In many existing misuse intrusion detection systems, intrusion signatures are very close to the detection algorithms. As a consequence, they contain too many cumbersome details. Recent work have proposed declarative signature languages that raise the level of abstraction when writing signatures. However, these languages do not always come with operational support. In this article, we show how to transform such declarative signatures into operational ones. This process points out several technical details which must be considered with care when performing the translation by hand, but which can be systematically handled. A signature specification language named Sutekh is proposed. Its declarative semantics is precisely described. To produce rules for existing rule-based IDS from Sutekh signatures, an algorithm, based on the construction of a state-transition diagram, is given.
Cite
CITATION STYLE
Pouzol, J. P., & Ducassé, M. (2015). From declarative signatures to misuse IDS. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2212, 1–21. https://doi.org/10.1007/3-540-45474-8_1
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
