Research Article
Modeling and Detection of Complex Attacks
@INPROCEEDINGS{10.1109/SECCOM.2007.4550338, author={Seyit Ahmet Camtepe and B\'{y}lent Yener}, title={Modeling and Detection of Complex Attacks}, proceedings={3rd International ICST Conference on Security and Privacy in Communication Networks}, publisher={IEEE}, proceedings_a={SECURECOMM}, year={2008}, month={6}, keywords={Algorithms Automata Collaboration Computer science Databases Intrusion detection Law Legal factors Phase detection Testing}, doi={10.1109/SECCOM.2007.4550338} }- Seyit Ahmet Camtepe
Bülent Yener
Year: 2008
Modeling and Detection of Complex Attacks
SECURECOMM
IEEE
DOI: 10.1109/SECCOM.2007.4550338
Abstract
A complex attack is a sequence of temporally and spatially separated legal and illegal actions each of which can be detected by various IDS but as a whole they constitute a powerful attack. IDS fall short of detecting and modeling complex attacks therefore new methods are required. This paper presents a formal methodology for modeling and detection of complex attacks in three phases: (1) we extend basic attack tree (AT) approach to capture temporal dependencies between components and expiration of an attack, (2) using enhanced AT we build a tree automaton which accepts a sequence of actions from input message streams from various sources if there is a traversal of an AT from leaves to root, and (3) we show how to construct an enhanced parallel automaton that has each tree automaton as a subroutine. We use simulation to test our methods, and provide a case study of representing attacks in WLANs.
