3rd International ICST Conference on Security and Privacy in Communication Networks

Research Article

Modeling and Detection of Complex Attacks

  • @INPROCEEDINGS{10.1109/SECCOM.2007.4550338,
        author={Seyit Ahmet Camtepe and B\'{y}lent Yener},
        title={Modeling and Detection of Complex Attacks},
        proceedings={3rd International ICST Conference on Security and Privacy in Communication Networks},
        keywords={Algorithms  Automata  Collaboration  Computer science  Databases  Intrusion detection  Law  Legal factors  Phase detection  Testing},
  • Seyit Ahmet Camtepe
    Bülent Yener
    Year: 2008
    Modeling and Detection of Complex Attacks
    DOI: 10.1109/SECCOM.2007.4550338
Seyit Ahmet Camtepe1,*, Bülent Yener1,*
  • 1: Computer Science Department, Rensselaer Polytechnic Institute
*Contact email: camtes@cs.rpi.edu, yener@cs.rpi.edu


A complex attack is a sequence of temporally and spatially separated legal and illegal actions each of which can be detected by various IDS but as a whole they constitute a powerful attack. IDS fall short of detecting and modeling complex attacks therefore new methods are required. This paper presents a formal methodology for modeling and detection of complex attacks in three phases: (1) we extend basic attack tree (AT) approach to capture temporal dependencies between components and expiration of an attack, (2) using enhanced AT we build a tree automaton which accepts a sequence of actions from input message streams from various sources if there is a traversal of an AT from leaves to root, and (3) we show how to construct an enhanced parallel automaton that has each tree automaton as a subroutine. We use simulation to test our methods, and provide a case study of representing attacks in WLANs.