Internet Archive Scholar

A Temporal Logic Based Framework for Intrusion Detection [chapter]

Prasad Naldurg, Koushik Sen, Prasanna Thati
2004 Lecture Notes in Computer Science  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (280.0 kB)
https://web.archive.org/web/20180719015352/https://link.springer.com/content/pdf/10.1007%2F978-3-540-30232-2_23.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2018; you can also visit the original URL. The file type is application/pdf.

We propose a framework for intrusion detection that is based on runtime monitoring of temporal logic specifications. We specify intrusion patterns as formulas in an expressively rich and efficiently monitorable logic called Eagle. Eagle supports data-values and parameterized recursive equations, and allows us to succinctly express security attacks with complex temporal event patterns, as well as attacks whose signatures are inherently statistical in nature. We use an online monitoring algorithm
more » ... that matches specifications of the absence of an attack, with system execution traces, and raises an alarm whenever the specification is violated. We present our implementation of this approach in a prototype tool, called Monid and report our results obtained by applying it to detect a variety of security attacks in log-files provided by DARPA.
doi:10.1007/978-3-540-30232-2_23 fatcat:6mkdtviarraj3k2von2gcdmzim
Citation

Prasad Naldurg, Koushik Sen, Prasanna Thati. "A Temporal Logic Based Framework for Intrusion Detection." Lecture Notes in Computer Science (2004) 359-376