Abstract
A fundamental concern for the security community is to identify the comprehensive comparable performance of various intrusion detection algorithms which are based on the Model Checking (MC) techniques. To address this open issue, we conduct the benchmark tests for the model-checking-based intrusion detection systems algorithms. At first, linear temporal logic, interval temporal logic and real-time attack signature logic are employed respectively to establish formula models for twenty-four types of attacks selected from KDDCUP, i.e., the annual data mining and knowledge discovery competition organized by association for computing machinery. And then, a standard intrusion set, called intrusion set for intrusion detection based on model checking, which is a behavior version of a subset of KDDCUP, is constructed. On the basis of it, detection abilities and efficiency of the intrusion detection algorithms based on model checking the three logics mentioned above are compared exhaustively. The experimental results illustrate the efficiency and abilities of these three algorithms. It is beneficial for selecting the suitable MC-based algorithms in actual deployment of intrusion detection systems.
Highlights
Intrusion Detection (ID) is an important network security technique
Compared with the anomaly detection ID methods, the misuse ID cannot report unknown types of attacks. The latter methods have a comparatively low false positives rate in terms of the known types of attacks. This is due to the principle of misuse detection: Intrusion Detection Systems (IDS) developers attempt to encode knowledge about attacks
Information security has become a family of techniques, such as cryptogram, digital image watermarking [24], and IDS
Summary
Intrusion Detection (ID) is an important network security technique. This technique is very important to some wireless networks including sensor networks, since wireless networks are more vulnerable than cable networks. This kind of technique suffers from their inherent problems, such as the lack of power of detecting various changing attack patterns [1], [2] To address this issue, a series of ID methods based on model checking have been proposed in [1]–[4]. Temporal logic formulas and model checking techniques, in contrast, are applicable to detect behaviors inconsistencies. As far as we know, it is the first work trying to exhaustively compare the power and efficiency between all the existing MC-based IDS algorithms These are the main contributions of this paper.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.