Abstract
Intrusion Detection System (IDS) is a hardware or software that monitors network or host activities for detecting malicious behavior. There are certain attacks which do not change the syntax/sequence of network traffic nor lead to any statistical deviation. Such attacks are difficult to detect by signature or anomaly IDSs. Active Discrete Event System (DES) based IDSs are now being proposed for such attacks. These IDSs involve sending of probe packets to create difference in sequence of events under attack and normal conditions. Following that, normal and attack behavior are specified using the DES model and a detector is designed. The detector is the IDS, which observes sequences of events to decide whether the states through which the DES traverses corresponds to the normal or attack model. Modeling the normal and attack behavior by DES is a manual process and it is prone to errors. So the resulting IDS cannot be guaranteed for its correctness. To address the issues of traditional DES framework, Linear-time Temporal Logic (LTL) based DES has been proposed in literature, which provides a paradigm for stating the system specifications, modeling, detector construction and checking its correctness. Also, the detector design procedure has polynomial time complexity in the number of system states as compared to exponential complexity of the traditional framework. In this paper the LTL based DES framework is suitably adapted and applied for developing an IDS for detection of Address Resolution Protocol (ARP) spoofing attacks. Experimental results illustrate that high detection rate and accuracy could be achieved with minimal resource overheads.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.