Intrusion Detection for Universal Attack Mode Based on Interval Temporal Logic with Past Construct

Abstract

Compared with the intrusion detection based on pattern matching, the method which is based on model checking can detect the complex attacks. But all of the existing algorithms are used to detect some specific types of attacks. So, we firstly use the Interval Temporal Logic with Past Construct (ITLPC) formulae to set up formal sub-models respectively for the five kinds of attackers, the four kinds of attack processes and the eight kinds of attack effects. According to their universal relationship and the semantic relation of variety of ITLPC logic operators, we obtain the above sub-models together, thus, the universal models described by ITLPC formulae for universal attacks are formed. On this base, we implement an intrusion detection method based on ITLPC for detecting all types of attacks. Compared with the existing methods, the detecting ability of the new method is more comprehensive.