A PATTERN MATCHING MODEL FOR MISUSE INTRUSION DETECTION 论文
详细信息
- 发表期刊/会议
- Purdue e-Pubs (Purdue University System)
- 发表日期
- 1994-01-01
- 发表年份
- 1994
关键词
摘要
This paper describes a generic model of matching that can be usefully applied to misuse intrusion detection. The model is based on Colored Petri Nets. Guards define the context in which signatures are matched. The notion of start and final states, and paths between them define the set of event sequences matched by the net. Partial order matching can also be specified in this model. The main benefits of the model are its generality, portability and flexibility. 1 Introduction Computer break-ins are becoming increasingly frequent and their detection is increasingly important. Break-ins make the data residing on computer systems vulnerable to theft and corruption. Compromised sites can also be used to launch further attacks, thus achieving another level of indirection for further break-ins. A majority of break-ins, however, are the result of a small number of known attacks, as evidenced by reports from response teams (e.g. CERT). Automating detection of these attacks should therefore res...