Abstract
The paper describes a new intrusion detection and prevention model, which is based on state machine-based formal grammar. This behavior-based model allows to detect computer attacks by means of normal network traffic modeling. The parameters of such normal network traffic are presented in a formal grammar. Each data packet that violates these parameters is considered as a part of intrusion and blocked by network filters. The described model was implemented in Intrusion Detection and Prevention System “Forpost” and successfully tested in a complex network environment.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Avdoshin, S., Serdiouk, V.: Some approaches to information security of communication networks, vol. 26, pp. 1–10. Slovenia, Informatica (2002)
Cohen, F.B.: Information System Attacks: A Preliminary Classification Scheme. Computers and Security 16(1) (1997)
Debar, H., Dacier, M., Wespi, A.: Towards a taxonomy of intrusion-detection systems. Computer Networks 31, 805–822 (1999)
Denning, D.: An intrusion-detection model. IEEE Transactions on Software Engineering 13, 222–232 (1987)
Gorodetski, V.I., Kotenko, I.: Attacks against Computer Network: Formal Grammar-Based Framework and Simulation Tool. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol. 2516, pp. 219–238. Springer, Heidelberg (2002)
Krsul, I.V.: Software Vulnerability Analysis, Ph.D. Dissertation, Computer Sciences Department, Purdue University, Lafayette, IN (1998)
Kumar, S., Spafford, E.: A pattern matching model for misuse intrusion detection. In: Proc. 17th National Computer Security Conf., October 1994, pp. 11–21 (1994)
Serdiouk, V.: Methods of data collection by intrusion detection systems. BYTE/Russia 54, 74–78 (2003)
Serdiouk, V.: Prevention of computer attacks. Network Magazine. Russia. 2, 62–67 (2003)
Verwoerd, T., Hunt, R.: Intrusion detection techniques and approaches. Computer communications 25, 1356–1365 (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Serdiouk, V. (2005). Behavior-Based Model of Detection and Prevention of Intrusions in Computer Networks. In: Gorodetsky, V., Kotenko, I., Skormin, V. (eds) Computer Network Security. MMM-ACNS 2005. Lecture Notes in Computer Science, vol 3685. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11560326_29
Download citation
DOI: https://doi.org/10.1007/11560326_29
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-29113-8
Online ISBN: 978-3-540-31998-6
eBook Packages: Computer ScienceComputer Science (R0)