Abstract
We explore the idea of using the internationally standardized test language TTCN-3 (Testing and Test Control Notation) as a platform for Intrusion Detection (ID) systems. Intrusion detection is treated as an application of verification by passive testing. It is argued that TTCN contains many features embodied in various “detection languages”, and is relevant for ID. As a case study, we discuss a TTCN-based IDS for detecting the Smurf attack.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
ITU-T Z.500, Framework on Formal Methods in Conformance Testing. Geneva (1997)
Brzezinski, K.M.: Towards Practical Passive Testing. In: Proc. PDCN 2005, Innsbruck (2005)
Labib, K., Vemuri, V.R.: Detecting And Visualizing Denial-of-Service and Network Probe Attacks Using Principal Component Analysis. In: Proc. SAR 2004, La Londe (2004)
Debar, H., Dacier, M., Wespi, A.: Towards a Taxonomy of Intrusion Detection Systems. Computer Networks. Int. J. Comp. and Telecomm. Networking 31(9) (1999)
Ko, C., Ruschitzka, M., Levitt, K.: Execution Monitoring of Security-critical Programs in Distributed Systems: A Specification-based Approach. In: Proc. IEEE SSP (1997)
Uppuluri, P., Sekar, R.: Experiences with Specification-based Intrusion Detection. In: Lee, W., Mé, L., Wespi, A. (eds.) RAID 2001. LNCS, vol. 2212, Springer, Heidelberg (2001)
Ledru, Y., et al.: Test Purposes: Adapting the Notion of Specification to Testing. In: Proc. ASE 2001, San Diego (2001)
Eckmann, S.T., Vigna, G., Kemmerer, R.A.: STATL: An Attack Language for State-based Intrusion Detection. In: JCS 2002 (2002)
Grabowski, J., Wiles, A., Willcock, C., Hogrefe, D.: On The Design of the New Testing Language TTCN-3. In: Proc. Testcom 2000 (2000)
ETSI ES 201 873. Methods of Testing and Specification; The Testing and Test Control Notation version 3 (release: 3.2.1, 2007-02)
ISO/IEC 9646. Information Technology; Open Systems Interconnection; Conformance Testing Methodology and Framework; Parts 1-7
Orset, J.-M., Alcalde, B., Cavalli, A.: An EFSM-Based Intrusion Detection System for Ad Hoc Networks. In: Peled, D.A., Tsay, Y.-K. (eds.) ATVA 2005. LNCS, vol. 3707, Springer, Heidelberg (2005)
Sekar, R., Uppuluri, P.: Synthesizing Fast Intrusion Prevention / Detection Systems from High-Level Specifications. In: Proc. USENIX 1999 (1999)
Sekar, R., Cai, Y., Segal, M.: A Specification-Based Approach for Building Survivable Systems. In: Proc. NISSC 1998 (1998)
Hofmann, R., et al.: Distributed Performance Monitoring: Methods, Tools, and Applications. IEEE Trans. on Parallel and Distributed Systems 5(6) (1994)
Paxson, V.: Bro: a System for Detecting Network Intruders in Real-Time. Computer Networks 31, 23–24 (1999)
Bhargavan, K., Gunter, C.: Requirements for a Practical Network Event Recognition Language. Electronic Notes in Theoretical Computer Science 70(4) (2002)
Schieferdecker, I., Stepien, B., Rennoch, A.: PerfTTCN, a TTCN Language Extension for Performance Testing. In: Proc. 10th IWTCS, Cheju Island (1997)
Sabiguero, A., Baire, A., Floch, A., Viho, C.: Using TTCN-3 in the Internet Community: an Experiment with the RIPng Protocol. In: Proc. 2nd TTCN-3 User Conference (2005)
Deussen, P.H., Din, G., Schieferdecker, I.: A TTCN-3 Based Online Test and Validation Platform for Internet Services. In: Proc. ISADS 2003 (2003)
Dai, Z.: TimedTTCN-3, a Real-time Extension for TTCN-3. In: Proc. TestCom 2002, Berlin (2002)
Walter, T., Grabowski, J.: Test Case Specification with Real-Time TTCN. In: Proc. 7 GI/ITG Technical Meeting on ’Formal Description Techniques for Distributed Systems’, Berlin (1997)
Kaminski, T.: New Applications of the TTCN-3 Language. MSc. Thesis, Institute of Telecommunications, Warsaw University of Technology (in Polish) (2006)
Bononi, F., Mitzenmacher, M., Panigrahy, R., Singh, S., Varghese, G.: Beyond Bloom Filters: From Approximate Membership Checks to Approximate State Machines. In: Proc. SIGCOMM 2006 (2006)
Din, G., Rentea, G.: Using TTCN-3 to Design Performance Tests. In: Proc. TTCN-3 UC, Berlin (2006)
Netravali, A.N., Sabnani, K.K., Viswanathan, R.: Correct Passive Testing Algorithms and Complete Fault Coverage. In: König, H., Heiner, M., Wolisz, A. (eds.) FORTE 2003. LNCS, vol. 2767, Springer, Heidelberg (2003)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Brzezinski, K.M. (2007). Intrusion Detection as Passive Testing: Linguistic Support with TTCN-3 (Extended Abstract). In: M. Hämmerli, B., Sommer, R. (eds) Detection of Intrusions and Malware, and Vulnerability Assessment. DIMVA 2007. Lecture Notes in Computer Science, vol 4579. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-73614-1_5
Download citation
DOI: https://doi.org/10.1007/978-3-540-73614-1_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-73613-4
Online ISBN: 978-3-540-73614-1
eBook Packages: Computer ScienceComputer Science (R0)