Abstract
The intrusion detection based on model checking temporal logic is effective in detecting the complicated and variable network attacks. However, certain types of attacks remain undetected due to the lack of formal models. To solve this problem, a linear temporal logic is employed to model the variable patterns of Udpstorm attacks. First, an analysis of the principles of Udpstorm attacks is given and the details of these attacks are transformed into atomic actions. The atomic actions are then transformed into action sequence. Finally, this type of attacks is expressed in Linear Temporal Logic (LTL) formulas. With the formula thus obstained used as one input of the model checker and the automaton, which expresses the log, used as the other input of the model checker, the results of intrusion detection can be obtained by conducting the LTL model checking algorithm. The effectiveness and the comparative advantages of the new algorithm are verified by the simulation experiments.
Similar content being viewed by others
References
Roger, M. and Goubault-Larrecq, J, Log auditing through model-checking, Proc. 14th IEEE Workshop on Computer Security Foundations, IEEE Computer Society, Washington, DC, 2001, pp. 220–234.
Olivain, J. and Goubault-Larrecq, J, The orchids intrusion detection tool, Proc. 17th International Conference on Computer Aided Verification, Lecture Notes in Computer Science, Scotland, UK, 2005, pp. 286–290.
Goubault-Larrecq, J. and Olivain, J., A smell of orchids, Proc. 8th International Workshop, RV2008, Budapest, 2008, pp. 1–20.
Weijun, Z., Zhongyong, W., and Haibin, Z, Intrusion detection algorithm based on model checking interval temporal logic, China Commun., 2011, vol. 8, no. 3, pp. 66–72.
Weijun, Z., Qinglei, Z., Weidong, Y., and Haibin, Z., A novel algorithm for intrusion detection based on rasl model checking, Math. Probl. Eng., 2013. doi 10.1155/2013/621203
Ben, R., Tremblay, G., and Bégin, G, Extending orchids for intrusion detection in 802.11 wireless networks, Proc. 8th International Conference on New Technologies in Distributed Systems, New York, 2008, pp. 1–12.
Clarke, E.M., Grumberg, O., Peled, D.A., et al., Model Checking (The MIT Press, London,1999).
Ouyang, M.G., Pan, F., and Zhang, Y.T., ISITL: Intrusion signatures in augmented interval temporal logic, Proceedings of the International Conference on Machine Learning and Cybernetics, 2003, pp. 1630–1635.
Elzbieta, N. and Marcin, Z, Modeling temporal properties of multi-event attack signatures in interval temporal logic, Proceedings of the IEEE/IST Workshop on Monitoring, Attack Detection and Mitigation, Tuebingen, 2006, pp. 22–31.
Ouyang, M.G. and Zhou, Y.B., ISDTM: An intrusion signatures description temporal model, Wuhan Univ. J. Nat. Sci. A, 2003, vol. 8, no. 2, pp. 373–378.
Philippe, B., Isabelle, G., and Jean-Yves, M, Abstraction-based malware analysis using rewriting and model checking, Proc. 17th European Symposium on Research in Computer Security, 2012, pp. 806–823.
Johannes, K., Stefan, K., Christian, S., et al., Proactive detection of computer worms using model checking, IEEE Trans. Dependable Secure Comput., 2010, vol. 7, no. 4, pp. 424–438.
Song, F. and Touili, T., LTL model-checking for malware detection, tools and algorithms for the construction and analysis of systems, Proc. 19th Int. Conf., TACAS 2013, 2013, pp. 416–431.
Author information
Authors and Affiliations
Corresponding author
Additional information
The article is published in the original.
About this article
Cite this article
Deng, M., Nie, K., Zhu, W. et al. The detection of Udpstorm attacks based on model checking linear temporal logic. Aut. Control Comp. Sci. 51, 174–179 (2017). https://doi.org/10.3103/S0146411617030026
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.3103/S0146411617030026