Skip to main content
SpringerLink
Log in

Cooperative Intrusion Detection Model Based on State Transition Analysis

  • Conference paper
Book cover Computer Supported Cooperative Work in Design IV (CSCWD 2007)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 5236))

Abstract

Many intrusion behaviors can be characterized as the execution of a sequence of crucial commands that results in an unauthorized access. Lots of attack sequences can be derived by either exchanging properly orders of crucial commands or replacing crucial commands with the functionally similar commands, which have the same performance. Therefore, it is very difficult to detect such attacks. In this paper, we propose a cooperative intrusion detection model based on state transition analysis, in which the topological order and isomorphic transformation are adopted. For a given sequence of crucial commands of an intrusion, all the possible derived sequences as an intrusion scenario can be generated by means of the model. We may also use the model to detect the attacks from different cooperating attackers and the attacks from one attacker in different login sessions. Furthermore, a derived intrusion can be seen as an unknown intrusion, in this sense that the technique presented in this paper can detect some unknown intrusions.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Li, J., Li, Z.: Correlation Analysis for Distributed Intrusion Alert. Journal of Computer Research and Development 41(11), 1919–1923 (2004)

    Google Scholar 

  2. Lian, Y.: A Study on Information Exchange and Cooperation in Distributed Intrusion Detection Systems. Journal of the Graduate School of the Chinese Academy of Science 22(2), 202–209 (2005)

    MathSciNet  Google Scholar 

  3. Teng, S., Wu, N., Zhang, W.: Construction of Intrusion Detection Model for Scenario-based and State Transition Analysis. Computer Engineering 31(19), 136–138 (2005)

    Google Scholar 

  4. Garfinkel, S., Spafford, G.: Practical Unix & Internet Security, 3rd edn. Publishing house of electronics industry (2005)

    Google Scholar 

  5. http://www.cnxhacker.net/Soft/Index.html (visiting time: 2008.06.24)

  6. http://www.heibai.net/down/list.php (visiting time: 2008.06.24)

  7. Esmaili, M., Safavi-Naini, R., et al.: Case-based reasoning for intrusion detection. In: Proceedings of the 12th Annual Computer Security Applications Conference, vol. 12, pp. 214–223 (1996)

    Google Scholar 

  8. Ilgun, K.: USTAT: A Real-time Intrusion Detection System for UNIX. In: Proceedings of the IEEE Symposium on Research on Security and Privacy, vol. 5, pp. 16–28 (1993)

    Google Scholar 

  9. Eckmann, S.T.: The STATL Attack Detection Language, The degree of Doctor of Philosophy, University of California Santa Barbara (2002)

    Google Scholar 

  10. Goseva-Popstojanova, K., Wang, F., Wang, R., et al.: Characterizing Intrusion Tolerant Systems Using a State Transition Model. In: Proceedings of The DARPA Information Survivability Conference and Exposition (DISCEX II 2001), vol. 2, pp. 211–221 (2001)

    Google Scholar 

  11. Wang, Y., Wang, X., Zhang, R.: Distributed Intrusion Detection System Based on D-S Evidence Reasoning. Computer engineering and applications 13, 167–169 (2004)

    Google Scholar 

  12. Hofmeyr, S.A., Forrest, S., Somayaji, A.: Intrusion detection using sequences of system calls. Journal of Computer Security 6(3), 151–180 (1998)

    Article  Google Scholar 

  13. Sekar, R., Bendre, M., Dhurjati, D., Bollineni, P.: A fast automaton-based method for detecting anomalous program behaviors. In: Proceedings 2001 IEEE Symposium on Security and Privacy (S&P.01), vol. 5, pp. 144–155 (2001)

    Google Scholar 

  14. Teng, S., Zhang, W., Fu, X., et al.: A scan attack detection model by combining feature and statistic analysis. Journal of Information & Computational Science 1(3), 311–318 (2004)

    Google Scholar 

  15. Northcutt, S.: Network intrusion detection: An analyst’s handbook. Posts & Telecommunications Press (2000)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Guangdong University of Technology, Guangzhou, Guangdong Province, P.R. China

    Shaohua Teng, Wei Zhang, Xiufen Fu & Naiqi Wu

Authors
  1. Shaohua Teng
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Wei Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xiufen Fu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Naiqi Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Integrated Manufacturing Technologies Institute, National Research Council Canada, N6G 4X8, London, Ontario, Canada

    Weiming Shen

  2. School of Information Systems, Faculty of Business University of Southern Queensland, Toowoomba, Queensland, Australia

    Jianming Yong

  3. Faculty of Information & Communication Technologies, Swinburne University of Technology Hawthorn, PO Box 218, 3122, Melbourne, Australia

    Yun Yang

  4. Université de Technologie de Compiègne, Centre de Recherches de Royallieu, 60205, Compiègne, France

    Jean-Paul A. Barthès

  5. Department of Computer Science and Engineering, Southeast University, Nanjing, P.R. China

    Junzhou Luo

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Teng, S., Zhang, W., Fu, X., Wu, N. (2008). Cooperative Intrusion Detection Model Based on State Transition Analysis. In: Shen, W., Yong, J., Yang, Y., Barthès, JP.A., Luo, J. (eds) Computer Supported Cooperative Work in Design IV. CSCWD 2007. Lecture Notes in Computer Science, vol 5236. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-92719-8_38

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-92719-8_38

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-92718-1

  • Online ISBN: 978-3-540-92719-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation