Abstract
Many intrusion behaviors can be characterized as the execution of a sequence of crucial commands that results in an unauthorized access. Lots of attack sequences can be derived by either exchanging properly orders of crucial commands or replacing crucial commands with the functionally similar commands, which have the same performance. Therefore, it is very difficult to detect such attacks. In this paper, we propose a cooperative intrusion detection model based on state transition analysis, in which the topological order and isomorphic transformation are adopted. For a given sequence of crucial commands of an intrusion, all the possible derived sequences as an intrusion scenario can be generated by means of the model. We may also use the model to detect the attacks from different cooperating attackers and the attacks from one attacker in different login sessions. Furthermore, a derived intrusion can be seen as an unknown intrusion, in this sense that the technique presented in this paper can detect some unknown intrusions.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Li, J., Li, Z.: Correlation Analysis for Distributed Intrusion Alert. Journal of Computer Research and Development 41(11), 1919–1923 (2004)
Lian, Y.: A Study on Information Exchange and Cooperation in Distributed Intrusion Detection Systems. Journal of the Graduate School of the Chinese Academy of Science 22(2), 202–209 (2005)
Teng, S., Wu, N., Zhang, W.: Construction of Intrusion Detection Model for Scenario-based and State Transition Analysis. Computer Engineering 31(19), 136–138 (2005)
Garfinkel, S., Spafford, G.: Practical Unix & Internet Security, 3rd edn. Publishing house of electronics industry (2005)
http://www.cnxhacker.net/Soft/Index.html (visiting time: 2008.06.24)
http://www.heibai.net/down/list.php (visiting time: 2008.06.24)
Esmaili, M., Safavi-Naini, R., et al.: Case-based reasoning for intrusion detection. In: Proceedings of the 12th Annual Computer Security Applications Conference, vol. 12, pp. 214–223 (1996)
Ilgun, K.: USTAT: A Real-time Intrusion Detection System for UNIX. In: Proceedings of the IEEE Symposium on Research on Security and Privacy, vol. 5, pp. 16–28 (1993)
Eckmann, S.T.: The STATL Attack Detection Language, The degree of Doctor of Philosophy, University of California Santa Barbara (2002)
Goseva-Popstojanova, K., Wang, F., Wang, R., et al.: Characterizing Intrusion Tolerant Systems Using a State Transition Model. In: Proceedings of The DARPA Information Survivability Conference and Exposition (DISCEX II 2001), vol. 2, pp. 211–221 (2001)
Wang, Y., Wang, X., Zhang, R.: Distributed Intrusion Detection System Based on D-S Evidence Reasoning. Computer engineering and applications 13, 167–169 (2004)
Hofmeyr, S.A., Forrest, S., Somayaji, A.: Intrusion detection using sequences of system calls. Journal of Computer Security 6(3), 151–180 (1998)
Sekar, R., Bendre, M., Dhurjati, D., Bollineni, P.: A fast automaton-based method for detecting anomalous program behaviors. In: Proceedings 2001 IEEE Symposium on Security and Privacy (S&P.01), vol. 5, pp. 144–155 (2001)
Teng, S., Zhang, W., Fu, X., et al.: A scan attack detection model by combining feature and statistic analysis. Journal of Information & Computational Science 1(3), 311–318 (2004)
Northcutt, S.: Network intrusion detection: An analyst’s handbook. Posts & Telecommunications Press (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Teng, S., Zhang, W., Fu, X., Wu, N. (2008). Cooperative Intrusion Detection Model Based on State Transition Analysis. In: Shen, W., Yong, J., Yang, Y., Barthès, JP.A., Luo, J. (eds) Computer Supported Cooperative Work in Design IV. CSCWD 2007. Lecture Notes in Computer Science, vol 5236. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-92719-8_38
Download citation
DOI: https://doi.org/10.1007/978-3-540-92719-8_38
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-92718-1
Online ISBN: 978-3-540-92719-8
eBook Packages: Computer ScienceComputer Science (R0)