Abstract
The paper presents an approach and formal framework for modeling attacks against computer network and its software implementation on the basis of a multi-agent architecture. The model of an attack is considered as a complex process of contest of adversary entities those are malefactor or team of malefactors, on the one hand, and network security system implementing a security policy, on the other hand. The paper focuses on the conceptual justification of the chosen approach, specification of the basic components composing attack model, formal frameworks for specification of the above components and their interaction in simulation procedure. The peculiarities of the developed approach are the followings: (1) malefactor’s intention-centric attack modeling; (2) multi-level attack specification; (3) ontology-based distributed attack model structuring; (4) attributed stochastic LL(2) context-free grammar for formal specification of attack scenarios and its components (“simple attacks”); (5) using operation of formal grammar substitution for specification of multi-level structure of attacks; (6) state machine-based formal grammar framework implementation; (7) on-line generation of the malefactor’s activity resulting from the reaction of the attacked network security system.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Aho, A.V., Ullman, J.D.: The Theory of Parsing, Translation, and Compiling, Vol. 1,2, Prentice-Hall, Inc. (1972)
Alessandri, D., Cachin, C., Dacier, M., Deak, O., Julisch, K., Randell, B. Riordan, J., Tscharner, A., Wespi, A., Wuest, C.: Towards a Taxonomy of Intrusion Detection Systems and Attacks. MAFTIA deliverable D3. Version 1.01. Project IST-1999-11583. Malicious-and Accidental-Fault Tolerance for Internet Applications (2001)
Bishop, M.: A standard audit trail format. Technical report, Department of Computer Science, University of California at Davis (1995)
Custom Attack Simulation Language (CASL). Secure Networks (1998)
Chi, S.-D., Park, J.S., Jung, K.-C., Lee, J.-S.: Network Security Modeling and Cyber Attack Simulation Methodology. Lecture Notes in Computer Science, Vol.2119 (2001)
Chung, M., Mukherjee, B. Olsson, R.A., Puketza, N.: Simulating Concurrent Intrusions for Testing Intrusion Detection Systems: Parallelizing Intrusions. Proceedings of the 18th NISSC (1995)
Cohen, F.B.: Information System Attacks: A Preliminary Classification Scheme. Computers and Security, Vol.16, No.1(1997)
Cohen, F.: Simulating Cyber Attacks, Defenses, and Consequences. IEEE Symposium on Security and Privacy, Berkeley, CA (1999)
Cuppens, F., Ortalo, R.: Lambda: A language to model a database for detection of attacks. RAID’2000, Lecture Notes in Computer Science, Vol.1907 (2000)
Curry, D.: Intrusion detection message exchange format, extensible markup language (xml) document type definition. draft-ietf-idwg-idmef-xml-02.txt (2000)
Debar, H., Dacier, M., Wespi, A., Lampart, S.: An experimentation workbench for intrusion detection systems. Research Report RZ-2998 (# 93044). IBM Research Division, Zurich Research Laboratory (1998)
Eckmann, S.T., Vigna, G., Kemmerer, R.A.: STATL: An Attack Language for State-based Intrusion Detection. Proceedings of the ACM Workshop on Intrusion Detection, Athens, Greece (2000)
Feiertag, R., Kahn, C., Porras, P., Schnackenberg, D., Staniford-Chen, S., Tung, B.: A common intrusion specification language (cisl). specification draft (1999)
Fu, S.: Syntactic Methods in Pattern Recognition, Academic Press, New York (1974)
Glushkov, V., Tseitlin, G., Yustchenko, E.: Algebra, Languages, Programming. Naukova Dumka Publishers, Kiev (1978) (In Russian).
Gorodetski, V., Karsayev, O., Kotenko, I., Khabalov, A.: Software Development Kit for Multi-agent Systems Design and Implementation. Lecture Notes in Artificial Intelligence, Vol. 2296, Springer Verlag (2002)
Hailstorm. Users Manual, 1.0 (2000) http://www.clicktosecure.com/
Howard, J.D., Longstaff, T.A.: A Common Language for Computer Security Incidents, SANDIA REPORT, SAND98-8667 (1998)
Huang, M.-Y., Wicks, T.M.: A Large-scale Distributed Intrusion Detection Framework Based on Attack Strategy Analysis. RAID’98, Louvain-la-Neuve (1998)
Icove, D., Seger K., VonStorch, W.: Computer Crime: A Crimefighter’s Handbook, O’Reilly & Associates, Inc., Sebastopol, CA (1995)
IDS Informer 3.0. User Guide. BLADE Software (2001)
Iglun, K., Kemmerer, R.A., Porras, P.A.: State Transition Analysis: A Rule-Based Intrusion Detection System. IEEE Transactions on Software Engineering, Vol. 21, No.3(1995)
Kemmerer, R.A., Vigna, G.: NetSTAT: A network-based intrusion detection approach. Proceedings of the 14th ACSAC, Scottsdale, Arizona (1998)
Krsul, I.V.: Software Vulnerability Analysis, Ph.D. Dissertation, Computer Sciences Department, Purdue University, Lafayette, IN (1998)
Lindqvist, U., Jonsson, E.: How to Systematically Classify Computer Security Intrusions. Proceedings of the 1997 IEEE Symposium on Security and Privacy, IEEE Computer Society Press, Los Alamitos, CA (1997)
Lippmann, R., Haines, J.W., Fried, D.J., Korba, J., Das, K.: The 1999 DARPA off-line intrusion detection evaluation. RAID’2000, Lecture Notes in Computer Science, Vol.1907 (2000)
McHugh, J.: The 1998 Lincoln Laboratory IDS Evaluation: A Critique. RAID’2000, Lecture Notes in Computer Science, Vol.1907 (2000)
McHugh, J.: Intrusion and intrusion detection. International Journal of Information Security, No.1 (2001)
Me, L.: Gassata, a genetic algorithm as an alternative tool for security audit trails analysis. RAID’98, Louvain-la-Neuve (1998)
Michel, C., Me, L.: ADeLe: an Attack Description Language for Knowledge-based Intrusion Detection. Proceedings of the 16th International Conference on Information Security, Kluwer (2001)
Moitra, S.D., Konda S.L.: A Simulation Model for Managing Survivability of Networked Information Systems, Technical Report CMU/SEI-2000-TR-020 ESC-TR-2000-020 (2000)
Moore, A.P., Ellison, R.J., Linger, R.C.: Attack Modeling for Information Security and Survivability. Technical Note CMU/SEI-2001-TN-001 (2001)
Paxson, V.: Bro: A system for detecting network intruders in real-time. Proceedings of the 7th Usenix Security Symposium (1998)
Puketza, N., Chung, M., Olsson, R.A., Mukherjee, A Software Platform for Testing Intrusion Detection Systems. IEEE Software, Vol.14, No.5 (1997)
Stewart, A.J.: Distributed Metastasis: A Computer Network Penetration Methodology. The Packet Factory (1999) (Phrack Magazine, Vol. 9, Issue 55)
Tambe, M.: Towards Flexible Teamwork. Journal of Artificial Intelligence Research, No.7 (1997)
Vigna, G., Eckmann, S.T., Kemmerer, R.A.: Attack Languages. Proceedings of the IEEE Information Survivability Workshop, Boston (2000)
Yuill, J., Wu, F., Settle, J., Gong, F., Huang, M.: Intrusion Detection for an On-Going Attack. RAID’99, West Lafayette, Indiana, USA (1999)
Yuill, J., Wu, F., Settle, J., Gong, F., Forno, R., Huang, M., Asbery, J.: Intrusion-detection for incident-response, using a military battlefield-intelligence process. Computer Networks, No. 34 (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Gorodetski, V., Kotenko, I. (2002). Attacks against Computer Network: Formal Grammar-Based Framework and Simulation Tool. In: Wespi, A., Vigna, G., Deri, L. (eds) Recent Advances in Intrusion Detection. RAID 2002. Lecture Notes in Computer Science, vol 2516. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36084-0_12
Download citation
DOI: https://doi.org/10.1007/3-540-36084-0_12
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00020-4
Online ISBN: 978-3-540-36084-1
eBook Packages: Springer Book Archive