Abstract
This article presents an attack description language. This language is based on logic and uses a declarative approach. In the language, the conditions and effects of an attack are described with logical formulas related to the state of the target computer system. The various steps of the attack process are associated to events, which may be combined using specific algebraic operators. These elements provide a description of the attack from the point of view of the attacker. They are complemented with additional elements corresponding to the point of view of intrusion detection systems and audit programs. These detection and verification aspects provide the language user with means to tailor the description of the attack to the needs of a specific intrusion detection system or a specific environment.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Feiertag, R., Kahn, Porras, Schnackenberg, D., Staniford-Chen, S., Tung, B., “A Common Intrusion Specification Language (CISL)”, Common Intrusion Detection Framework (CIDF) working group, June 11, 1999.
Debar, H., Huang, M. and Donahoo, D., “Intrusion Detection Exchange Format Data Model”, draft-ietf-idwg-data-model-02.txt, Internet Draft, IDWG, Internet Engineering Task Force, March 7, 2000, work in progress.
Wood, M., “Intrusion Detection Message Exchange Requirements”, draft-ietf-idwg-requirements-02.txt, Internet Draft, IDWG, Internet Engineering Task Force, October 21, 1999, work in progress.
Curry, D., “Intrusion Detection Message Exchange Format Extensible Markup Language (XML) Document Type Definition”, draft-ietf-idwg-idmef-xml-01.txt, Internet Draft, IDWG, Internet Engineering Task Force, March 15, 2000, work in progress.
W. Baldwin Robert, Su-Kuang: Rule-based Security Checking, Technical report, Programming Systems Research Group, Lab. for Computer Science, MIT, May 1994.
Zerkle, D. and Levitt, K., “NetKuang-a Multi-Host Configuration Vulnerability Checker”, in 6th USENIX Security Symposium, San Jose, CA, USA, July 1996.
Ming-Yuh Huang, Thomas W. Wicks, “A Large-scale Distributed Intrusion Detection Framework Based on Attack Strategy Analysis”, First International Workshop on the Recent Advances in Intrusion Detection RAID’98, Louvain-la-Neuve, Belgium, September 14–16, 1998.
Sadri, F. and Kowalski, R., “Variants of the event calculus”, Proc. of ICLP, MIT Press, 1995.
A. Mounji and B. Le Charlier, “Continuous Assessment of a Unix Configuration: Integrating Intrusion Detection and Configuration Analysis”, in Proceedings of the ISOC’97 Symposium on Network and Distributed System Security, San Diego, USA, February 1997.
A. Mounji, Languages and Tools for Rule-Based Distributed Intrusion Detection, PhD thesis, Computer Science Institute, Université de Namur, Belgium, September 1997.
Ilgun, K., “USTAT: A real-time intrusion detection system for Unix”, in IEEE Symposium on Security and Privacy, pp. 16–29, 1993.
Sandeep Kumar, Classification and Detection of Computer Intrusion, Ph. D. thesis, Department of Computer Science, Purdue University, West Lafayette, IN, USA, August 1995.
Teresa Lunt, “IDES: An intelligent system for detecting intruders”, in Computer Security, Threats and Countermeasures, November 1990.
Hervé Debar, Marc Dacier and Andreas Wespi, A Revised Taxonomy for Intrusion-Detection Systems, Research Report RZ3176 (#93222), IBM Research, Zurich Research Laboratory, 23 p., October 25, 1999.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Cuppens, F., Ortalo, R. (2000). LAMBDA: A Language to Model a Database for Detection of Attacks. In: Debar, H., Mé, L., Wu, S.F. (eds) Recent Advances in Intrusion Detection. RAID 2000. Lecture Notes in Computer Science, vol 1907. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-39945-3_13
Download citation
DOI: https://doi.org/10.1007/3-540-39945-3_13
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-41085-0
Online ISBN: 978-3-540-39945-2
eBook Packages: Springer Book Archive