G. Rohrmair and G. Lowe, "Using CSP to detect Insertion and Evasion Possibilities within the Intrusion Detection Area," Proc. of BCS Workshop on Formal Aspects of Security, 2002.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....the abstractions used in the model, or whether there really was no attack. In this paper we show how we can perform a more complete analysis, by building a model with a slightly di erent focus, combined with results taken from the area of data independence. 1 Introduction In a previous paper [RL02], we showed how to use the process algebra Communicating Sequential Processes (CSP) Ros97] to discover de synchronisation attacks on intrusion detection systems. Such attacks occur when the state of the intrusion detection system (IDS) becomes de synchronised from that of the system it aims to ....

....In particular, desynchronisation attacks exist that evade detection by a signature based network intrusion detection system, even if the IDS recognises all signatures of attacks. Such de synchronisations are typically caused by interactions between the IDS and the underlying network protocol. In [RL02], we were able to reproduce the de synchronisation attacks rst described in [Pax99,PN98] We modelled the systems as CSP processes, and used the model checker FDR to explore the state space looking for states where the target fails, without the IDS raising an alert. We also adapted the models to ....

[Article contains additional citation context not shown here]

Gordon Rohrmair and Gavin Lowe. Using CSP to detect insertion and evasion possibilities within the intrusion detection area. In Proceedings of BCS Workshop on Formal Aspects of Security, 2002.

....the abstractions used in the model, or whether there really was no attack. In this paper we show how we can perform a more complete analysis, by building a model with a slightly di#erent focus, combined with results taken from the area of data independence. 1 Introduction In a previous paper [RL02], we showed how to use the process algebra Communicating Sequential Processes (CSP) Ros97] to discover de synchronisation attacks on intrusion detection systems. Such attacks occur when the state of the intrusion detection system (IDS) becomes de synchronised from that of the system it aims to ....

....In particular, desynchronisation attacks exist that evade detection by a signature based network intrusion detection system, even if the IDS recognises all signatures of attacks. Such de synchronisations are typically caused by interactions between the IDS and the underlying network protocol. In [RL02], we were able to reproduce the de synchronisation attacks first described in [Pax99,PN98] We modelled the systems as CSP processes, and used the model checker FDR to explore the state space looking for states where the target fails, without the IDS raising an alert. We also adapted the models to ....

[Article contains additional citation context not shown here]

Gordon Rohrmair and Gavin Lowe. Using CSP to detect insertion and evasion possibilities within the intrusion detection area. In Proceedings of BCS Workshop on Formal Aspects of Security, 2002.

No context found.

G. Rohrmair and G. Lowe, "Using CSP to detect Insertion and Evasion Possibilities within the Intrusion Detection Area," Proc. of BCS Workshop on Formal Aspects of Security, 2002.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC