Abstract
Intrusion detection system (IDS) detects an intrusion by comparing with its attack signatures. The generation of IDS signatures is based on the analysis of attack traffic, which is a result of exploiting vulnerabilities in a network protocol. Thus, the protocol analysis becomes an effective method to find out protocol vulnerabilities with regard to IDS. But the problem of protocol analysis in IDS is that how to detect all protocol vulnerability conditions in protocols. In this paper, we propose a novel framework to identify protocol vulnerability conditions by utilizing existing protocol analysis techniques. In particular,there are three major analysis steps in our framework: protocol semantic analysis, protocol implementation analysis and protocol state transition sub-condition analysis. In the final step of our framework, we illustrate the use of deletion, addition and modification operations with the purpose of generating all potential protocol vulnerability conditions from the normal protocol transition conditions. Experimental results show that this framework is encouraging and feasible.
| Original language | English |
|---|---|
| Title of host publication | SECURWARE 2011 - 5th International Conference on Emerging Security Information, Systems and Technologies |
| Pages | 91-96 |
| Publication status | Published - 2011 |
| Event | 5th International Conference on Emerging Security Information, Systems and Technologies, SECURWARE 2011 - Nice/Saint Laurent du Var, France Duration: 21 Aug 2011 → 27 Aug 2011 |
Conference
| Conference | 5th International Conference on Emerging Security Information, Systems and Technologies, SECURWARE 2011 |
|---|---|
| Country/Territory | France |
| City | Nice/Saint Laurent du Var |
| Period | 21/08/11 → 27/08/11 |
Research Keywords
- Intrusion detection
- Vulnerability analysis