Model checking based on linear temporal logic reduces the false negative rate of misuse detection.However,linear temporal logic formulae cannot be used to describe concurrent attacks and piecewise attacks.So there is ...Model checking based on linear temporal logic reduces the false negative rate of misuse detection.However,linear temporal logic formulae cannot be used to describe concurrent attacks and piecewise attacks.So there is still a high rate of false negatives in detecting these complex attack patterns.To solve this problem,we use interval temporal logic formulae to describe concurrent attacks and piecewise attacks.On this basis,we formalize a novel algorithm for intrusion detection based on model checking interval temporal logic.Compared with the method based on model checking linear temporal logic,the new algorithm can find unknown succinct attacks.The simulation results show that the new method can effectively reduce the false negative rate of concurrent attacks and piecewise attacks.展开更多
Modern network systems have much trouble in security vulnerabilities such as buffer overflow, bugs in Microsoft Internet, sensor network routing protocol too simple, security flaws of applications, and operating syste...Modern network systems have much trouble in security vulnerabilities such as buffer overflow, bugs in Microsoft Internet, sensor network routing protocol too simple, security flaws of applications, and operating systems. Moreover, wireless devices such as smart phones, personal digital assistants (PDAs), and sensors have become economically feasible because of technological advances in wireless communication and manufacturing of small and low-cost sensors. There are typologies of vulnerabilities to be exploited in these devices. In order to improve securities, many mechanisms are adopted, including authentication, cryptography, access control, and intrusion detection systems (IDS). In general, intrusion detection techniques can be categorized into two groups: misuse detection and anomaly detection. The misuse detection systems use patterns of weB-known attacks or weak spots of the systems to identify intrusions. The weakness of misuse detection systems is unable to detect any future (unknown) intrusion until corresponding attack signatures are intruded into the signature database. Anomaly detection methods try to determine whether the deviation is from the established normal usage patterns or not. The critical success of anomaly detection relies on the model of normal behaviors.展开更多
In recent years,following the development of space commutation,space information has become a critical part in space information network and will play a very significant role in winning future information war.A space ...In recent years,following the development of space commutation,space information has become a critical part in space information network and will play a very significant role in winning future information war.A space information network with characteristics such as complex structure,special communication requirement,long delay,dependence on remote maintenance,and fragile ecological environment contains enormous security risks.Therefore,ensuring space information network safety is important.Intrusion-detection model as an important part of a network security system becomes a hot issue in space network security.We propose an intrusion-detection method that integrates anomaly with misuse,which supports automatic updates from a remote ground,and design a distributed intrusion-detection model of space information network.展开更多
基金supported by National Natural Science Foundation of China under Grant No. 61003079
文摘Model checking based on linear temporal logic reduces the false negative rate of misuse detection.However,linear temporal logic formulae cannot be used to describe concurrent attacks and piecewise attacks.So there is still a high rate of false negatives in detecting these complex attack patterns.To solve this problem,we use interval temporal logic formulae to describe concurrent attacks and piecewise attacks.On this basis,we formalize a novel algorithm for intrusion detection based on model checking interval temporal logic.Compared with the method based on model checking linear temporal logic,the new algorithm can find unknown succinct attacks.The simulation results show that the new method can effectively reduce the false negative rate of concurrent attacks and piecewise attacks.
文摘Modern network systems have much trouble in security vulnerabilities such as buffer overflow, bugs in Microsoft Internet, sensor network routing protocol too simple, security flaws of applications, and operating systems. Moreover, wireless devices such as smart phones, personal digital assistants (PDAs), and sensors have become economically feasible because of technological advances in wireless communication and manufacturing of small and low-cost sensors. There are typologies of vulnerabilities to be exploited in these devices. In order to improve securities, many mechanisms are adopted, including authentication, cryptography, access control, and intrusion detection systems (IDS). In general, intrusion detection techniques can be categorized into two groups: misuse detection and anomaly detection. The misuse detection systems use patterns of weB-known attacks or weak spots of the systems to identify intrusions. The weakness of misuse detection systems is unable to detect any future (unknown) intrusion until corresponding attack signatures are intruded into the signature database. Anomaly detection methods try to determine whether the deviation is from the established normal usage patterns or not. The critical success of anomaly detection relies on the model of normal behaviors.
基金supported in part by the National Natural Science Foundation of China(No.91438120)the Foundation of Key Laboratory of Aerospace Broadband Network Technology(No.KTKD20140603)the Foundation of Chinese Defense Advance Research Program of Science and Technology(No.9140A15030115DZ08042).
文摘In recent years,following the development of space commutation,space information has become a critical part in space information network and will play a very significant role in winning future information war.A space information network with characteristics such as complex structure,special communication requirement,long delay,dependence on remote maintenance,and fragile ecological environment contains enormous security risks.Therefore,ensuring space information network safety is important.Intrusion-detection model as an important part of a network security system becomes a hot issue in space network security.We propose an intrusion-detection method that integrates anomaly with misuse,which supports automatic updates from a remote ground,and design a distributed intrusion-detection model of space information network.