Brian J. d'Auriol, Ph.D.
|
|
|
Kishore Surapaneni, Intrusion Detection: Computation Communication Characterization of Probing and Network Attacks, Department of Computer Science, The University of Texas at El Paso, May 2004. Advisor: Brian J. d'Auriol
This thesis proposes the CCCAS Model for intrusion detection. The CCCAS model is subdivided into three sub-models named the Physical Model, the Computation Communication Intrusion Model and the State Transition Model. These sub-models deal with three different aspects of an attack scenario. An attack scenario is defined as a sequence of computation and communication operations whose successful execution leads to a network intrusion. The Physical Model characterizes the minimum software and hardware components required to launch a successful network attack. The Computation Communication Intrusion Model characterizes an attack scenario into sequences of computation and communication processes which could be monitored, detected and verified. The State Transition Model defines the change of states on the source machine and on the victim's machine which occur as a result of the execution of computation and communication processes involved in an attack scenario. All these three sub-models are integrated into the PM and CCIM implementation of STM. A simulation experiment is conducted based upon a specific PM and CCIM implementation of the STM; this experiment simulates an attack environment primarily consisting of a probe attack. The usefulness of the proposed CCCAS model is demonstrated in this simulation. |