Skip to Main content Skip to Navigation
Conference papers

A Formal Model for Attack Mutation Using Dynamic Description Logics

Abstract : All currently available Network-based Intrusion Detection Systems (NIDS) rely upon passive protocol analysis which is fundamentally flawed as an attack can evade detection by exploiting ambiguities in the traffic stream as seen by the NIDS. We observe that different attack variations can be derived from the original attack using simple transformations. This paper proposes a semantic model for attack mutation based on dynamic description logics (DDL(X)), extensions of description logics (DLs) with a dynamic dimension, and explores the possibility of using DDL(X) as a basis for evasion composition. The attack mutation model describes all the possible transformations and how they can be applied to the original attack to generate a large number of attack variations. Furthermore, this paper presents a heuristics planning algorithm for the automation of evasion composition at the functional level based on DDL(X). Our approach employs classical DL-TBoxes to capture the constraints of the domain, DL-ABoxes to present the attack, and DL-formulas to encode the objective sequence of packets respectively. In such a way, the evasion composition problem is solved by a decidable tableau procedure. The preliminary results certify the potential of the approach.
Document type :
Conference papers
Complete list of metadata

Cited literature [9 references]  Display  Hide  Download

https://hal.inria.fr/hal-01383345
Contributor : Hal Ifip <>
Submitted on : Tuesday, October 18, 2016 - 2:58:52 PM
Last modification on : Thursday, March 5, 2020 - 5:41:06 PM

File

978-3-662-44980-6_34_Chapter.p...
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Zhuxiao Wang, Jing Guo, Jin Shi, Hui He, Ying Zhang, et al.. A Formal Model for Attack Mutation Using Dynamic Description Logics. 8th International Conference on Intelligent Information Processing (IIP), Oct 2014, Hangzhou, China. pp.303-311, ⟨10.1007/978-3-662-44980-6_34⟩. ⟨hal-01383345⟩

Share

Metrics

Record views

484

Files downloads

715