A Formal Model for Attack Mutation Using Dynamic Description Logics

Abstract : All currently available Network-based Intrusion Detection Systems (NIDS) rely upon passive protocol analysis which is fundamentally flawed as an attack can evade detection by exploiting ambiguities in the traffic stream as seen by the NIDS. We observe that different attack variations can be derived from the original attack using simple transformations. This paper proposes a semantic model for attack mutation based on dynamic description logics (DDL(X)), extensions of description logics (DLs) with a dynamic dimension, and explores the possibility of using DDL(X) as a basis for evasion composition. The attack mutation model describes all the possible transformations and how they can be applied to the original attack to generate a large number of attack variations. Furthermore, this paper presents a heuristics planning algorithm for the automation of evasion composition at the functional level based on DDL(X). Our approach employs classical DL-TBoxes to capture the constraints of the domain, DL-ABoxes to present the attack, and DL-formulas to encode the objective sequence of packets respectively. In such a way, the evasion composition problem is solved by a decidable tableau procedure. The preliminary results certify the potential of the approach.
Type de document :
Communication dans un congrès
Zhongzhi Shi; Zhaohui Wu; David Leake; Uli Sattler. 8th International Conference on Intelligent Information Processing (IIP), Oct 2014, Hangzhou, China. Springer, IFIP Advances in Information and Communication Technology, AICT-432, pp.303-311, 2014, Intelligent Information Processing VII. 〈10.1007/978-3-662-44980-6_34〉
Liste complète des métadonnées

Littérature citée [9 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01383345
Contributeur : Hal Ifip <>
Soumis le : mardi 18 octobre 2016 - 14:58:52
Dernière modification le : mardi 18 octobre 2016 - 15:08:49

Fichier

978-3-662-44980-6_34_Chapter.p...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Zhuxiao Wang, Jing Guo, Jin Shi, Hui He, Ying Zhang, et al.. A Formal Model for Attack Mutation Using Dynamic Description Logics. Zhongzhi Shi; Zhaohui Wu; David Leake; Uli Sattler. 8th International Conference on Intelligent Information Processing (IIP), Oct 2014, Hangzhou, China. Springer, IFIP Advances in Information and Communication Technology, AICT-432, pp.303-311, 2014, Intelligent Information Processing VII. 〈10.1007/978-3-662-44980-6_34〉. 〈hal-01383345〉

Partager

Métriques

Consultations de la notice

79

Téléchargements de fichiers

2