Home // ICIMP 2013, The Eighth International Conference on Internet Monitoring and Protection // View article

TeStID: A High Performance Temporal Intrusion Detection System

Authors:
Abdulbasit Ahmed
Alexei Lisitsa
Clare Dixon

Keywords: network intrusion detection system; temporal logic; parallel stream processing; runtime verification

Abstract:
Network intrusion detection systems are faced with the challenge of keeping pace with the increasingly high volume network environments. Also, the increase in the number of attacks and their complexities increase the processing and the other resources required to run intrusion detection systems. In this paper, a novel intrusion detection system is developed (TeStID). TeStID combines the use of high-level temporal logic based language for specification of attacks and stream data processing for actual detection. The experimental results show that this combination efficiently make use of the existing testing machine resources to successfully achieve higher coverage rate in intensive network traffic compared with Snort and Bro. Additionally, the solution provides a concise and unambiguous way to formally represent attack signatures and it is extensible and scalable.

Pages: 20 to 26

Copyright: Copyright (c) IARIA, 2013

Publication date: June 23, 2013

Published in: conference

ISSN: 2308-3980

ISBN: 978-1-61208-281-3

Location: Rome, Italy

Dates: from June 23, 2013 to June 28, 2013