Home // SECURWARE 2011, The Fifth International Conference on Emerging Security Information, Systems and Technologies // View article

A Framework for Protocol Vulnerability Condition Detection

Authors:
Yuxin Meng
Lam for Kwok

Keywords: intrusion detection; vulnerability analysis

Abstract:
Intrusion detection system (IDS) detects an intrusion by comparing with its attack signatures. The generation of IDS signatures is based on the analysis of attack traffic, which is a result of exploiting vulnerabilities in a network protocol. Thus, the protocol analysis becomes an effective method to find out protocol vulnerabilities with regard to IDS. But the problem of protocol analysis in IDS is that how to detect all protocol vulnerability conditions in protocols. In this paper, we propose a novel framework to identify protocol vulnerability conditions by utilizing existing protocol analysis techniques. In particular, there are three major analysis steps in our framework: protocol semantic analysis, protocol implementation analysis and protocol state transition sub-condition analysis. In the final step of our framework, we illustrate the use of deletion, addition and modification operations with the purpose of generating all potential protocol vulnerability conditions from the normal protocol transition conditions. Experimental results show that this framework is encouraging and feasible.

Pages: 91 to 96

Copyright: Copyright (c) IARIA, 2011

Publication date: August 21, 2011

Published in: conference

ISSN: 2162-2116

ISBN: 978-1-61208-146-5

Location: Nice/Saint Laurent du Var, France

Dates: from August 21, 2011 to August 27, 2011