Formal Reasoning About a Specification-Based Intrusion Detection for Dynamic Auto-configuration Protocols in Ad Hoc Networks

Song, Tao; Ko, Calvin; Tseng, Chinyang Henry; Balasubramanyam, Poornima; Chaudhary, Anant; Levitt, Karl N.

doi:10.1007/11679219_3

Cited by 9 publications

(12 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Gil et al in [24] have used IEEE 802.11 protocol and the extensible authentication protocol (EAP) specifications as specification source to define the desired behaviour of wireless local area network. Song et al in [25] combine both informal protocol specification and other documents from dynamic registration and configuration protocol as specification source. The spanning tree protocol (STP) specification has been leveraged as specification source by Jieke et al in [26] to describe the expected behaviour for carrier Ethernet network infrastructure.…”

Section: A Specification Sourcementioning

confidence: 99%

“…1) Manual: Most of the specification extraction methods adopt a manual approach for the extraction of the correct system behaviour from the specification source [18], [27], [16], [12], [17], [24], [25], [26], [13], [14], [15], [35], [36], [33], [32], [31]. This method has been shown to be an expensive and very tedious process [27].…”

Section: B Specification Extractionmentioning

confidence: 99%

“…They specify the correct AODV routing protocol behaviour using the finite state machine in [12] and describe the valid routing behaviour of a network node based on Optimised Link State Routing (OLSR) protocol in [15]. The extended finite state machine has been applied by Hansson et al in [13] and by Song et al in [25] for specification modelling. Gill et al in [24] utilise state transition model to describe the extracted specification and state transition patterns are employed by Pan et al in [35] for specification modelling.…”

Section: ) Specification Modelling Using State-based Approachmentioning

confidence: 99%

See 2 more Smart Citations

A Survey of Specification-based Intrusion Detection Techniques for Cyber-Physical Systems

Nweke¹

2021

IJACSA

View full text Add to dashboard Cite

Cyber-physical systems (CPS) integrate computation and communication capabilities to monitor and control physical systems. Even though this integration improves the performance of the overall system and facilitates the application of CPS in several domains, it also introduces security challenges. Over the years, intrusion detection systems (IDS) have been deployed as one of the security controls for addressing these security challenges. Traditionally, there are three main approaches to IDS, namely: anomaly detection, misuse detection and specificationbased detection. However, due to the unique attributes of CPS, the traditional IDS need to be modified or completely replaced before it can be deployed for CPS. In this paper, we present a survey of specification-based intrusion detection techniques for CPS. We classify the existing specification-based intrusion detection techniques in the literature according to the following attributes: specification source, specification extraction, specification modelling, detection mechanism, detector placement and validation strategy. We also discuss the details of each attribute and describe our observations, concerns and future research directions. We argue that reducing the efforts and time needed to extract the system specification of specification-based intrusion detection techniques for CPS and verifying the correctness of the extracted system specification are open issues that must be addressed in the future.

show abstract

Section: A Specification Sourcementioning

confidence: 99%

Section: B Specification Extractionmentioning

confidence: 99%

Section: ) Specification Modelling Using State-based Approachmentioning

confidence: 99%

See 1 more Smart Citation

A Survey of Specification-based Intrusion Detection Techniques for Cyber-Physical Systems

Nweke¹

2021

IJACSA

View full text Add to dashboard Cite

show abstract

“…These engines monitor only the particular routing protocols, and thus, they are only capable of detecting attacks that target the routing mechanisms of MANETs. Song et al [4] have proposed a specificationbased engine that monitors the Dynamic Registration and Configuration Protocol (DRCP) [10] for attacks that alter configuration information in MANETs. Finally, Raya et al [12] have proposed a mechanism for detecting misbehaviors in wireless networks relying on the 802.11 MAC [11] protocol.…”

Section: Introductionmentioning

confidence: 99%

Securing the 802.11 MAC in MANETs: A specification-based intrusion detection engine

Panos

Kotzias

Xenakis

et al. 2012

2012 9th Annual Conference on Wireless on-Demand Network Systems and Services (WONS)

View full text Add to dashboard Cite

Abstract-Specification-based detection engines share the advantages of signature-based and anomaly-based detection, since they can detect unknown attacks, without the side effects of high rates of false positives. However, such solutions for MANETs have seen limited use. This paper introduces a specification-based detection engine that is built upon the functionality and limitations of the 802.11 MAC protocol, expanding the detection range of such engines in MANETs. The proposed detection engine is deployed at each node and performs detection using a set of specifications, which describe the correct operation of the MAC protocol operating at the host node. The proposed engine introduces a number of significant advantages since it can effectively detect both known and unknown attacks in real time and with minimum overhead. Moreover, it is resilient to the dynamic topologies that are common in MANETs and its deployment requires no protocol modifications.

show abstract

“…Over the years, researchers developed custom specification-based intrusion detection techniques to fit different infrastructures such as mobile ad hoc networks [93][94][95][96][97][98] and WLANs [99]. Furthermore, specification-based IDSs were developed for specific use cases both for network-based (e.g., VoIP technologies [100], carrier Ethernet [101]) and host-based security (e.g., kernel dynamic data structures [102], mobile operating systems [103]).…”

Section: Specification-based Intrusion Detectionmentioning

confidence: 99%

Intrusion detection in networked control systems : from system knowledge to network security

Caselli¹

View full text Add to dashboard Cite

Formal Reasoning About a Specification-Based Intrusion Detection for Dynamic Auto-configuration Protocols in Ad Hoc Networks

Cited by 9 publications

References 14 publications

A Survey of Specification-based Intrusion Detection Techniques for Cyber-Physical Systems

A Survey of Specification-based Intrusion Detection Techniques for Cyber-Physical Systems

Securing the 802.11 MAC in MANETs: A specification-based intrusion detection engine

Intrusion detection in networked control systems : from system knowledge to network security

Contact Info

Product

Resources

About