Abstract
All currently available Network-based Intrusion Detection Systems (NIDS) rely upon passive protocol analysis which is fundamentally flawed as an attack can evade detection by exploiting ambiguities in the traffic stream as seen by the NIDS. We observe that different attack variations can be derived from the original attack using simple transformations. This paper proposes a semantic model for attack mutation based on dynamic description logics (DDL(X)), extensions of description logics (DLs) with a dynamic dimension, and explores the possibility of using DDL(X) as a basis for evasion composition. The attack mutation model describes all the possible transformations and how they can be applied to the original attack to generate a large number of attack variations. Furthermore, this paper presents a heuristics planning algorithm for the automation of evasion composition at the functional level based on DDL(X). Our approach employs classical DL-TBoxes to capture the constraints of the domain, DL-ABoxes to present the attack, and DL-formulas to encode the objective sequence of packets respectively. In such a way, the evasion composition problem is solved by a decidable tableau procedure. The preliminary results certify the potential of the approach.
Chapter PDF
Similar content being viewed by others
Keywords
References
Ptacek, T.H., Newsham, T.N.: Insertion, evasion, and denial of service: Eluding network intrusion detection. Secure Networks INC Calgary Alberta (1998)
Handley, M., Paxson, V., Kreibich, C.: Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics. In: USENIX Security Symposium 2001, pp. 115–131 (2001)
Niemi, O.P.: Protect Against Advanced Evasion Techniques, McAfee (2014), http://www.mcafee.com/us/resources/white-papers/wp-protect-against-adv-evasion-techniques.pdf
Chang, L., Shi, Z., Gu, T., Zhao, L.: A Family of Dynamic Description Logics for Representing and Reasoning About Action. J. Autom. Reasoning, 1–52 (2010)
Wang, Z., Yang, K., Shi, Z.: Failure Diagnosis of Internetware Systems Using Dynamic Description Logic. J. Softw. China 21, 248–260 (2010)
Wang, Z., Peng, H., Guo, J., Zhang, Y., Wu, K., Xu, H., Wang, X.: An architecture description language based on dynamic description logics. In: Shi, Z., Leake, D., Vadera, S. (eds.) Intelligent Information Processing VI. IFIP AICT, vol. 385, pp. 157–166. Springer, Heidelberg (2012)
Baader, F., Calvanese, D., McGuinness, D., Nardi, D., Patel-Schneider, P.F.: The description logic handbook: theory, implementation, and applications. Cambridge University Press (2003)
Artale, A., Franconi, E.: A temporal description logic for reasoning about actions and plans. J. Artif. Intell. Res. USA 9, 463–506 (1998)
Baader, F., Lutz, C., Milicic, M., Sattler, U., Wolter, F.: Integrating description logics and action formalisms: First results. Proc. Natl. Conf. Artif. Intell. USA 2, 572–577 (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 IFIP International Federation for Information Processing
About this paper
Cite this paper
Wang, Z. et al. (2014). A Formal Model for Attack Mutation Using Dynamic Description Logics. In: Shi, Z., Wu, Z., Leake, D., Sattler, U. (eds) Intelligent Information Processing VII. IIP 2014. IFIP Advances in Information and Communication Technology, vol 432. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-44980-6_34
Download citation
DOI: https://doi.org/10.1007/978-3-662-44980-6_34
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-44979-0
Online ISBN: 978-3-662-44980-6
eBook Packages: Computer ScienceComputer Science (R0)