Intrusion detection markup language (IDML) and IDML based intrusion detection model

Abstract

Due to the rapid growth of networked computer resources and the increasing importance of related applications, intrusions which threaten the infrastructure of these applications become critical problems today. In recent years, several intrusion detection systems have been proposed designed to identify and detect possible intrusion behaviors, In this work, an intrusion detection model is proposed to build an intrusion detection system which can solve the issues for building intrusion detection system, including Pattern representation, Computability, Performance, Extendibility and Maintenance. In the model, IDML is first designed to express intrusion pattern, and these patterns will be transformed into intrusion pattern state machines. Once the intrusion pattern state machines are obtained, the corresponding intrusion detection mechanism which can use these state machines to detect intrusions is designed. To evaluate the performance of our model, an IDML-based intrusion detection experimental system based upon the architecture is implemented, and finally some concluding remarks are given.