ISSN : 1796-217X
Volume : 3    Issue : 2    Date : February 2008

Intrusion Detection Prototype Based on ADM-Logic
Mehdi Talbi, Meriam Ben Ghorbel-Talbi, and Mohamed Mejri
Page(s): 15-22
Full Text:
PDF (823 KB)

Intrusion detection systems (IDS) are considered nowadays as one of the most important
components in the security architecture of information systems. For a Misuse-based IDS, also
known as signature based IDS, the efficiency of detection is highly correlated to the quality of
signatures. It is therefore very important to select a suitable formal language that provides both high
expressiveness and simplicity when specifying attack signatures. It is also fundamental to have a
user friendly and automatic tool allowing the specification and the verification of these signatures.
This paper shows the efficiency and the suitability of the ADM-logic as a formal language to specify
properties characterizing a large variety of attack scenario, and focus on the design and
implementation details of our intrusion detection prototype based on this logic.

Index Terms
intrusion detection system, ADM-Logic, TCPIP based attacks