Intrusion detection: Computation communication characterization of probing and network attacks
This thesis proposes an approach in intrusion detection that is based on computation and communication characterization of network attacks. In this approach, both network traffic and hostbased data is monitored at the victim's site for sequences of computation and communication processes representing signs of network intrusion. ^ This thesis proposes the CCCAS Model for intrusion detection. The CCCAS model is subdivided into three submodels named the Physical Model, the Computation Communication Intrusion Model and the State Transition Model. These sub models deal with three different aspects of an attack scenario. An attack scenario is defined as a sequence of computation and communication operations whose successful execution leads to a network intrusion. The Physical Model characterizes the minimum software and hardware components required to launch a successful network attack. The Computation Communication Intrusion Model characterizes an attack scenario into sequences of computation and communication processes which could be monitored, detected and verified. The State Transition Model defines the change of states on the source machine and on the victim's machine which occur as a result of the execution of computation and communication processes involved in an attack scenario. (Abstract shortened by UMI.)^
Surapaneni, Kishore, "Intrusion detection: Computation communication characterization of probing and network attacks" (2004). ETD Collection for University of Texas, El Paso. AAIEP10608.