Learn More
In the last few years, the performances of wireless technologies have increased tremendously thus opening new fields of application in the domain of networking. One of such fields concerns mobile ad hoc networks (MANETs) in which mobile nodes organise themselves in a network without the help of any predefined infrastructure. Securing MANETs is just as(More)
ADeLe is an attack description language designed to model a database of known attack scenarios. As the descriptions might contain executable attack code, it allows one to test the efficiency of given Intrusion Detection Systems (IDS). Signatures can also be extracted from the descriptions to configure a particular IDS. 1. INTRODUCTION In this article, we(More)
At present, alert correlation techniques do not make full use of the information that is available. We propose a data model for IDS alert correlation called M2D2. It supplies four information types: information related to the characteristics of the monitored information system, information about the vulnerabilities, information about the security tools used(More)
This paper deals with metamorphic viruses. More precisely, it examines the use of advanced code obfuscation techniques with respect to metamorphic viruses. Our objective is to evaluate the difficulty of a reliable static detection of viruses that use such obfuscation techniques. Here we extend Spinellis' result (IEEE Trans. Inform. Theory, 49(1), 280– 284,(More)
The main use of intrusion detection systems (IDS) is to detect attacks against information systems and networks. Normal use of the network and its functioning can also be monitored with an IDS. It can be used to control, for example, the use of management and signaling protocols, or the network traffic related to some less critical aspects of system(More)
Combining an " anomaly " and a " misuse " IDSes offers the advantage of separating the monitored events between normal, intrusive or unqualified classes (ie not known as an attack, but not recognize as safe either). In this article, we provide a framework to systematically reason about the combination of anomaly and misuse components. This framework applied(More)
It is commonly accepted that intrusion detection systems (IDS) are required to compensate for the insufficient security mechanisms that are available on computer systems and networks. However, the anomaly-based IDSes that have been proposed in the recent years present some drawbacks , e.g., the necessity to explicitly define a behaviour reference model. In(More)