Learn More
ADeLe is an attack description language designed to model a database of known attack scenarios. As the descriptions might contain executable attack code, it allows one to test the efficiency of given Intrusion Detection Systems (IDS). Signatures can also be extracted from the descriptions to configure a particular IDS. 1. INTRODUCTION In this article, we(More)
In the last few years, the performances of wireless technologies have increased tremendously thus opening new fields of application in the domain of networking. One of such fields concerns mobile ad hoc networks (MANETs) in which mobile nodes organise themselves in a network without the help of any predefined infrastructure. Securing MANETs is just as(More)
In decentralized P2P networks, many security mechanisms still rely on a central authority. This centralization creates a single point of failure and does not comply with the P2P principles. We previously proposed a distributed PKI for P2P networks which allows to push security mechanisms to the edges of the network but relies on unaffordable maintenance(More)
At present, alert correlation techniques do not make full use of the information that is available. We propose a data model for IDS alert correlation called M2D2. It supplies four information types: information related to the characteristics of the monitored information system, information about the vulnerabilities, information about the security tools used(More)
This paper deals with metamorphic viruses. More precisely, it examines the use of advanced code obfuscation techniques with respect to metamorphic viruses. Our objective is to evaluate the difficulty of a reliable static detection of viruses that use such obfuscation techniques. Here we extend Spinellis' result (IEEE Trans. Inform. Theory, 49(1), 280– 284,(More)
It is commonly accepted that intrusion detection systems (IDS) are required to compensate for the insufficient security mechanisms that are available on computer systems and networks. However, the anomaly-based IDSes that have been proposed in the recent years present some drawbacks , e.g., the necessity to explicitly define a behaviour reference model. In(More)
The main use of intrusion detection systems (IDS) is to detect attacks against information systems and networks. Normal use of the network and its functioning can also be monitored with an IDS. It can be used to control, for example, the use of management and signaling protocols, or the network traffic related to some less critical aspects of system(More)
In this paper, we present a novel distributed certification system in which signing a certificate needs the collaboration of a fixed ratio of the nodes, hence a varying number of nodes. This number is dynamically adjusted to enforce the ratio in a fully distributed way, which is mandatory for decentralized varying-size P2P networks. A certificate allows(More)
Combining an "anomaly" and a "misuse" IDSes offers the advantage of separating the monitored events between normal, intrusive or unqualified classes (i.e. not known as an attack, but not recognize as safe either). In this article, we provide a framework to systematically reason about the combination of anomaly and misuse components. This framework applied(More)