Intrusion detection systems (IDS) are special computer security tools which help detect intrusion attempts. Misuse based detection is one of the techniques which is used by IDS to recognize predefined attack signatures. Attack languages, also known as detection languages, are used to describe attack signatures. Detection languages should be simple, expressive and flexible enough to help encode event signature accurately and conveniently. This paper shows the effectiveness of constraint based Trend Template (TT) as an efficient detection language by encoding some attack scenarios and focusing on the Trend Detector which recognizes those signatures from intrusion data.
Md. Ahsan Habib, Krisna Prasad Pawdel, Mohammad Ra