Sciweavers

JCS
2002

STATL: An Attack Language for State-Based Intrusion Detection

14 years 7 days ago
STATL: An Attack Language for State-Based Intrusion Detection
STATL is an extensible state/transition-based attack description language designed to support intrusion detection. The language allows one to describe computer penetrations as sequences of actions that an attacker performs to compromise a computer system. A STATL description of an attack scenario can be used by an intrusion detection system to analyze a stream of events and detect possible ongoing intrusions. Since intrusion detection is performed in different domains (i.e., the network or the hosts) and in different operating environments (e.g., Linux, Solaris, or Windows NT) it is important to have an extensible language that can be easily tailored to different target environments. STATL defines domain-independent features of attack scenarios and provides constructs for extending the language to describe attacks in particular domains and environments. The STATL language has been successfully used in describing both networkbased and host-based attacks, and it has been tailored to ver...
Steve T. Eckmann, Giovanni Vigna, Richard A. Kemme
Added 22 Dec 2010
Updated 22 Dec 2010
Type Journal
Year 2002
Where JCS
Authors Steve T. Eckmann, Giovanni Vigna, Richard A. Kemmerer
Comments (0)