Return to d'Auriol's Publication Page
Brian J. d'Auriol and Kishore Surapaneni, "A State Transition Model Case Study for Intrusion Detection Systems", Proc. of the 2004 International Conference on Security and Management (SAM'04), June 21 - 24, 2004, Monte Carlo Resort, Las Vegas, Nevada, USA, Hamd R. Arabnia, Selim Aissi and Youngson Mun (Eds.), pp. 186-192, June 2004.
A state transition model consisting of a physical layer, a communications sequencing layer and a state transition layer, is proposed for intrusion detection systems. A case study demonstrating the applicability of this approach is described. The case study concentrates on a port scan: states and state transitions based on the underlying layers are detailed. A series of screen shot captures illustrate identification and detection of specific intrusive activities of the port scan. The case study concludes by associating these observable conditions with states and state transitions. Lastly, we outline the applicable use of the proposed model.
Full Paper (pdf: 1.6MB)