Abstract
Anomaly-based intrusion detection systems are essential defenses against cybersecurity threats because they can identify anomalies in current activities. However, these systems have difficulties providing entity processing independence through a programming language. In addition, a degradation of the detection process is caused by the complexity of scheduling the training and detection processes, which are required to keep the anomaly detection system continuously updated. This paper shows how to use the algebraic state-transition diagram (ASTD) language to develop flexible anomaly detection systems. This paper provides a model for detecting point anomalies using the unsupervised non-parametric technique Kernel Density Estimation to estimate the probability density of event occurrence. The proposed model caters for both the training and the detection phase continuously. The ASTD language streamlines the modeling of detection systems thanks to its process algebraic operators that provide a solution to overcome these challenges. By delegating the combination of anomaly-based detection processes to the ASTD language, the effort and complexity are reduced during detection models development. Finally, using a qualitative evaluation, this study demonstrates that the algebraic operators in the ASTD specification language overcome these challenges.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Home (2022). http://suricata-ids.org/
Ahmad, I., Basheri, M., Iqbal, M.J., Rahim, A.: Performance comparison of support vector machine, random forest, and extreme learning machine for intrusion detection. IEEE Access 6, 33789–33795 (2018). https://doi.org/10.1109/ACCESS.2018.2841987
Bauder, R., Khoshgoftaar, T.: Multivariate anomaly detection in medicare using model residuals and probabilistic programming (2017). https://aaai.org/ocs/index.php/FLAIRS/FLAIRS17/paper/view/15429
Frappier, M., Gervais, F., Laleau, R., Fraikin, B., St-Denis, R.: Extending statecharts with process algebra operators. Innovations Syst. Softw. Eng. 4, 285–292 (2008). https://doi.org/10.1007/s11334-008-0064-1
Hallé, S.: Event Stream Processing with BeepBeep 3: Log Crunching and Analysis Made Easy (2018)
Hoare, C.A.R.: Communicating sequential processes. Commun. ACM 21(8), 666–677 (1978)
Ihaka, R., Gentleman, R.: R: a language for data analysis and graphics. J. Comput. Graph. Stat. 5(3), 299–314 (1996). http://www.jstor.org/stable/1390807
Kasinathan, P., Pastrone, C., Spirito, M.A., Vinkovits, M.: Denial-of-service detection in 6lowpan based internet of things. In: 2013 IEEE 9th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob), pp. 600–607 (2013)
Kauffman, S., Dunne, M., Gracioli, G., Khan, W., Benann, N., Fischmeister, S.: Palisade: a framework for anomaly detection in embedded systems. J. Syst. Architect. 113, 101876 (2021)
Khakurel, N., Bhagat, N.: Advanced engineering and ICT-convergence 2019 (ICAEIC-2019), p. 22 (2019)
Létourneau, L.S., El Jabri, C., Frappier, M., Tardif, P.M., Lépine, G., Boisvert, G.: Statistical approach for cloud security: Microsoft office 365 audit logs case study. In: 2021 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W), pp. 15–18. IEEE (2021)
Lifandali, O., Abghour, N.: Deep learning methods applied to intrusion detection: survey, taxonomy and challenges. In: 2021 International Conference on Decision Aid Sciences and Application (DASA), pp. 1035–1044 (2021). https://doi.org/10.1109/DASA53625.2021.9682357
Liu, G., Yi, Z., Yang, S.: Letters: a hierarchical intrusion detection model based on the pca neural networks. Neurocomput. 70(7–9), 1561–1568 (2007). https://doi.org/10.1016/j.neucom.2006.10.146
Nakayama, H., Kurosawa, S., Jamalipour, A., Nemoto, Y., Kato, N.: A dynamic anomaly detection scheme for aodv-based mobile ad hoc networks. IEEE Trans. Veh. Technol. 58(5), 2471–2481 (2008)
Neal, R.M.: Speed improvements in pqr: current status and future plans
Nganyewou Tidjon, L.: Modélisation formelle des systèmes de détection d’intrusions. Ph.D. thesis, Institut polytechnique de Paris (2020)
Pao, H.K., Lee, F.R., Lee, Y.J.: Dealing with interleaved event inputs for intrusion detection. J. Inf. Sci. Eng. 35(1), 223–242 (2019)
Paxson, V.: Bro: a system for detecting network intruders in real-time. In: Proceedings of the 7th Conference on USENIX Security Symposium - volume 7, p. 3. SSYM 1998, USENIX Association, USA (1998)
Raza, S., Wallgren, L., Voigt, T.: Svelte: real-time intrusion detection in the internet of things. Ad Hoc Netw. 11(8), 2661–2674 (2013). https://doi.org/10.1016/j.adhoc.2013.04.014. https://www.sciencedirect.com/science/article/pii/S1570870513001005
Roesch, M.: Snort: lightweight intrusion detection for networks. In: LISA (1999)
Roudjane, M., Rebaïne, D., Khoury, R., Hallé, S.: Real-time data mining for event streams. In: 2018 IEEE 22nd International Enterprise Distributed Object Computing Conference (EDOC), pp. 123–134. IEEE (2018)
Sanchez, L. et al.: Smartsantander: the meeting point between future internet research and experimentation and the smart cities. In: 2011 Future Network & Mobile Summit, pp. 1–8. IEEE (2011)
Sun, R., Zhang, S., Yin, C., Wang, J., Min, S.: Strategies for data stream mining method applied in anomaly detection. Cluster Comput. 22(2), 399–408 (2018). https://doi.org/10.1007/s10586-018-2835-2
Szmit, M., Adamus, S., Szmit, A., Bugała, S.: Implementation of Brutlag’s algorithm in Anomaly detection 3.0. In: 2012 Federated Conference on Computer Science and Information Systems (FedCSIS), pp. 685–691 (2012)
Thakkar, A., Lohiya, R.: A review of the advancement in intrusion detection datasets. Procedia Comput. Sci. 167, 636–645 (2020)
Thakkar, A., Lohiya, R.: A review on machine learning and deep learning perspectives of ids for iot: recent updates, security issues, and challenges. Arch. Comput. Meth. Eng. 28(4), 3211–3243 (2021). https://doi.org/10.1007/s11831-020-09496-0
Tidjon, L.N., Frappier, M., Mammar, A.: Intrusion detection using ASTDs. In: Barolli, L., Amato, F., Moscato, F., Enokido, T., Takizawa, M. (eds.) AINA 2020. AISC, vol. 1151, pp. 1397–1411. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-44041-1_118
Tidjon, L.N.: Formal modeling of intrusion detection systems. Ph.D. thesis, Institut Polytechnique de Paris; Université de Sherbrooke (Québec, Canada) (2020)
Tidjon, L.N., Frappier, M., Leuschel, M., Mammar, A.: Extended algebraic state-transition diagrams. In: 2018 23rd International Conference on Engineering of Complex Computer Systems (ICECCS), pp. 146–155. IEEE (2018)
Zhang, F., Kodituwakku, H.A.D.E., Hines, J.W., Coble, J.B.: Multilayer data-driven cyber-attack detection system for industrial control systems based on network, system, and process data. IEEE Trans. Ind. Inf. 15, 4362–4369 (2019)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Chaymae, E.J., Marc, F., Thibaud, E., Pierre-Martin, T. (2022). Development of Monitoring Systems for Anomaly Detection Using ASTD Specifications. In: Aït-Ameur, Y., Crăciun, F. (eds) Theoretical Aspects of Software Engineering. TASE 2022. Lecture Notes in Computer Science, vol 13299. Springer, Cham. https://doi.org/10.1007/978-3-031-10363-6_19
Download citation
DOI: https://doi.org/10.1007/978-3-031-10363-6_19
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-10362-9
Online ISBN: 978-3-031-10363-6
eBook Packages: Computer ScienceComputer Science (R0)