Intrusion Detection Systems (IDS) aim to detect the actions that attempt to compromise the confidentiality, availability, and integrity of a resource by monitoring the events occurring in computer systems and/or networks. Stream data processing is a database technology applied to flows of data. Temporal Logic is a formalism for representing change over time. This paper proposes the development of a network intrusion detection system by combining temporal formalisms for representing attack patterns with stream processing for intruder detection. The experimental results show that this combination successfully was able to detect all the attacks of that type in the test data. Additionally, the solution provides a concise and unambiguous way to formally represent attack signatures and it is extensible and scalable.
展开▼