ISDTM：An Intrusion Signatures Description Temporal Model

摘要

ISDTM, based on an augmented Allen's interval temporal logic (ITL) and first-order predicate calculus, is a formal temporal model for representing intrusion signatures.It is augmented with some real time extensions which enhance the expressivity. Intrusion scenarios usually are the set of events and system states, wherethe temporal sequence is their basic relation. Intrusion signatures description, therefore, is to represent such temporal relations in a sense. While representing these signatures, ISDTM decomposes the intrusion process into the sequence of events according to their relevant intervals, and then specifies network states in these Intervals. The uncertain intrusion signatures as well as basic temporal modes of events, which consist of the parallel mode,the sequential mode and the hybrid mode, can be succinctly and naturally represented in ISDTM. Mode chart is the visualization of intrusion signatures in ISDTM, which makes the formulas more readable. The intrusion signatures descriptions in ISDTM have advantages of compact construct, concise syntax, scalability and easy implementation.