Stateful Intrusion Detection using Algebraic State-Transition Diagrams

Increasingly, cyber threats evolve targeting companies, industries and governments. As defense systems are strengthening, threat actors developed new tactics, strategies and techniques to break down security perimeters. Generally, the security of the perimeters are enforced by multiples intrusion prevention and detection tools responsible to provide proactive insights, real-time insights and operational insights for the detection, prevention and mitigation of eventual threatening activities on the monitored system. The performance of such tools depends of the different criteria including detection technique, state awareness, usage frequency and structure. Tools like Snort offer a real-time detection based on rules (or signatures) to detect threatening behaviours from its knowledge base. Snort signatures are expressed in a low-level language that limits the expression of more complex attacks such as advanced persistent threats, distributed and multi-step attacks. They offer basic options for dynamic or stateful analysis, which is necessary to detect aforementioned attacks. TO BE CONt’D

Faculty Supervisor:

Marc Frappier

Student:

Lionel Tidjon

Partner:

Nokia Canada Inc.

Discipline:

Computer science

Sector:

Information and communications technologies

University:

Program: