On the model-checking-based IDS
This work addresses the need for standardized evaluation in intrusion detection systems for cybersecurity, but it is incremental as it focuses on benchmarking existing methods.
The paper tackled the problem of comparing the performance of intrusion detection algorithms based on model checking techniques by constructing a standard intrusion set (ISIDMC) and testing three logics (LTL, ITL, RASL) on 24 attack types, resulting in an exhaustive comparison of detection abilities and efficiency.
How to identify the comprehensive comparable performance of various Intrusion Detection (ID) algorithms which are based on the Model Checking (MC) techniques? To address this open issue, we conduct some tests for the model-checking-based intrusion detection systems (IDS) algorithms. At first, Linear Temporal Logic (LTL), Interval Temporal Logic (ITL) and Real-time Attack Signature Logic (RASL) are employed respectively to establish formula models for twenty-four types of attacks. And then, a standard intrusion set, called Intrusion Set for Intrusion Detection based on Model Checking (ISIDMC) is constructed. On the basis of it, detection abilities and efficiency of the intrusion detection algorithms based on model checking the three logics mentioned above are compared exhaustively