<jats:p>Compared with the Intrusion Detection (ID) based on pattern matching, the model-checking-based methods can find the complex attacks. But their rates of missing report are still high. To solve this problem, we firstly use the Interval Temporal Logic with Past Construct (ITLPC) formulae to describe some signatures for network attacks. And then, we can use some automata to establish models of audit logs. On the basis of it, automata, i.e., attack models, and ITLPC formulae, i.e., signatures, constitute the two inputs of the ITLPC model checking algorithm. Therefore, a new model-checking-based ID algorithm is obtained by calling the ITLPC algorithm. Compared with the existing methods, the new method is more powerful, as shown in the experimental simulations.</jats:p>

• 出版日期2014-10
• 单位郑州大学; 河南大学