Detecting intrusions specified in a software specification language

To protect software against malicious activities, organizations are required to monitor security breaches. Intrusion detection systems (IDS) are those kinds of monitoring tools that have gained a considerable amount of popularity, A number of specification-based IDSs have been proposed, where security requirements or attack scenarios are specified using some languages. Currently, attack specification languages are being deployed for describing security requirements. Use of two different languages for software specification and security specification invites a number of unwanted but complicated issues, such as duplication of requirements specification effort as well as the existence of redundant and conflicting requirements. In this paper, we present an intrusion detection technique that uses a formal software specification language called abstract state machine language (AsmL) for the specification of security requirements. We present a framework, and develop the algorithm for the IDS that interprets the AsmL attack scenario specifications in order to detect intrusions. Moreover, we discuss case studies where the presented intrusion detection system is used to detect attacks.