The detection of Udpstorm attacks based on model checking linear temporal logic

The intrusion detection based on model checking temporal logic is effective in detecting the complicated and variable network attacks. However, certain types of attacks remain undetected due to the lack of formal models. To solve this problem, a linear temporal logic is employed to model the variable patterns of Udpstorm attacks. First, an analysis of the principles of Udpstorm attacks is given and the details of these attacks are transformed into atomic actions. The atomic actions are then transformed into action sequence. Finally, this type of attacks is expressed in Linear Temporal Logic (LTL) formulas. With the formula thus obstained used as one input of the model checker and the automaton, which expresses the log, used as the other input of the model checker, the results of intrusion detection can be obtained by conducting the LTL model checking algorithm. The effectiveness and the comparative advantages of the new algorithm are verified by the simulation experiments.