Skip to Main Content
An attack specification language is constructed based on enhanced attack tree model first, but this language is not power enough to depict some characters of multi-level intrusions. To address this problem, a more powerful language, Z language, is introduced to define the attack schemas. In this language, the representations of relations among nodes are given. Then, a construction of IP_Spoofing attack schemas exemplifies this method and how to detect IP_Spoofing attack is discussed. Based on this method, an experimental system ADIDS has been built to demonstrate the feasibility of this method.