This is the continuation of this post.
We were able to find a mailing-list for STAT development in sourceforge[dot]net. The source code for few STAT based IDS were also available there, like NetSTAT, USTAT, etc. This finding actually has reduced the effort that we had put down in writing a compiler for STAT Language. It was a like a bonus that we were also able to find a STAT editor to graphically represent the attack scenario and obtain the stat file corresponding to the figure. This STATed was implemented in Java. The compiler could convert a STAT Language source to C-source file.
While installing STATL compiler and the STATed – STAT scenario editor we faced a few difficulties with the dependencies. I had put those in the corresponding mailing list. Still the problem, while installing the Winstat(IDS) persists. But the STATL compiler and the STATed were installed successfully.
Here starts the next major step in my academic life: Major Project. I like to see this work to be very important but I have also seen people who don’t want to do even this. They just want to get into some group and just survives there by utilizing the energy of other teammates.
As always when I start off a project I have lot of expectation about it. Completion then developing it, putting it in the public domain and allowing others to improve the work. But most of these don’t work out… :D. But this time I really want to make a change to it. And I will.
This time I going with a project on Intrusion Detection System. We are planning to make it on top of STAT framework. There would be a need to implement a compiler for STAT Language* also. We actually has no materials other than few (old)papers relating to it. But we took this project only because we felt it would be very interesting to modal an attack on the basis of a new frame work. Initially after making a compiler for a subset of the language we would like to give Proof of Concept for few attack signatures. Then we would be able to assert that this compiler could be extended to detect many more different attack patterns.
In the first phase we have to identify which all attacks are we modeling and also should decide on the method to implement the compiler for STATL and we also need to decide on the subset of STATL that would help us represent the identified attack sequences.
I will update this post as it goes.
EDIT: Continuation of this post is added here.
*Similar existing language would be Snort.