# ADeLe - Attack description language
###### tags: `By_Ivan`
ADeLe is a description language, designed to be easily readable, and is capable of expressing both attacker's and defender's point of view.
## About ADeLe
The paper was published in 2001. Its goal is to construct a description database for IDS (intrusion detection system).
This language is not being used nowadays, as well as IDS.
Network sociaty has grown to a significant scale, and the related technology has become much more complicated. Building a description database would take a lot of effort. Not to mention it being not user-friendly, oftenly generates false positive alarms.
Having high false positive rate and large overhead, it is obvious that IDS is no longer practical in the field of network security.
## What can be used in our project
ADeLe was designed to describe an attack thoroughly while maintaining its readability. It had some well designed features and could be a good reference in designing __Alert and Report System__.
ADeLe features:
1. Readable for human
2. Information from defferent views(attacker and deffender)
3. modularize objects
### ADeLe Language Layout
#### Exploit:
- Precond
- Attack
- Postcond
Record our knowledge of an attack. The information would be writen from the attacker's view.
#### Detection:
- Events
- Enchain
Describing an attack from the defender's view by showing the events cause by the attack. Enchain section shows the relationship of the events and their threshold value.
#### Response:
Describing how to react to this particular event. Reaction includes sending messages or running some scripts.
### Prototype
```json
{
Anomaly:{
Precond: ["Descriptions", "or Reference to other events"],
Event: "Information of the Event",
Postcond: ["Similar to Precond"]
},
Detection:{
Events: ["#list of Events"],
Enchain: ["#list of functions"]
},
Response:{
Email:{"Reporting target A"},
SNS:{"Reporting target B"}
}
}
```
_____
This paper had been referenced in:
>An Network Attack Modeling Method Based on MLL-AT
>[name=YanFen, Yin Xinchun, Huang Hao][link](https://doi.org/10.1016/j.phpro.2012.02.260)
Sign in with Wallet
Connect another wallet