This directory is created automatically and some papers may be mislabeled. Only document within the CiteSeer database are listed. The directory is intended to provide entry points for browsing the database and is not intended to be authoritative. Papers may not appear in all relevant categories. For example, papers in a sub-category may not appear in higher level categories.
73 EMERALD: Event Monitoring Enabling Responses to Anomalous Live.. - Porras, Neumann (1997)(Correct)
The EMERALD (Event Monitoring Enabling
Responses to Anomalous Live Disturbances) en-
vironment is a distributed scalable tool suite for track-
ing malicious activity through and across large networks.... / with over a decade of intrusion detection research and engineering br Keywords Network security intrusion detection coordinated attacks
57 State Transition Analysis: A Rule-Based Intrusion Detection Approach - Ilgun (1995)(Correct)
This paper presents a new approach to representing
and detecting computer penetrations in real-time.
The approach, called state transition analysis, models penetrations
as a series of state changes th... / Analysis A Rule-Based Intrusion Detection Approach Koral Ilgun br and functionality of this intrusion detection approach. Lastly STAT is
55 A Sense of Self for Unix Processes - Forrest, Hofmeyr, Somayaji, Longstaff (1996)(Correct)
A method for anomaly detection is introduced in which
"normal" is defined by short-range correlations in a process
' system calls. Initial experiments suggest that the definition
is stable during norm... / most prior published work on intrusion detection has relied on either a much br are two basic approaches to intrusion detection misuse intrusion
47 Computer Immunology - Forrest, Hofmeyr, Somayaji (1996)(Correct)
this article argues that the similarities are compelling
and could point the way to improved computer security. Improvements can be achieved by
designing computer immune systems that have some of the ... / systems. Many virus and intrusion detection methods scan only for known br exceptions include anomaly intrusion detection systems and
42 Ustat : A Real-time Intrusion Detection System for Unix - Ilgun (1992)(Correct)
Ustat
A Real-time Intrusion Detection System
for UNIX
by
Koral Ilgun
This thesis presents the design and implementation of a real-time intrusion
detection tool called Ustat, a State Transition Analys... / Barbara USTAT A Real-time Intrusion Detection System for UNIX A Thesis br Ustat A Real-time Intrusion Detection System for UNIX by Koral
33 Classification And Detection Of Computer Intrusions - Kumar (1995)(Correct)
Some computer security breaches cannot be prevented using access and information flow control techniques. These breaches may be a consequence of system software bugs, hardware or software failures, in... / . What is Intrusion Detection br Premise and Limitations of Intrusion Detection .
31 Bro: A System for Detecting Network Intruders in Real-Time - Paxson (1998)(Correct)
We describe Bro, a stand-alone system for detecting network
intruders in real-time by passively monitoring a network
link over which the intruder's traffic transits. We give
an overview of the system'... / attacks is termed network intrusion detection a relatively new area of br the Bro language. Because intrusion detection can form a cornerstone of
31 JAM: Java Agents for Meta-Learning over Distributed Databases - Stolfo, Prodromidis, Tselepis, Lee.. (1997)(Correct)
In this paper, we describe the JAM system, a distributed, scalable and portable
agent-based data mining system that employs a general approach to scaling data mining
applications that we have come to ... / applications is fraud and intrusion detection in financial information br research is supported by the Intrusion Detection Program BAA of the
30 Automated Detection of Vulnerabilities in Privileged Programs by.. - Ko, Fink, Levitt (1994)(Correct)
We present a method for detecting exploitations of vulnerabilities
in privileged programs by monitoring their execution
using audit trials, where the monitoring is with
respect to specifications of th... / Our work is motivated by the intrusion detection paradigm but is an attempt br Our approach is a variant of intrusion detection wherein audit trails
28 Checking for Race Conditions in File Accesses - Bishop, Dilger (1996)(Correct)
We develop a theory of vulnerabilities and their signatures, and use this theory to categorize race
conditions that occur when processes interact with files in the UNIX operating system and that
prese... / of attacks in the context of intrusion detection in this context br a very different twist in intrusion detection. Characterizing
28 Implementing a Generalized Tool for Network Monitoring - Ranum (1997)(Correct)
Determining how you were attacked is essential to developing a response or
countermeasure. Usually, a system or network manager presented with a successful intrusion has
very little information with w... / served well as a poor man's intrusion detection system. Other network br and Argus Other intrusion detection burglar alarms have
27 A Pattern Matching Model for Misuse Intrusion Detection - Kumar, Spafford (1994)(Correct)
This paper describes a generic model of matching that can be usefully applied to misuse intrusion detection. The model is based on Colored Petri Nets. Guards define the context in which signatures are... / Matching Model For Misuse Intrusion Detection Sandeep Kumar Eugene br Keywords intrusion detection misuse anomaly.
27 Adaptive Fraud Detection - Fawcett, Foster (1997)(Correct)
One method for detecting fraud is to check for suspicious changes in user behavior. This paper describes the automatic design of user profiling methods for the purpose of fraud detection, using a se... / constructive induction intrusion detection applications . br detection is related to intrusion detection a field of computer
26 Data Mining Approaches for Intrusion Detection - Lee, Stolfo (1998)(Correct)
In this paper we discuss our research in developing general and systematic methods for intrusion detection. The key ideas are to use data mining techniques to discover consistent and useful patterns o... / Data Mining Approaches for Intrusion Detection Wenke Lee Salvatore br and systematic methods for intrusion detection. The key ideas are to use
24 A Software Architecture to support Misuse Intrusion Detection. - Kumar, Spafford (1995)(Correct)
Misuse Intrusion Detection has traditionally been understood in the literature as the detection of specific, precisely representable techniques of computer system abuse. Pattern matching is well dispo... / to support Misuse Intrusion Detection. Technical Report br Abstract Misuse Intrusion Detection has traditionally been
24 Detecting Computer and Network Misuse Through the Production-Based.. - Lindqvist, Porras (1999)(Correct)
This paper describes an expert system development toolset
called the Production-Based Expert System Toolset
(P-BEST) and how it is employed in the development of a
modern generic signature-analysis en... / of P-BEST have been used in intrusion detection research and in the br some of the most wellknown intrusion detection systems but this is the
22 OS Support for General-Purpose Routers - Peterson, Karlin, Li (1999)(Correct)
This paper argues that there is a need for routers to move
from being closed, special-purpose network devices to being
open, general-purpose computing/communication systems.
The central challenge in m... / to log usage and implement intrusion detection. One can argue with our
21 Hardening COTS Software with Generic Software Wrappers - Fraser, Badger, Feldman (1999)(Correct)
Numerous techniques exist to augment the security
functionality of Commercial Off-The-Shelf (COTS) applications
and operating systems, making them more
suitable for use in mission-critical systems. Al... / cause harm access control intrusion detection In some cases the br applications to support intrusion detection
20 A Data Mining Framework for Building Intrusion Detection Models - Lee, Stolfo, Mok (1999)(Correct)
There is often the need to update an installed Intrusion Detection System (IDS) due to new attack methods
or upgraded computing environments. Since many current IDSs are constructed by manual encoding... / Mining Framework for Building Intrusion Detection Models Wenke Lee br need to update an installed Intrusion Detection System IDS due to new
20 Defending a Computer System using Autonomous Agents - Crosbie, Spafford (1996)(Correct)
This report presents a prototype architecture of a defense mechanism for computer systems. The intrusion
detection problem is introduced and some of the key aspects of any solution are explained. Stan... / for computer systems. The intrusion detection problem is introduced and br are explained. Standard intrusion detection systems are built as a
19 Intelligence without Robots (A Reply to Brooks) - Etzioni (1993)(Correct)
In his recent papers, entitled "Intelligence without Representation and "Intelligence without
Reason," Brooks argues for studying complete agents in real-world environments and for
mobile robots as th... / tasks e.g.around-the-clock intrusion detection In short softbots
19 Temporal Sequence Learning and Data Reduction for Anomaly Detection - Lane, Brodley (1998)(Correct)
ing with credit is permitted. To copy otherwise, to republish, to post on
servers, to redistribute to lists, or to use any component of this work in other works, requires prior
specific permission and... / firewalls and network-based intrusion detection systems Heberlein et al. br Additionally multi-sensor intrusion detection systems such as AAFID
17 Detecting Intruders in Computer Systems - Lunt (1993)(Correct)
Although a computer system's primary defense is its access controls, computer
system access controls cannot be relied upon in most cases to safeguard against a
penetration or insider attack. Even the ... / is developing a real-time intrusion-detection expert system NIDES br related to building and using intrusion detection systems. The third part of
17 NetSTAT: A Network-based Intrusion Detection Approach - Vigna (1998)(Correct)
Network-based attacks have become common and sophisticated.
For this reason, intrusion detection systems are
now shifting their focus from the hosts and their operating
systems to the network itself. ... / NetSTAT A Network-based Intrusion Detection Approach Giovanni Vigna br For this reason intrusion detection systems are now shifting
17 An Application of Pattern Matching in Intrusion Detection - Kumar, Spafford (1994)(Correct)
This report examines and classifies the characteristics of signatures used in misuse intrusion detection. Efficient algorithms to match patterns in some of these classes are described. A generalized m... / of Pattern Matching in Intrusion Detection Technical Report br of signatures used in misuse intrusion detection. Efficient algorithms to
17 Automated Audit Trail Analysis and Intrusion Detection: A Survey - Lunt (1988)(Correct)
Today's computer systems are vulnerable to both abuse by insiders and penetration
by outsiders, as evidenced by the growing number of incidents reported in the press.
Because closing all security lo... / Audit Trail Analysis and Intrusion Detection A Survey Teresa F. Lunt br trail analysis techniques and intrusiondetection systems that have emerged
16 Intrusion Detection using Sequences of System Calls - Hofmeyr, Forrest, Somayaji (1998)(Correct)
this paper we are primarily concerned with determining empirically if the
discriminator is stable. Efficiency is a secondary consideration, and is addressed in this
paper to the extent that we analyze... / Intrusion Detection using Sequences of System br the use of tools such as Intrusion Detection Systems IDS The IDS
16 A Secure Active Network Environment Architecture - Alexander (1998)(Correct)
Active Networks are a network infrastructure which is programmable on a per-user or even per-packet basis. Increasing the flexibility of such network infrastructures invites new security risks. Coping... / monitoring e.g.for intrusion detection and other tasks that has
16 Detecting Intrusions Using System Calls: Alternative Data Models - Christina Warrender (1999)(Correct)
Intrusion detection systems rely on a wide variety of observable
data to distinguish between legitimate and illegitimate
activities. In this paper we study one such observable---
sequences of system c... / Abstract Intrusion detection systems rely on a wide br others introduced a simple intrusion detection method based on monitoring
16 Mining Audit Data to Build Intrusion Detection Models - Lee, Stolfo, Mok (1998)(Correct)
In this paper we discuss a data mining framework for constructing intrusion detection models. The key ideas are to mine system audit data for consistent and useful patterns of program and user behavio... / Mining Audit Data to Build Intrusion Detection Models Wenke Lee and br framework for constructing intrusion detection models. The key ideas are
15 Experience with EMERALD to Date - Neumann (1999)(Correct)
After summarizing the EMERALD architecture and the evolutionary process from which EMERALD has evolved, this paper focuses on our experience to date in designing, implementing, and applying EMERALD to... / st USENIX Workshop on Intrusion Detection and Network Monitoring br types of misuse. The term intrusion detection is often used to
15 Active Defense of a Computer System using Autonomous Agents - Mark Crosbie(Correct)
This report presents a prototype architecture
for an active defense mechanism for computer
systems. The intrusion detection problem is
introduced and some of the key aspects of any
solution are explai... / for computer systems. The intrusion detection problem is introduced and br We are proposing an Intrusion Detection System that will alert
15 Meta-Learning in Distributed Data Mining Systems: Issues and.. - Prodromidis, Chan, al. (2000)(Correct)
Data mining systems aim to discover patterns and extract useful information
from facts recorded in databases. A widely adopted approach to this
objective is to apply various machine learning algorit... / been successfully applied to intrusion detection in network-based systems br research is supported by the Intrusion Detection Program BAA from
14 Building Intrusion Tolerant Applications - Wu, Malkin, Boneh (1999)(Correct)
The ITTC project provides tools and an infrastructure for building intrusion tolerant applications. Rather than prevent intrusions or detect them after the fact, the ITTC system ensures that the compr... / system one often installs intrusion detection software to monitor system
14 Artificial Intelligence and Intrusion Detection: Current and Future.. - Frank (1994)(Correct)
Intrusion Detection systems (IDSs) have previously been built by hand. These systems have difficulty successfully classifying intruders, and require a significant amount of computational overhead maki... / Artificial Intelligence and Intrusion Detection Current and Future br June Abstract Intrusion Detection systems IDSs have
14 Insertion, Evasion, and Denial of Service: Eluding Network Intrusion.. - Ptacek, Newsham (1998)(Correct)
All currently available network intrusion detection (ID) systems rely
upon a mechanism of data collection---passive protocol analysis---which
is fundamentally flawed. In passive protocol analysis, t... / of Service Eluding Network Intrusion Detection Thomas H. Ptacek br currently available network intrusion detection ID systems rely upon a
13 Real-World Issues in Warehouse Navigation - Everett Gage Gilbreath(Correct)
The MDARS security robotics program has successfully demonstrated the simultaneous control of multiple robots
autonomously navigating within an industrial warehouse environment. This real-world wareho... / to provide an automated intrusion detection and inventory assessment
13 Intrusion Detection in Wireless Ad-Hoc Networks - Zhang, Lee (2000)(Correct)
As the recent denial-of-service attacks on several major Internet
sites have shown us, no open computer network is
immune from intrusions. The wireless ad-hoc network is
particularly vulnerable due to... / Intrusion Detection in Wireless Ad-Hoc Networks br line of defense. Many of the intrusion detection techniques developed on a
12 Learning Patterns from Unix Process Execution Traces for Intrusion.. - Lee, Stolfo (1997)(Correct)
In this paper we describe our preliminary
experiments to extend the work pioneered by Forrest
(see Forrest et al. 1996) on learning the (normal and
abnormal) patterns of Unix processes. These patterns... / Process Execution Traces for Intrusion Detection Wenke Lee and br to perhaps provide broader intrusion detection services. The experiments
12 Learning Program Behavior Profiles for Intrusion Detection - Ghosh, Schwartzbard, Schatz (1999)(Correct)
Profiling the behavior of programs can be a useful
reference for detecting potential intrusions against
systems. This paper presents three anomaly detection
techniques for profiling program behavior t... / Program Behavior Profiles for Intrusion Detection Anup K. Ghosh Aaron br attacks against systems intrusion detection systems must be able to
12 An Efficient Message Authentication Scheme for Link State Routing - Cheung (1997)(Correct)
We study methods for reducing the cost of secure link
state routing. In secure link state routing, routers may need
to verify the authenticity of many routing updates, and some
routers such as border ... / approach which is intrusion detection e.g. br Wu et al. proposed an intrusion detection approach to secure link
12 NetSTAT: A Network-based Intrusion Detection System - Vigna (1999)(Correct)
Network-based attacks are becoming more common and sophisticated. For this reason, intrusion detection
systems are now shifting their focus from the hosts and their operating systems to the network
it... / NetSTAT A Network-based Intrusion Detection System Giovanni Vigna br For this reason intrusion detection systems are now shifting
11 Sequence Matching and Learning in Anomaly Detection for Computer.. - Lane, Brodley (1997)(Correct)
Two problems of importance in computer security are
to 1) detect the presence of an intruder masquerading
as the valid user and 2) detect the perpetration of
abusive actions on the part of an otherwis... / security is that of intrusion detection. The goal is to detect br many possible approaches to intrusion detection one that has received
11 An Application of Machine Learning to Anomaly Detection - Lane, Brodley (1997)(Correct)
The anomaly detection problem has been widely studied in the computer security literature. In
this paper we present a machine learning approach to anomaly detection. Our system builds user
profiles ba... / security is that of intrusion detection. The goal is to br many possible approaches to intrusion detection one that has recieved
11 A Data Mining Framework for Constructing Features and Models for.. - Lee (1999)(Correct)
Intrusion detection is an essential component of critical infrastructure protection mechanisms. The traditional pure "knowledge engineering" process of building Intrusion Detection Systems (IDSs) is v... / Features and Models for Intrusion Detection Systems Wenke Lee
10 Simulated Social Control for Secure Internet Commerce - Rasmusson, Janson (1996)(Correct)
In this paper we suggest that soft security such as social control has to be used to create secure open systems. Social control means that it is the participants themselves who are responsible for the... / Soft security mechanisms for intrusion detection have been tried by Crosbie
10 NSTAT: A Model-based Real-time Network Intrusion Detection System - Kemmerer (1997)(Correct)
this report is to provide a single
STAT process with a single, chronological audit trail. A client/server approach is
currently being built, where the client side has two threads: a producer that read... / Model-based Real-time Network Intrusion Detection System Richard A. br of a real-time expert system intrusion detection tool. The approach is
10 Activity Monitoring: Noticing interesting changes in behavior - Fawcett, Provost (1999)(Correct)
We introduce a problem class which we term activity monitoring.
Such problems involve monitoring the behavior of a
large population of entities for interesting events requiring
action. We present a fr... / news story monitoring and intrusion detection can be expressed br of fraud detection computer intrusion detection network performance
9 A Methodology for Testing Intrusion Detection Systems - Puketza, Zhang, Chung, Mukherjee.. (1996)(Correct)
Intrusion Detection Systems (IDSs) attempt to identify unauthorized use, misuse,
and abuse of computer systems. In response to the growth in the use and development
of IDSs, we have developed a method... / A Methodology for Testing Intrusion Detection Systems Nicholas J. br Abstract Intrusion Detection Systems IDSs attempt to
9 Intelligent Agents for Intrusion Detection - Helmer, Wong, Honavar, Miller (1998)(Correct)
This paper focuses on intrusion detection and
countermeasures with respect to widely-used
operating systems and networks. The design and
architecture of an intrusion detection system built
from distri... / Intelligent Agents for Intrusion Detection Guy G. Helmer br This paper focuses on intrusion detection and countermeasures with
9 Detecting Anomalous and Unknown Intrusions Against Programs - Ghosh, Wanken, Charron (1998)(Correct)
The ubiquity of the Internet connection to desktops
has been both boon to business as well as cause
for concern for the security of digital assets that
may be unknowingly exposed. Firewalls have been
... / has been boon to commercial intrusion detection tools. Two general br has led to the growth of the intrusion detection software industry.
9 Selecting Examples for Partial Memory Learning - Maloof, Michalski (2000)(Correct)
This paper describes a method for selecting training examples for a partial memory
learning system. The method selects extreme examples that lie at the boundaries of concept
descriptions and uses th... / problem and a computer intrusion detection problem. Experimental br and computer intrusion detection Maloof Michalski
9 Intrusion Detection with Neural Networks - Ryan, Lin, Miikkulainen (1998)(Correct)
With the rapid expansion of computer networks during the past few years, security has become a crucial issue for modern computer systems. A good way to detect illegitimate use is through monitoring un... / Intrusion Detection with Neural Networks Jake br user activity. Methods of intrusion detection based on hand-coded rule
9 State of the Practice of Intrusion Detection Technologies - Allen, al. (2000)(Correct)
Attacks on the nation's computer infrastructures are a serious problem. Over the past 12 years, the growing number of computer security incidents on the Internet has reflected the growth of the Intern... / State of the Practice of Intrusion Detection Technologies Julia Allen br State of the Practice of Intrusion Detection Technologies
9 Forward-Secure Signatures with Optimal Signing and Verifying - Itkis, Reyzin (2001)(Correct)
We propose the rst forward-secure signature scheme for unknown Forward-Secure Signatures
with Optimal Signing and Verifying
Gene Itkis
and Leonid Reyzin
Boston University Computer Science Dept.... / of the old keys and proper intrusion detection are non-trivial tasks. br perform such deletion and intrusion detection certainly more reasonable
9 STATL: An Attack Language for State-based Intrusion Detection - Eckmann, Vigna, Kemmerer (2000)(Correct)
STATL is an extensible state/transition-based attack description language designed to support intrusion detection. The
language allows one to describe computer penetrations as sequences of actions th... / Language for State-based Intrusion Detection Steven T. Eckmann br language designed to support intrusion detection. The language allows one
8 Towards a Model of Storage Jamming - McDermott, Goldschlag (1996)(Correct)
Storage jamming can degrade real-world activities that share stored data. Storage jamming is not prevented by access controls or cryptographic techniques. Verification to rule out storage jamming logi... / to the problem the various intrusion detection approaches will not work
8 Experiences with Tripwire: Using Integrity Checkers for Intrusion.. - Kim, Spafford (1994)(Correct)
Tripwire is an integrity checking program written for
the UNIX environment. It gives system administrators
the ability to monitor file systems for added,
deleted, and modified files. Intended to aid i... / Using Integrity Checkers for Intrusion Detection Purdue Technical br files. Intended to aid intrusion detection Tripwire was officially
8 Holding Intruders Accountable on the Internet - Staniford-Chen, Heberlein (1994)(Correct)
This paper addresses the problem of tracing intruders
who obscure their identity by logging through a
chain of multiple machines. After discussing previous
approaches to this problem, we introduce thu... / After installation of an intrusion detection tool they detected br In the context of distributed intrusion detection systems such as DIDS
8 Storage Jamming - McDermott, Goldschlag (1996)(Correct)
this paper is to define storage jamming. We also discuss our work to date on
possible defenses against it; in order to make the case that there are solutions. In the next section
we discuss the nature... /
7 A Taxonomy of Security Faults in the Unix Operating System - Aslam (1995)(Correct)
ix
0.1 An Overview of Software Testing Methods : : : : : : : : : : : : : : : 2
0.2 Provable Security and Formal Methods : : : : ... / audit analysis of systems intrusion detection and fault detection. We br that can be used by an intrusion detection system to detect intrusions
7 A Standard Audit Trail Format - Matt Bishop (1995)(Correct)
this paper,
but as we claim the format is general enough for all purposes, this serves as one way to test our
claim. The log records subject identifier, action performed, 2 security-relevant parameter... / Consider for example intrusion detection over a network. In this br network. In this scenario an intrusion detection system IDS monitors
7 Abstraction-Based Misuse Detection: High-Level Specifications and.. - Lin, Wang, Jajodia (1998)(Correct)
ion-Based Misuse Detection:
High-Level Specifications and Adaptable Strategies
Jia-Ling Lin, X. Sean Wang, Sushil Jajodia
Center for Secure Information Systems
George Mason University, Fairfax, VA 220... / are made to the file. The intrusion detection system instead of the br common problem with existing intrusion detection systems is that the
7 An Immunological Model of Distributed Detection and Its Application.. - Hofmeyr (1999)(Correct)
This dissertation explores an immunological model of distributed detection, called negative detection,
and studies its performance in the domain of intrusion detection on computer networks. The goal o... / performance in the domain of intrusion detection on computer networks. The br model is applied to network intrusion detection. The system monitors TCP
7 IDIOT - Users Guide. - Crosbie, Dole, Ellis, Krsul, Spafford (1996)(Correct)
This manual gives a detailed technical description of the IDIOT intrusion detection system from the COAST Laboratory at Purdue University. It is intended to help anyone who wishes to use, extend or te... / description of the IDIOT intrusion detection system from the COAST br with security issues and intrusion detection in particular is assumed.
6 Principles of a Computer Immune System - Somayaji (1997)(Correct)
Natural immune systems provide a rich source of inspiration for computer security in the age of the Internet. Immune systems have many features that are desirable for the imperfect, uncontrolled, and ... / in purpose to traditional intrusion-detection systems although we br . D. E. Denning. An intrusion detection model. In IEEE
6 Forward Integrity For Secure Audit Logs - Bellare, Yee (1997)(Correct)
In this paper, we define the forward integrity security property, motivate its appropriateness
as a systems security requirement, and demonstrate designs that achieve this property. Applications
inclu... / e.g.syslogd data for intrusion detection or accountability br detectable by basic intrusion detection auditing techniques. It
6 A Secure and Reliable Bootstrap Architecture - Arbaugh, Farber, Smith (1997)(Correct)
In a computer system, the integrity of lower layers is
treated as axiomatic by higher layers. Under the presumption
that the hardware comprising the machine
(the lowest layer) is valid, integrity of a... / such as Internet commerce intrusion detection systems and active br elements such as switches intrusion detection monitors or associated
6 Mining in a Data-flow Environment: Experience in Network Intrusion.. - Lee, Stolfo, Mok (1999)(Correct)
In this paper we discuss the KDD process in "data-flow" environments, where unstructured and
time dependent data can be processed into various levels of structured and semantically-rich forms
for anal... / Experience in Network Intrusion Detection Wenke Lee Salvatore br analysis tasks. Using network intrusion detection as a concrete application
6 From Laboratory to Warehouse: Security Robots Meet the Real World - Everett, Gage (1999)(Correct)
The MDARS robotic security program has successfully demonstrated simultaneous control of multiple
robots navigating autonomously within an operational warehouse environment. This real-world
warehous... / to provide an automated intrusion detection and inventory assessment br sensors for navigation and intrusion detection. The
6 Research in Intrusion-Detection Systems: A Survey - Axelsson (1998)(Correct)
There is currently need for an up-to-date and thorough survey of the research in the eld of computer and network intrusion detection. This paper presents such a survey, with a taxonomy of intrusion de... / Research in Intrusion-Detection Systems A Survey br eld of computer and network intrusion detection. This paper presents such
6 Mobile Agents In Intrusion Detection And Response - Jansen, Mell, Karygiannis, Marks (2000)(Correct)
Effective intrusion detection capability is an elusive goal, not solved easily or with a single mechanism.
However, mobile software agents go a long way toward realizing the ideal behavior desired in ... / Mobile Agents In Intrusion Detection And Response W. br Abstract Effective intrusion detection capability is an elusive
6 Intrusion Detection Applying Machine Learning to Solaris Audit Data - Endler (1998)(Correct)
An Intrusion Detection System (IDS) seeks to identify unauthorized access to computer systems' resources and data. The most common analysis tool that these modern systems apply is the operating system... / Intrusion Detection Applying Machine Learning br Abstract An Intrusion Detection System IDS seeks to
5 The Design of GrIDS: A Graph-Based Intrusion Detection System - Cheung, Crawford, Dilger, Frank.. (1999)(Correct)
This report documents the design of the Graph-based Intrusion Detection System (GrIDS) in reasonable detail. It is intended as a guide to people who wish to understand the implementation, or who have ... / of GrIDS A Graph-Based Intrusion Detection System Steven Cheung br the design of the Graph-based Intrusion Detection System GrIDS in
5 Using Program Behavior Profiles for Intrusion Detection - Ghosh, Schwartzbard, Schatz (1999)(Correct)
Intrusion detection and response has traditionally been performed at the network and host levels. That is, intrusion monitors will typically analyze network packet logs or host machine audit logs for ... / Program Behavior Profiles for Intrusion Detection Anup K. Ghosh Aaron br www.rstcorp.com Abstract Intrusion detection and response has
5 Use of A Taxonomy of Security Faults - Aslam, Krsul, Spafford (1996)(Correct)
Security in computer systems is important so as to
ensure reliable operation and to protect the integrity
of stored information. Faults in the implementation
of critical components can be exploited to... / audit analysis of systems intrusion detection and fault detection. We br in the development of intrusion detection patterns for the COAST
5 A Taxonomy of UNIX System and Network Vulnerabilities - Bishop (1995)(Correct)
Ambrose Bierce defined ``history'' as ``a record of mistakes made in the past, so we shall know when we make them again.'' Although sardonic, his definition describes the state of affairs of computer ... / The second was the advent of intrusion detection systems first proposed in br against systems and the intrusion detection mechanisms would look for
5 Protecting Routing Infrastructures from Denial of Service Using.. - Cheung, Levitt (1997)(Correct)
We present a solution to the denial of service problem
for routing infrastructures. When a network
suffers from denial of service, packets cannot reach
their destinations. Existing routing protocols a... / of Service Using Cooperative Intrusion Detection Steven Cheung br i.e.an expansive view of intrusion detection approach to protect
5 The Application Of Neural Networks To UNIX Computer Security - Tan (1995)(Correct)
Computer security can be divided into two distinct areas, preventive security and the detection of security violations.
Of the two, a greater degree of research and emphasis has been applied to preven... / LANL Network Security Intrusion Detection Network Security
5 Applying Genetic Programming to Intrusion Detection - Crosbie, Spafford (1995)(Correct)
This paper presents a potential solution to the intrusion
detection problem in computer security. It uses
a combination of work in the fields of Artificial Life
and computer security. It shows how an ... / Genetic Programming to Intrusion Detection Mark Crosbie Prof. Gene br a potential solution to the intrusion detection problem in computer
5 Automated Response Using System-Call Delays - Anil Somayaji Dept (2000)(Correct)
Automated intrusion response is an important unsolved
problem in computer security. A system called pH (for
process homeostasis) is described which can successfully
detect and stop intrusions before t... / detection e.g.virus and intrusion detection Response has been an br email. Commercial intrusion detection systems IDSs are capable
5 A Framework for Constructing Features and Models for Intrusion.. - Lee, Stolfo (2000)(Correct)
This paper describes a novel framework, MADAM ID, for Mining Audit Data for
Automated Models for Intrusion Detection. This framework uses data mining algorithms to compute
activity patterns from syste... / Features and Models for Intrusion Detection Systems Wenke Lee North br Stolfo Columbia University Intrusion detection ID is an important
5 Design and Implementation of a Scalable Intrusion Detection System.. - Jou Gong Sargor (2000)(Correct)
This paper presents the design, implementation,
and experimentation of the JiNao intrusion detection
system (IDS) which focuses on the protection of the
network routing infrastructure. We used Open Sh... / Implementation of a Scalable Intrusion Detection System for the Protection br experimentation of the JiNao intrusion detection system IDS which focuses
5 Intrusion Detection Inter-component Adaptive Negotiation - Feiertag, Benzinger, Rho, Wu.. (1999)(Correct)
The Intrusion Detection System (IDS) community is developing better techniques for collecting and analyzing data in order to handle intrusions in large, distributed environments [1, 5, 6]. To take adv... / Intrusion Detection Inter-component Adaptive br C - Abstract The Intrusion Detection System IDS community is
5 Personal Security Assistance for Secure Internet Commerce - Rasmusson, Janson (1996)(Correct)
In this paper we discuss the approach of using a personal security assistant for interacting with mobile agents visiting your computer. Current agent security approaches are often based on trust in an... / a lot from the work done in intrusion detection in computer systems br in computer systems Intrusion detection concerns nding activities
5 A High-Performance Network Intrusion Detection System - Sekar, Guang, Verma, Shanbhag (1999)(Correct)
In this paper we present a new approach for network intrusion
detection based on concise specifications that characterize normal
and abnormal network packet sequences. Our specification
language is ge... / A High-Performance Network Intrusion Detection System R. Sekar Y. br a new approach for network intrusion detection based on concise
4 Towards Distributed and Dynamic Network Management - Sahai, Morin (1998)(Correct)
In this paper we describe a distributed and dynamic architecture
for network management of a heterogeneous distributed system which
we have implemented in order to perform network management of our ... / changing problems like intrusion detection the management policies
4 Authorship Analysis: Identifying The Author of a Program - Krsul (1996)(Correct)
In this paper we show that it is possible to identify the author of a piece of software by looking at stylistic characteristics of C source code. We also show that there exist a set of characteristics... / modules and real time intrusion detection systems can be enhanced to br process. . Real-time intrusion detection systems could be enhanced
4 Access Control: The Neglected Frontier - Sandhu (1996)(Correct)
Access control is an indispensable security technology. However, it has been relatively neglected by the research community. Over the past ten years, the doctrine of mandatory and discretionary acce... / control authentication intrusion detection and recovery risk analysis
4 Adaptability Using Reflection - Sonntag, Härtig, Kowalski.. (1994)(Correct)
Adaptability, i.e. the ability of a system to adapt dynamically
to changes in its execution environment, is
considered as an important property of computer systems.
Scaling directory replication in na... / employed in some systems for intrusion detection. The detection of suspect
4 A Data Mining Framework for Adaptive Intrusion Detection - Lee, Stolfo, Mok (1998)(Correct)
In this paper we describe a data mining framework for constructing intrusion detection models.
The key ideas are to mine system audit data for consistent and useful patterns of program and user
behavi... / Framework for Adaptive Intrusion Detection Wenke Lee Salvatore br framework for constructing intrusion detection models. The key ideas are
4 Evolving Event-Driven Programs - Crosbie, Spafford (1996)(Correct)
This paper examines how Genetic Programming
has shortcomings in an event-driven environment.
The need for event-driven programming is motivated
by some examples. We then describe the
difficulty in han... / occur. . Intrusions and Intrusion Detection Computer security is br must have some form of intrusion detection system IDS installed.
4 Requirements Definition for Survivable Network Systems - Linger, Mead, Lipson (1997)(Correct)
Pervasive societal dependency on large-scale,
unbounded network systems, the substantial risks of
such dependency, and the growing sophistication of
system intruders, have focused increased attenti... / services with automated intrusion detection and recovery times br state-of-the-art work in intrusion detection but also more mundane but
4 Security in Clinical Information Systems - Dr Ross Anderson (1996)(Correct)
this document deals only with the clinical aspects of information security,
and not with associated business aspects such as the commercial confidentiality
of purchaser and provider contract data. and... / than the postal service intrusion detection systems can log accesses
4 A Method of Tracing Intruders by Use of Mobile Agents - Asaka, Okazawa, TAGUCHI, GOTO (1999)(Correct)
A network intrusion detection system (IDA) retrieves information
related to intrusions from target systems across the network by using
mobile agents. Simultaneously, the agents trace the intruder... / Abstract. A network intrusion detection system IDA retrieves br been developing a network intrusion detection system IDS called the
3 Computer Vulnerability Analysis - Krsul (1997)(Correct)
Computer security professionals and researchers do not have a history of sharing and analyzing computer vulnerability information. Scientists and engineers from older or more established fields have l... / detection mechanisms the intrusion detection work done by Kumar et al. br in industry that market intrusion detection systems require
3 Security Policy Specification Using a Graphical Approach - Hoagland, Pandey, Levitt (1998)(Correct)
this paper. 1. We use "system" generally here. It can be almost anything on a computer that contains some sort of entities and can be interacted with or can be seen as executing. Some examples are: a ... / or after the fact with an intrusion detection system and other br by an application such as an intrusion detection system that would scan over
3 Intrusion Detection Based on Structural Zeroes - Theus, Schonlau (1998)(Correct)
A method for computer intrusion detection is proposed.
It uses command-level data and is based on structural zeroes
of user/command contingency tables. More specifically,
it is based on commands that ... / Intrusion Detection Based on Structural Zeroes br A method for computer intrusion detection is proposed. It uses
3 AudES - an Expert System for Security Auditing - Tsudik, Summers (1988)(Correct)
Computer security auditing constitutes an important part of
any organization's security procedures. Because of the many
inadequacies of currently used manual methods, thorough and
timely auditing is o... / security auditing and intrusion detection. This paper presents an br . D. E. Denning An Intrusion-Detection Model IEEE Transactions
3 BPF+: Exploiting Global Data-flow Optimization in a Generalized.. - Begel, McCanne, Graham (1999)(Correct)
A packet filter is a programmable selection criterion for classifying
or selecting packets from a packet stream in a generic, reusable
fashion. Previous work on packet filters falls roughly into two c... / like network monitoring and intrusion detection however require both br firewall filtering and intrusion detection The earliest
3 CEDMOS: Complex Event Detection and Monitoring System - Baker, Cassandra, Rashid (1999)(Correct)
cedmos is the Composite Event Detection and Monitoring
System developed for DARPA by MCC. cedmos recognizes
patterns of events called complex events according to user--
authored event specification... / . . . Network Intrusion Detection . br patterns or security e.g.intrusion detection are two of the many
3 A Preliminary Attempt to Apply Detection and Estimation Theory to.. - Department (2000)(Correct)
Research into the automated detection of computer security violations is hardly in its infancy, yet little comparison has been made with the established field of detection and estimation theory, the r... / and Estimation Theory to Intrusion Detection Stefan Axelsson br studying the problem of intrusion detection by the use of the
3 Detecting Stepping Stones - Zhang, Paxson (2000)(Correct)
One widely-used technique by which network attackers attain
anonymity and complicate their apprehension is by employing
stepping stones: they launch attacks not from their own
computer but from inter... / While as with most forms of intrusion detection with enough diligence br . Accuracy As with intrusion detection in general we face the
3 Detecting Backdoors - Zhang, Paxson (2000)(Correct)
Backdoors are often installed by attackers who have compromised
a system to ease their subsequent return to the system.
We consider the problem of identifying a large class of
backdoors, namely those ... / network traffic using an intrusion detection system IDS where we br In general network intrusion detection becomes much more
3 Architecture for an Artificial Immune System - Hofmeyr, Forrest (2000)(Correct)
An artificial immune system (ARTIS) is described which incorporates many properties of
natural immune systems, including diversity, distributed computation, error tolerance, dynamic
learning and ada... / in the form of a network intrusion detection system called LISYS. LISYS br and implemented LISYS an intrusion detection system that monitors
3 The STAT Tool Suite - Vigna, Eckmann, Kemmerer (2000)(Correct)
This paper describes a suite of intrusion detection tools
developed by the Reliable Software Group at UCSB. The
tool suite is based on the State Transition Analysis Technique
(STAT), in which compute... / paper describes a suite of intrusion detection tools developed by the br and tailored to perform intrusion detection in different domains and
3 Software Tamper Resistance: Obstructing Static Analysis of Programs - Wang, Hill, Knight, Davidson (2000)(Correct)
In this paper we address the problem of protecting trusted software on untrusted hosts by code obfuscation.
We address one aspect of the problem, namely obstructing static analysis of programs.
The p... / it arises for example in intrusiondetection systems. The parts of the br systems. The parts of the intrusion-detection system that record events
3 Toward Cost-Sensitive Modeling for Intrusion Detection - Lee (2000)(Correct)
Intrusion detection systems need to maximize security while minimizing costs. In this paper, we
study the problem of building cost-sensitive intrusion detection models. We examine the major cost
fac... / Cost-Sensitive Modeling for Intrusion Detection Wenke Lee Computer br Abstract Intrusion detection systems need to maximize
3 Mining Frequent Itemsets Using Support Constraints - Wang, He, Han (2000)(Correct)
Interesting patterns often occur at varied levels
of support. The classic association mining
based on a uniform minimum support, such
as Apriori, either misses interesting patterns
of low support ... / frequent itemsets to build intrusion detection models LSM to con- br Mining audit data to build intrusion detection models. KDD -
3 The Implementation of IDA: An Intrusion Detection Agent System - Midori Asaka Ipa(Correct)
At the Information-technology Promotion Agency (IPA), we have
been developing a network intrusion detection system we have named
IDA (for the Intrusion Detection Agent system). IDA has two distin... / The Implementation of IDA An Intrusion Detection Agent System Midori br been developing a network intrusion detection system we have named IDA
3 Anomaly Detection over Noisy Data using Learned Probability.. - Eskin (2000)(Correct)
Traditional anomaly detection techniques focus on detecting anomalies in new data after training on normal (or clean) data. In this paper we present a technique for detecting anomalies without trainin... / technique is applied to intrusion detection by examining intrusions br is an important problem in intrusion detection Denning Intrusion
3 Self-Securing Storage: Protecting Data in Compromised Systems - Strunk, Goodson, Scheinholtz.. (2000)(Correct)
Self-securing storage prevents intruders from undetectably tampering with or permanently deleting stored data. To accomplish this, self-securing storage devices internally audit all requests and keep ... / techniques can extend the intrusion detection window oered by br discovered by an automated intrusion detection system IDS or by a
3 Intrusion Detection Systems and Multisensor Data Fusion - Bass (2000)(Correct)
This article provides a brief review of ID concepts
and terms, an overview of the art and science of multisensor
data-fusion technology, and introduces the ID
systems data-mining environment as a comp... / v No. Intrusion Detection Systems And br Next-generation cyberspace intrusion detection ID systems will require
3 Training a Neural-Network Based Intrusion Detector to Recognize Novel .. - And (2000)(Correct)
While many commercial Intrusion Detection Systems (IDS) are deployed, the protection they afford is modest. At the state-of-the-art, IDS produce voluminous alerts, most false alarms, and function main... / While many commercial Intrusion Detection Systems IDS are br the original concept for an intrusion detection system was an anomaly
3 Information-Theoretic Measures for Anomaly Detection - Lee, Xiang (2001)(Correct)
Anomaly detection is an essential component of the protection mechanisms against novel attacks. In this paper, we propose to use several information-theoretic measures, namely, entropy, conditional en... / measures. Introduction Intrusion detection systems IDSs is an br The two main techniques for intrusion detection ID are misuse detection
3 Identification of Host Audit Data to Detect Attacks on Low-level IP.. - Daniels, Spafford (1998)(Correct)
Conventional host-based and network-based intrusion and misuse detection systems have concentrated on detecting
network-based and internal attacks, but little work has addressed host-based detection o... / vulnerabilities effective intrusion detection systems IDS are needed br July . Intrusion Detection Systems Three basic
3 Generation of Application Level Audit Data via Library Interposition - Kuperman, Spafford (1999)(Correct)
One difficulty encountered by intrusion and misuse detection systems is a lack of application level audit data. Frequently, applications used are written by third parties and may be distributed only i... / Motivation Researchers in Intrusion detection have stated Kumar br by software developers in the intrusion detection community for an increase
3 Characteristics of Network Traffic Flow Anomalies - Paul Barford And (2001)(Correct)
INTRODUCTION
One of the primary tasks of network administrators
is monitoring routers and switches for anomalous traffic
behavior such as outages, configuration changes, flash
crowds and abuse. Recog... / to this is the development of intrusion detection tools such as Bro br and O. Niggemann Supporting intrusion detection by graph clustering and
3 A Specification-Based Approach for Building Survivable Systems - Sekar Yong Cai (1998)(Correct)
Survivable information systems continue to perform their mission in the face of spontaneous faults, as well
as malicious attacks. To build such systems, it is necessary to detect and isolate problems... / framework. Keywords intrusion detection survivable systems br Several such techniques for intrusion detection have been developed
3 Synthesizing Fast Intrusion Prevention/Detection Systems from.. - Sekar, Uppuluri (1999)(Correct)
To build survivable information systems (i.e., systems
that continue to provide their services in spite of coordinated
attacks), it is necessary to detect and isolate intrusions
before they impact sy... / useful for many other intrusion detection methods that employ br behavior as needed for intrusion detection or prevention. ffl In
3 Middleware Support for Voting and Data Fusion - Zhiyuan (2001)(Correct)
Middleware is a class of software systems above the operating system which is becoming widely used for programming distributed systems. Voting is a fundamental operation when distributed systems invol... / increasingly prevalent and intrusion detection systems which are br to support features such as intrusion detection. . Basic Voter
3 An Update on the BMA Security Policy - Anderson (1996)(Correct)
In this article, we attempt to step back from the current dispute between the BMA and the government and describe it as a whole. We give a brief account of the origins and development of the BMA secur... / have very strong auditing and intrusion detection systems a deterrent that br and credible . As an intrusion detection mechanism Simmons
2 Reactive Security and Social Control - Lars Rasmusson (1996)(Correct)
o be useful it may
have to be granted access to information that it
Email: flra, ara, sverkerg@sics.se
potentially can misuse. There is a notion of risk
involved in dealing with untrusted code, a... / security and intrusion detection. The term reactive
2 Sleepy Network-Layer Authentication Service for IPSEC - Shyhtsun Wu (1996)(Correct)
Network-layer authentication security services are typically
pessimistic and static. A conservative IP security gateway checks/verifies
the authentication information for every packet it forwards. T... / security mechanism or an intrusion detection module to protect the br When no application or intrusion detection system complains about
2 Learning Evolving Concepts Using Partial-Memory Approach - Maloof, Michalski (1995)(Correct)
This paper addresses the problem of learning evolving
concepts, that is, concepts whose meaning gradually
evolves in time. Solving this problem is important to
many applications, for example, building... / problem of computer system intrusion detection. The results show br vision systems and computer intrusion detection systems. Many of the
2 An Approach to UNIX Security Logging - Axelsson, Lindqvist, Gustafson.. (1998)(Correct)
Off-line intrusion detection systems rely on logged data. However, the logging mechanism may be
complicated and time-consuming and the amount of logged data tends to be very large. To counter
these pr... / Abstract Off-line intrusion detection systems rely on logged br be incorporated into an intrusion-detection system IDS and by its
2 Analysis of an Algorithm for Distributed Recognition and.. - Ko, Frincke, Goan, Jr., Heberlein.. (1993)(Correct)
Computer and network systems are vulnerable to attacks.
Abandoning the existing huge infrastructure of
possibly-insecure computer and network systems is impossible,
and replacing them by totally secur... / the future particularly in intrusion-detection systems. Introduction br account names single-host Intrusion Detection Systems IDS having a
2 A Comparison of Test Statistics for Computer Intrusion Detection.. - DuMouchel, Schonlau (1998)(Correct)
One method of detecting an unauthorized user masquerading as a registered user is to compare in real time the sequence of commands given by each user to a profile of that user's past behavior. Our pro... / Test Statistics for Computer Intrusion Detection Based on Principal br Introduction. In computer intrusion detection one attempts to identify