This directory is created automatically and some papers may be mislabeled. Only document within the CiteSeer database are listed. The directory is intended to provide entry points for browsing the database and is not intended to be authoritative. Papers may not appear in all relevant categories. For example, papers in a sub-category may not appear in higher level categories.
Indexing Weighted-Sequences in Large Databases - Wang, Perng, Fan, Park, Yu (2003)(Correct)
We present an index structure for managing weightedsequences
in large databases. A weighted-sequence is defined
as a two-dimensional structure where each element in
the sequence is associated with a w... / database management network intrusion detection etc. Recently the field
A Group Membership Protocol For An Intrusion-Tolerant Group.. - Ramasamy (2002)(Correct)
Group Communication Systems have been developed to address the problem of maintaining consistency of replicated information. This thesis describes the research work that resulted in the design, develo... / middleware large-scale intrusion detection systems dependable trusted
Distributed Pattern Detection for Intrusion Detection - Krügel, Toth (2002)(Correct)
Evidence of attacks against a network and its resources is often scattered over several hosts. Intrusion detection systems therefore have to collect and correlate information from different sources. F... / Pattern Detection for Intrusion Detection Christopher Krugel br scattered over several hosts. Intrusion detection systems therefore have to
Parzen-Window Network Intrusion Detectors - Calvin (2002)(Correct)
Network intrusion detection is the problem of detecting anomalous network connections caused by intrusive activities. Many intrusion detection systems proposed before use both normal and intrusion dat... /
A Recursive Session Token Protocol For Use in Computer Forensics and.. - Clay (2002)(Correct)
We introduce a new protocol designed to assist in the forensic investigation of malicious network-based activity, specifically addressing the stepping-stone scenario in which an attacker uses a chain ... / was intended to perform an intrusion detection function so that br use by network gateways and Intrusion Detection Systems IDS When the IP
Ensemble Learning for Intrusion Detection in - Luca (2002)(Correct)
The security of computer networks plays a strategic role in modern computer systems. In order to enforce high protection levels against threats, a number of software tools are currently developed. Int... /
A Component-Based Event-Driven Interactive Visualization Software.. - Erbacher (2002)(Correct)
This paper describes our research to develop an effective
visualization environment for real-time intrusion detection
and the resultant architecture. The environment requirements
necessitate that effe... / environment for real-time intrusion detection and the resultant br architecture for our intrusion detection environment This
When Ants Attack: Security Issues for Stigmergic Systems - Weilin Zhong And (2002)(Correct)
Stigmergic systems solve global problems by
using indirect communication mediated by an
environment. Because they are localized and
dynamic, stigmergic systems are self-organizing,
robust and adaptive... / White distributed intrusion detection and response Fenet br Hassas. A distributed Intrusion Detection and Res onse System
Mimicry Attacks on Host-Based Intrusion Detection Systems - Wagner, Soto (2002)(Correct)
We examine several host-based anomaly detection systems and study their security against evasion attacks. First, we introduce the notion of a mimicry attack, which allows a sophisticated attacker to c... / Mimicry Attacks on Host-Based Intrusion Detection Systems David br call for further research on intrusion detection from both attacker's and
Report on a Working Session on Security in Wireless Ad Hoc Networks - Buttyán, Hubaux (2002)(Correct)
Most proposed routing protocols for mobile ad
hoc networks are vulnerable to modification, impersonation
and fabrication attacks. The proposed secure rout8
Mobile Computing and Communications Review,... / Secure routing and intrusion detection. Existing ad hoc routing br focused on the problem of intrusion detection in ad hoc networks.
Using CSP to detect Insertion and Evasion Possibilities within the.. - Rohrmair, Lowe (2002)(Correct)
In this paper we will demonstrate how one can model and analyse Intrusion
Detection Systems (IDSs) and their environment using the process algebra
Communicating Sequential Processes (CSP) [11, 21] a... / Possibilities within the Intrusion Detection Area Gordon Thomas br one can model and analyse Intrusion Detection Systems IDSs and their
What do we mean by Network Denial of Service? - Shields (2002)(Correct)
Recent network denial-of-service attacks have
brought about awareness of the vulnerability of increasingly
important network services. While denial of service is not
a new problem, and some of the net... / of methods of foiling intrusion detection systems. They cite a br of Service Using Cooperative Intrusion Detection in Proceedings of the
Current approaches to detecting intrusions - Gonzalez (2002)(Correct)
Before the flourishing of the Internet, computers were limited to the walls of the organization where computers were linked to each other but had little contact with computer systems outside. Now, we ... / with the implementation of Intrusion Detection Systems IDS and Incident br Strategies. However existent intrusion detection systems are generally
Intrusion Detection: A Bibliography - Mé, Michel (2001)(Correct)
This document contains more than 600 references, dated from 1980 to 2001. We undoubtedly have forgotten some important citations, either through oversight or ignorance. Moreover, errors may remain in ... / Intrusion Detection A Bibliography Ludovic br references relating to intrusion detection. Intrusion detection is
Automated Discovery of Concise Predictive Rules for Intrusion.. - Helmer, Wong, Honavar, Miller (2001)(Correct)
This paper details an essential component of a multi-agent distributed knowledge network system for intrusion detection. We describe a distributed intrusion detection architecture, complete with a dat... / Concise Predictive Rules for Intrusion Detection Guy Helmer Johnny br knowledge network system for intrusion detection. We describe a distributed
Intrusion Detection via Static Analysis - Wagner, Dean (2001)(Correct)
One of the primary challenges in intrusion detection is
modelling typical application behavior, so that we can recognize
attacks by their atypical effects without raising too
many false alarms. We sho... / Intrusion Detection via Static Analysis David br of the primary challenges in intrusion detection is modelling typical
Fault Tolerance in Critical Information Systems - Elder (2001)(Correct)
Critical infrastructure applications provide services upon which society depends heavily;
such applications require constant, dependable operation in the face of various failures,
natural disasters, a... / Figure Money-center bank intrusion detection alarm on event br Experiment Branch bank intrusion detection alarms
Information-Theoretic Measures for Anomaly Detection - Lee, Xiang (2001)(Correct)
Anomaly detection is an essential component of the protection mechanisms against novel attacks. In this paper, we propose to use several information-theoretic measures, namely, entropy, conditional en... / measures. Introduction Intrusion detection systems IDSs is an br The two main techniques for intrusion detection ID are misuse detection
Denial of service in public key protocols - Eronen (2001)(Correct)
Network denial of service attacks have become a widespread problem on the Internet. However, denial of service is often considered to be an implementation issue by protocol designers. In this paper I ... / by spoofed IP addresses. Intrusion detection and reaction systems aim to br or few IP addresses. To an intrusion detection system this might look like
Security in Dynamic Execution Environments - Inoue (2001)(Correct)
Trends in computer architecture and in language design and implementation are resulting in dynamic execution environments. A program's environment is the interface and implementation of the system hos... / . Application Specific Intrusion Detection . br required for optimization. Intrusion detection and optimization both rely
An Environment for Security Protocol Intrusion Detection - Yasinsac (2001)(Correct)
Secure electronic communication relies on cryptography. Even with perfect encryption, communication
may be compromised without effective security protocols for key exchange, authentication, etc. We a... / for Security Protocol Intrusion Detection Alec Yasinsac br method is based on classic intrusion detection techniques of
A glimpse into the future of ID - Bass, Gruber (2001)(Correct)
Cyberspace is a complex dimension of both enabling and inhibiting data flows in electronic data networks. Current generation intrusion detection (ID) systems are not technologically advanced enough to... / networks. Current-generation intrusion-detection systems IDSes are not br Control ITC and future intrusion-detection systems. Of course this
SAVE: Source Address Validity Enforcement Protocol - Li, Mirkovic, Wang, Reiher, Zhang (2001)(Correct)
Many network attacks forge the source address in their IP packets to block traceback. Recently, research activity
has focused on packet-tracing mechanisms to counter this deception. Unfortunately, the... / sources of an attack. Intrusion detection and network problem br is possible. Network intrusion detection has also studied how to
A Hybrid Approach to the Profile Creation and Intrusion Detection - Marin, Ragsdale, Surdu (2001)(Correct)
Anomaly detection involves characterizing the behaviors of individuals or systems and recognizing behavior that is outside the norm. This paper describes some preliminary results concerning the robust... / to the Profile Creation and Intrusion Detection Jack Marin Daniel br set. . Introduction Intrusion detection may be defined as the
A Hybrid Approach to Profile Creation and Intrusion Detection - Marin, Ragsdale, Surdu (2001)(Correct)
Anomaly detection involves characterizing the behaviors of individuals or systems and recognizing behavior that is outside the norm. This paper describes some preliminary results concerning the robust... / to Profile Creation and Intrusion Detection John A. Marin Daniel br set. . Introduction Intrusion detection may be defined as the
Middleware Support for Voting and Data Fusion - Zhiyuan (2001)(Correct)
Middleware is a class of software systems above the operating system which is becoming widely used for programming distributed systems. Voting is a fundamental operation when distributed systems invol... / increasingly prevalent and intrusion detection systems which are br to support features such as intrusion detection. . Basic Voter
Agile Monitoring for Cyber Defense - Doyle, Kohane, Long, Shrobe.. (2001)(Correct)
The Monitoring, Analysis, and Interpretation Tool Arsenal
(MAITA) seeks to support rapid construction and empirical
reconfiguration of cyber defense monitoring systems
inside the opponent decision cyc... / elements such as existing intrusion detection systems and sensors in a br alerting models in the intrusion detection literature. In the
Outlier Detection for High Dimensional Data - Aggarwal, Yu (2001)(Correct)
The outlier detection problem has important applications
in the field of fraud detection, network robustness analysis,
and intrusion detection. Most such applications are high
dimensional domains in w... / robustness analysis and intrusion detection. Most such applications are br credit card fraud network intrusion detection financial applications and
Log Auditing through Model-Checking - Roger, Goubault-Larrecq (2001)(Correct)
Log auditing is a basic intrusion detection mechanism,
whereby attacks are detected by uncovering
matches of sequences of events against signatures. We
argue that this problem is naturally expressed a... / Log auditing is a basic intrusion detection mechanism whereby attacks br it is a cornerstone of intrusion detection which relies on
Windows Performance Monitoring and Data Reduction using WatchTower.. - Knop, al. (2001)(Correct)
Michael W. Knop Praveen K. Paritosh Peter A. Dinda Jennifer M. Schopf
fknop, paritosh, pdinda, jmsg@cs.northwestern.edu
Department of Computer Science
Northwestern University
1890 Maple Avenue
Ev... / user profiling intrusion detection and br S.And Somayaji A. Intrusion Detection Using Sequences Of System
Mining Needles in a Haystack: Classifying Rare Classes via Two-Phase.. - Joshi, Agarwal (2001)(Correct)
Learning models to classify rarely occurring target classes
is an important problem with applications in network intrusion
detection, fraud detection, or deviation detection in
general. In this paper,... / with applications in network intrusion detection fraud detection or br real-life network intrusion detection dataset. Our method is
Learning Visual Models of Social Engagement - Singletary, Starner (2001)(Correct)
We introduce a face detector for wearable computers
that exploits constraints in face scale and orientation
imposed by the proximity of participants in
near social interactions. Using this method we d... / may be disrupted by the intrusion. Detection of social engagement allows
Best Practices for Secure Development - Peteanu (2001)(Correct)
this document:
http://members.rogers.com/razvan.peteanu
-2-
Revision History
Version Release Date Notes
4.03 October 12, 2001 fixed a few other typos
4.02 October 11, 2001 added a missing reference ... /
Enhancing Survivability of Security Services using Redundancy - Hiltunen, Schlichting, Ugarte (2001)(Correct)
Traditional distributed system services that provide guarantees
related to confidentiality, integrity, and authenticity enhance
security, but are not survivable since each attribute is
implemented by ... / key. Similarly an intrusion detection system IDS can be viewed br it upon function call return. Intrusion detection in general augments a
Forward-Secure Signatures with Optimal Signing and Verifying - Itkis, Reyzin (2001)(Correct)
We propose the rst forward-secure signature scheme for unknown Forward-Secure Signatures
with Optimal Signing and Verifying
Gene Itkis
and Leonid Reyzin
Boston University Computer Science Dept.... / of the old keys and proper intrusion detection are non-trivial tasks. br perform such deletion and intrusion detection certainly more reasonable
Event Recognition Beyond Signature and Anomaly - Doyle, Kohane, Long, Shrobe.. (2001)(Correct)
Notions of signature and anomaly have formed
the basis of useful methods in cyber defense, but even in
combination provide only weak evidence for recognizing
many events of interest. One can recogni... / of current methods for intrusion detection and cyber defense. br - side the lab. Intrusion detection systems report observing
Designing a Web of Highly-Configurable Intrusion Detection Sensors - Vigna, Kemmerer, Blix (2001)(Correct)
Intrusion detection relies on the information provided by a number of sensors deployed throughout the monitored network infrastructure. Sensors provide information at different abstraction levels and ... / a Web of Highly-Con gurable Intrusion Detection Sensors Giovanni Vigna br Abstract. Intrusion detection relies on the information
Mining The Top-K Frequent Itemset With Minimum Length M - Cong (2001)(Correct)
With the explosive growth of data stored in electronic form, data mining has become
essential in searching nontrivial, implicit, previously unknown and potentially useful
information from a huge amo... / census data and even network intrusion detection. Association rule mining
Symbiotic Interfaces For Wearable Face Recognition - Singletary, Starner (2001)(Correct)
We introduce a wearable face detection method that exploits constraints in face scale and orientation
imposed by the proximity of participants in near social interactions. Using this method we describ... / may be disrupted by the intrusion. Detection of social engagement allows
Characteristics of Network Traffic Flow Anomalies - Paul Barford And (2001)(Correct)
INTRODUCTION
One of the primary tasks of network administrators
is monitoring routers and switches for anomalous traffic
behavior such as outages, configuration changes, flash
crowds and abuse. Recog... / to this is the development of intrusion detection tools such as Bro br and O. Niggemann Supporting intrusion detection by graph clustering and
A Software Fault Tree Approach to Requirements Analysis of an.. - Guy Helmer Johnny (2001)(Correct)
The use of software fault trees for requirements
identification and analysis in an Intrusion Detection
System (IDS) is described. Intrusions are divided
into seven stages, following Ruiu, and a fault
... / Requirements Analysis of an Intrusion Detection System Guy Helmer br and analysis in an Intrusion Detection System IDS is described.
From Declarative Signatures to Misuse IDS - Jean-Philippe Pouzol And (2001)(Correct)
In many existing misuse intrusion detection systems, intrusion
signatures are very close to the detection algorithms. As a consequence,
they contain too many cumbersome details. Recent work have
pr... / In many existing misuse intrusion detection systems intrusion br to detect misuses. Among the intrusion detection systems IDS briefly
Indra: A Distributed Approach to Network Intrusion Detection and.. - Zhang, Janakiraman (2001)(Correct)
While advances in computer and communications technology
have made the network ubiquitous, they have also rendered networked systems
vulnerable to malicious attacks orchestrated from a distance. The... / Approach to Network Intrusion Detection and Prevention Qi Zhang br or incidental damage. Intrusion detection involves identifying
An Expert System for Analyzing Firewall Rules - Eronen, Zitting (2001)(Correct)
When deploying firewalls in an organization, it is essential to verify that the firewalls are configured properly. The problem of finding out what a given firewall configuration does occurs, for insta... / has been in the field of intrusion detection. Axelsson's survey br Stefan Axelsson. Intrusion detection systems A taxonomy and
Applying Mobile Agent Technology to Intrusion Detection - Krügel, Toth (2001)(Correct)
The increasing number of network security related incidents makes it necessary for organizations to actively protect their sensitive data with the installation of intrusion detection systems (IDS). Au... / Mobile Agent Technology to Intrusion Detection Christopher Kr ugel br data with the installation of intrusion detection systems IDS Autonomous
Adele: An Attack Description Language For Knowledge-Based Intrusion.. - Michel, Mé (2001)(Correct)
ADeLe is an attack description language designed to model a database of known attack scenarios. As the descriptions might contain executable attack code, it allows one to test the efficiency of given ... / Language For Knowledge-Based Intrusion Detection C Edric Michel br Keywords Intrusion detection attack description
"Why 6?" Defining the Operational Limits of stide, an Anomaly-Based.. - Tan, Maxion (2001)(Correct)
The detection of masqueraders and novel attacks are two of the more difficult
problems facing intrusion detection systems. While anomaly-based intrusion
detection approaches appear to be among the mos... / difficult problems facing intrusion detection systems. While br systems. While anomaly-based intrusion detection approaches appear to be
SITAR: A Scalable Intrusion-Tolerant Architecture for Distributed.. - Feiyi Wang Fengmin (2001)(Correct)
This paper presents a intrusion tolerant architecture
for distributed services, especially COTS servers. It
is motivated by two observations: First, no security precautions
can guarantee that a system... / Intrusion tolerance intrusion detection and response distributed br Fengmin Gong is with Intrusion Detection Technology Division of
Application-Level Survivability: Resumable FTP - Grzywa, Yurcik, Brumbaugh (2001)(Correct)
Internet attacks are moving up the protocol stack to the
application layer, effectively blinding lower-layer security
prevention and detection techniques. It has been estimated
that 40% of unplanned s... / firewall and go undetected by intrusiondetection systems. In br allows creation of an active intrusion detection system that can be used to
Translating Snort rules to STATL scenarios - Eckmann (2001)(Correct)
that they include signatures for some collection of known attacks, and monitor an event stream looking for instances
of any signature in their collection. There is an enormous duplication of effort w... /
Pattern Extraction for Time Series Classification - Geurts (2001)(Correct)
In this paper, we propose some new tools to allow machine learning classifiers to cope with time series data. We first argue that many time-series classification problems can be solved by detecting an... / recognition of gestures intrusion detection.In spite of this it is
Analysis of a Statistics Counter Architecture - Devavrat Shah Sundar (2001)(Correct)
Packet switches (e.g., IP routers, ATM switches and Ethernet
switches) maintain statistics for a variety of reasons: performance monitoring,
network management, security, network tracing, and traffic ... / stateful firewalling intrusion detection performance monitoring
Visual Traffic Monitoring and Evaluation - Erbacher (2001)(Correct)
As computer networks and associated infrastructures become ever more important to the nation's commerce and
communication, it is becoming exceedingly critical that these networks be managed effectivel... / is derived from our work on intrusion detection and our realization
Dealing with Denial-of-Service Attacks in Agent-enabled Active and.. - Karnouskos (2001)(Correct)
Denial of Service (DoS) attacks is a well-known
problem with victims even among prestigious commercial
sites. Such attacks in traditional networking are difficult
to recognize and to handle. An active... / be followed. Keywords Intrusion Detection Systems Distributed br and b to handle. Today's Intrusion Detection Systems IDS are static
Detecting Novel Attacks by Identifying Anomalous Network Packet.. - Mahoney, Chan (2001)(Correct)
We describe a simple and efficient network intrusion detection algorithm that detects novel attacks by flagging anomalous field values in packet headers at the data link, network, and transport layers... / simple and efficient network intrusion detection algorithm that detects br In the DARPA off-line intrusion detection evaluation test set
Visual Behavior Characterization For Intrusion Detection In Large.. - Erbacher (2001)(Correct)
This work focuses on the visual representation of
relations towards aiding the exploration and analysis of
network intrusions. Fundamentally, the visual
representations aid an analyst in comprehending... / Characterization For Intrusion Detection In Large Scale Systems br Information Visualization Intrusion Detection Computer Security .
High Resolution Traffic Measurement - Glenn Mansfield Sandeep (2001)(Correct)
Measuring traffic at high resolution using
standard mechanisms poses several problems. In this paper
we discuss the problems and then describe the implementation
of a system that measures network traf... / NIWH traffic pattern intrusion detection. I. INTRODUCTION br Network Intrusions In Intrusion Detection Systems Packet Contents Are
Computer Intrusion: Detecting Masquerades - Schonlau, DuMouchel, Ju, Karr.. (2001)(Correct)
Masqueraders in computer intrusion detection are people who use somebody else's computer account. We investigate a number of statistical approaches for detecting masqueraders. To evaluate them, we col... / Masqueraders in computer intrusion detection are people who use somebody br Unix Introduction Intrusion detection in computer science is an
On-Line Intrusion Detection Using Sequences of System Calls - Snyder (2001)(Correct)
viii
1. unknown SYSTEM CALLS
Name: Damon Snyder
Department: Department of Computer Science
Major Professor: Robert van Engelen
Major Professor: Kyle Gallivan
Degree: Master of Science
Term Degr... / On-Line Intrusion Detection Using Sequences Of System br techniques for on-line intrusion detection. A detailed analysis of
An Experimental Study of Security Vulnerabilities Caused by Errors - Jun Xu Shuo (2001)(Correct)
This paper presents an experimental study which shows
that, for the Intel x86 architecture, single-bit control flow
errors in the authentication sections of targeted applications
can result in signifi... / encryption intrusion detection and anomaly detection br of environmental factors on intrusion detection systems Several
Use Of Passive Network Mapping To Enhance Signature Quality Of Misuse .. - Dayioglu, Ozgit (2001)(Correct)
Misuse detection systems are known to be producing high rates of false positive
alerts. High rates of false alerts adversely affect system usability and dynamic countermeasure
generation. Network misu... / Quality Of Misuse Network Intrusion Detection Systems Burak br of self-learning for network intrusion detection systems. The collected
Windows Performance Monitoring and Data Reduction using - Knop (2001)(Correct)
We describe and evaluate WatchTower, a system
that simplifies the collection of Windows performance
counter data for monitoring and usage
profiling of Windows machines. WatchTower
has overheads simila... / employee student output. Intrusion detection Unusual behavior could be br And So- Mayaji A. Intrusion Detection Using Sequences Of System
Distributed Network Defense - Frincke, Wilhite (2001)(Correct)
We propose a new paradigm for network defense: a hierarchical network of lightweight, mobile and adaptive tools combined with a distributed, collaborative intrusion detection environment. Agents are i... /
Evolution in Distributed Heterogeneous Systems - Devanbu, Wohlstadter (2001)(Correct)
Distributed, heterogeneous systems are becoming very common, as globalized organizations integrate applications
running on di#erent platforms, possibly written in di#erent languages. Component-interop... / -service monitoring for intrusion detection and administrative
Meta-Learning in Distributed Data Mining Systems: Issues and.. - Prodromidis, Chan, al. (2000)(Correct)
Data mining systems aim to discover patterns and extract useful information from facts
recorded in databases. A widely adopted approach to this objective is to apply various machine
learning algorithm... / been successfully applied to intrusion detection in network-based systems br Chan. Agentbased fraud and intrusion detection in financial information
MAFTIA - reference Model and Use Cases - Cachin, Camenisch, Dacier, Deswarte, .. (2000)(Correct)
This document constitutes the first deliverable of MAFTIA
work package 1. The objective of this work package is to define a
consistent framework for ensuring the dependability of distributed
appl... / . Multinational Intrusion Detection Systems br Figure -Intrusion-detection and Tolerance Framework
String Pattern Matching For A Deluge Survival Kit - Apostolico, Crochemore (2000)(Correct)
String Pattern Matching concerns itself with algorithmic and combinatorial issues related to matching and searching on linearly arranged sequences of symbols, arguably the simplest possible discrete s... / dynamics genome studies intrusion detection and countless other br Prediction to Data Mining Intrusion Detection and Security Protein and
Intrusion Detection Systems: A Survey and Taxonomy - Axelsson (2000)(Correct)
This paper presents a taxonomy of intrusion detection systems that is then used to survey and classify a number of research prototypes. The taxonomy consists of a classification first of the detection... / Intrusion Detection Systems A Survey and br paper presents a taxonomy of intrusion detection systems that is then used
Selecting Examples for Partial Memory Learning - Maloof, Michalski (2000)(Correct)
This paper describes a method for selecting training examples for a partial memory
learning system. The method selects extreme examples that lie at the boundaries of concept
descriptions and uses th... / problem and a computer intrusion detection problem. Experimental br and computer intrusion detection Maloof Michalski
Architecture for an Artificial Immune System - Hofmeyr, Forrest (2000)(Correct)
An artificial immune system (ARTIS) is described which incorporates many properties of
natural immune systems, including diversity, distributed computation, error tolerance, dynamic
learning and ada... / in the form of a network intrusion detection system called LISYS. LISYS br and implemented LISYS an intrusion detection system that monitors
Artificial Immune Systems: Part II - A Survey Of Applications - de Castro, Von Zuben (2000)(Correct)
this report (De Castro & Von Zuben, 1999) is intended to present the basic theory and concepts necessary for the development of immune-based systems. It brings an instructive introduction to the mamma... / immune system for network intrusion detection. br of the proposed multi-agent intrusion detection system.
Practical Network Security: Experiences with ntop - Deri, Suin (2000)(Correct)
This paper shows how ntop can also be unknown
Practical Network Security: Experiences with ntop
Luca Deri
and Stefano Suin
2
1
Finsiel S.p.A., Via Matteucci 34/b, 56124 Pisa. Email l.deri@finsi... / monitoring network security intrusion detection TCP IP. . Introduction br it into a sophisticated intrusion detection system The goal of
Detecting Intrusions in Security Protocols - Yasinsac (2000)(Correct)
Secure electronic communication relies on the application of cryptography. However, even with perfect encryption, communication may be compromised without effective security protocols for key exchange... / method is based on classic intrusion detection techniques of br protocol verification and intrusion detection. The following sections
PNrule: A New Framework for Learning Classifier Models in Data Mining .. - Agarwal, Joshi (2000)(Correct)
We have developed a new solution framework for the multi-class classification problem in data mining.
The method is especially applicable in situations where different classes have widely different d... / A Case-Study in Network Intrusion Detection Ramesh Agarwal br the technique to the Network Intrusion Detection Problem KDD-CUP' Our
Mobile Agents In Intrusion Detection And Response - Jansen, Mell, Karygiannis, Marks (2000)(Correct)
Effective intrusion detection capability is an elusive goal, not solved easily or with a single mechanism.
However, mobile software agents go a long way toward realizing the ideal behavior desired in ... / Mobile Agents In Intrusion Detection And Response W. br Abstract Effective intrusion detection capability is an elusive
A Framework for Constructing Features and Models for Intrusion.. - Lee, Stolfo (2000)(Correct)
This paper describes a novel framework, MADAM ID, for Mining Audit Data for
Automated Models for Intrusion Detection. This framework uses data mining algorithms to compute
activity patterns from syste... / Features and Models for Intrusion Detection Systems Wenke Lee North br Stolfo Columbia University Intrusion detection ID is an important
Mining Frequent Itemsets Using Support Constraints - Wang, He, Han (2000)(Correct)
Interesting patterns often occur at varied levels
of support. The classic association mining
based on a uniform minimum support, such
as Apriori, either misses interesting patterns
of low support ... / frequent itemsets to build intrusion detection models LSM to con- br Mining audit data to build intrusion detection models. KDD -
Model-Based Analysis of Configuration Vulnerabilities - Ramakrishnan, Sekar (2000)(Correct)
Vulnerability analysis is concerned with the problem of identifying weaknesses in computer systems that can
be exploited to compromise their security. In this paper we describe a new approach to vuln... / patterns for misuse intrusion detection. When vulnerabilities are br vulnerable systems is misuse intrusion detection where system use is
STATL: An Attack Language for State-based Intrusion Detection - Eckmann, Vigna, Kemmerer (2000)(Correct)
STATL is an extensible state/transition-based attack description language designed to support intrusion detection.
The language allows one to describe computer penetrations as sequences of actions th... / Language for State-based Intrusion Detection Steven T. Eckmann br language designed to support intrusion detection. The language allows one
Doing intrusion detection using embedded sensors - Zamboni (2000)(Correct)
Intrusion detection systems have usually been developed using large host-based components. These components impose an extra load on the system where they run (sometimes even requiring a dedicated syst... / Doing intrusion detection using embedded sensors br Abstract Intrusion detection systems have usually been
Transport and Application Protocol Scrubbing - Robert Malan David (2000)(Correct)
This paper describes the design and implementation of a protocol
scrubber, a transparent interposition mechanism for explicitly removing
network attacks at both the transport and application protocol ... / passive network-based intrusion detection systems whereas the br active network-based intrusion detection systems. The transport
Intrusion Detection in Wireless Ad-Hoc Networks - Zhang, Lee (2000)(Correct)
As the recent denial-of-service attacks on several major Internet
sites have shown us, no open computer network is
immune from intrusions. The wireless ad-hoc network is
particularly vulnerable due to... / Intrusion Detection in Wireless Ad-Hoc Networks br line of defense. Many of the intrusion detection techniques developed on a
Benchmarking Anomaly-Based Detection Systems - Roy Maxion Kymie (2000)(Correct)
Anomaly detection is a key element of intrusiondetection
and other detection systems in which perturbations
of normal behavior suggest the presence of intentionally
or unintentionally induced attacks,... / detection is a key element of intrusiondetection and other detection systems br characteristics. In intrusion-detection settings however this is
Detecting Backdoors - Zhang, Paxson (2000)(Correct)
Backdoors are often installed by attackers who have compromised
a system to ease their subsequent return to the system.
We consider the problem of identifying a large class of
backdoors, namely those ... / network traffic using an intrusion detection system IDS where we br In general network intrusion detection becomes much more
The STAT Tool Suite - Vigna, Eckmann, Kemmerer (2000)(Correct)
This paper describes a suite of intrusion detection tools
developed by the Reliable Software Group at UCSB. The
tool suite is based on the State Transition Analysis Technique
(STAT), in which compute... / paper describes a suite of intrusion detection tools developed by the br and tailored to perform intrusion detection in different domains and
Software Tamper Resistance: Obstructing Static Analysis of Programs - Wang, Hill, Knight, Davidson (2000)(Correct)
In this paper we address the problem of protecting trusted software on untrusted hosts by code obfuscation.
We address one aspect of the problem, namely obstructing static analysis of programs.
The p... / it arises for example in intrusiondetection systems. The parts of the br systems. The parts of the intrusion-detection system that record events
Intrusion Detection Systems & Multisensor Data Fusion: Creating.. - Bass (2000)(Correct)
Next generation cyberspace intrusion detection (ID) systems will require the fusion of data from myriad heterogeneous distributed network sensors to effectively create cyberspace situational awareness... / For Publication draft Intrusion Detection Systems Multisensor Data br Next generation cyberspace intrusion detection ID systems will require
A Preliminary Attempt to Apply Detection and Estimation Theory to.. - Department (2000)(Correct)
Research into the automated detection of computer security violations is hardly in its infancy, yet little comparison has been made with the established field of detection and estimation theory, the r... / and Estimation Theory to Intrusion Detection Stefan Axelsson br studying the problem of intrusion detection by the use of the
Active Trust Management for Autonomous Adaptive Survivable Systems - Shrobe, Doyle, Szolovits (2000)(Correct)
Contents
1 Innovative Claims 1
2 Technical Rationale 2
2.1 A Scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
2.2 Trust in Survivable Systems: An Overview . . . . ... / the application itself and intrusion detection systems. . The br traffic from outside the lab. Intrusion Detection systems report that
Framework of Multi-agents Internet Security System - Ayesh, Bechkoum (2000)(Correct)
Software agents are playing an increasing variety of roles in helping with automating Internet related tasks such as searching and electronic commerce [1]. Such agents are being used, or investigated,... / we discuss the issue of intrusion detection which is the result
Supporting Intrusion Detection by Graph Clustering and Graph Drawing - Tolle, Niggemann (2000)(Correct)
This paper presents a description of a system supporting the detection of intrusions and network anomalies by analyzing and visualising traffic flows in computer networks. The system supervises the ty... / Supporting Intrusion Detection by Graph Clustering and br detection component of an Intrusion Detection System. Events are
User-Level Infrastructure for System Call Interposition: A Platform.. - Jain, Sekar (2000)(Correct)
Several new approaches for detecting malicious attacks on computer systems and/or confining untrusted or malicious applications have emerged over the past several years. These techniques often rely on... / A Platform for Intrusion Detection and Confinement K. Jain br mechanisms as well as the intrusion detection confinement systems are
Detecting Stepping Stones - Zhang, Paxson (2000)(Correct)
One widely-used technique by which network attackers attain
anonymity and complicate their apprehension is by employing
stepping stones: they launch attacks not from their own
computer but from inter... / While as with most forms of intrusion detection with enough diligence br . Accuracy As with intrusion detection in general we face the
Toward Cost-Sensitive Modeling for Intrusion Detection - Lee (2000)(Correct)
Intrusion detection systems need to maximize security while minimizing costs. In this paper, we
study the problem of building cost-sensitive intrusion detection models. We examine the major cost
fac... / Cost-Sensitive Modeling for Intrusion Detection Wenke Lee Computer br Abstract Intrusion detection systems need to maximize
Self-Securing Storage: Protecting Data in Compromised Systems - Strunk, Goodson, Scheinholtz.. (2000)(Correct)
Self-securing storage prevents intruders from undetectably tampering with or permanently deleting stored data. To accomplish this, self-securing storage devices internally audit all requests and keep ... / techniques can extend the intrusion detection window oered by br discovered by an automated intrusion detection system IDS or by a
Building Adaptive and Agile Applications Using Intrusion Detection.. - Loyall, Pal, Schantz, Webber (2000)(Correct)
Traditional Intrusion Detection Systems (IDSs) mostly work off-line, without any direct runtime interaction or coordination with the applications (and with other IDSs) that they aim to protect. Includ... / and Agile Applications Using Intrusion Detection and Response Joseph P. br Abstract Traditional Intrusion Detection Systems IDSs mostly work
Ubiquitous and Robust Authentication Services for Ad Hoc Wireless.. - Luo, Lu (2000)(Correct)
Providing security support for large ad hoc wireless networks is challenging due to their unique
characteristics, such as mobility, channel errors, dynamic node joins and leaves, and occasional
node b... / our design works with any intrusion detection algorithms and mechanisms br studies the problem of intrusion detection in ad hoc networks. While
The Middleware Architecture of MAFTIA: A Blueprint - Verssimo, Neves, Correia (2000)(Correct)
In this paper, we present the middleware architecture of MAFTIA, an
ESPRIT project aiming at developing an open architecture for transactional
operations on the Internet. The former is a modular and... / states can be unveiled by intrusion detection as we will see ahead but br systems generically known as Intrusion Detection Systems IDS Although an
Detecting and Displaying Novel Computer Attacks with Macroscope - Cunningham, al. (2000)(Correct)
Macroscope is a network-based intrusion detection system that uses Bottleneck Verification to detect user-to-superuser attacks. Bottleneck Verification (BV) detects novel computer attacks by looking f... / is a network-based intrusion detection system that uses Bottleneck br attacks. Index terms-intrusion detection security bottleneck
Managing Distributed Systems with Smart Subscriptions - Filman, Lee (2000)(Correct)
We describe an event-based, publish and subscribe system based on using "smart subscriptions" to recognize weakly structured events. We present a hierarchy of subscription languages (propositional, pr... / -fault diagnosis intrusion detection performance analysis and br such as fault diagnosis intrusion detection performance analysis and
Detecting Network Intrusion Using a Markov Modulated Nonhomogeneous.. - Scott (2000)(Correct)
Network intrusion occurs when a criminal gains access to a customer's telephone, computer,
bank, or other type of account. Detecting network intrusion is an important problem that has
received little ... / unauthorized traffic. Network intrusion detection is of great interest to br the World Wide Web. Network intrusion detection involves monitoring the
Lightweight Agents For Intrusion Detection - Helmer, Wong, Honavar, Miller (2000)(Correct)
We have designed and implemented an intrusion detection system prototype based on mobile agents.
Our agents travel between monitored systems in a network of distributed systems, obtain information
f... / Lightweight Agents For Intrusion Detection Guy Helmer Johnny br designed and implemented an intrusion detection system prototype based on
Adaptive Model Generation for Intrusion Detection Systems - Eskin, Miller, Zhong, Yi, Lee, Stolfo (2000)(Correct)
In this paper, we present adaptive model generation, a method for automatically building detection models for data-mining based intrusion detection systems. Using the same data collected by intrusion ... / Model Generation for Intrusion Detection Systems Eleazar Eskin br models for data-mining based intrusion detection systems. Using the same
Adaptive Intrusion Detection: a Data Mining Approach - Lee, Stolfo, Mok (2000)(Correct)
In this paper we describe a data mining framework for constructing intrusion detection models. The first key idea is to
mine system audit data for consistent and useful patterns of program and user ... / Adaptive Intrusion Detection a Data Mining Approach br framework for constructing intrusion detection models. The first key idea
Collaboration Requirements: A Point of Failure in Protecting.. - Wiederhold (2000)(Correct)
There are settings where we have to collaborate
with individuals and organizations who, while not being
enemies, should not be fully trusted. Collaborators must be
authorized to access information sys... / be used to implement pure intrusion detection since it can be br efforts rapidly. B. Intrusion Detection Result checking can
Anomaly Detection over Noisy Data using Learned Probability.. - Eskin (2000)(Correct)
Traditional anomaly detection techniques focus on detecting anomalies in new data after training on normal (or clean) data. In this paper we present a technique for detecting anomalies without trainin... / technique is applied to intrusion detection by examining intrusions br is an important problem in intrusion detection Denning Intrusion
Formal Specification of a Security System Module in VDM-SL - Droschl (2000)(Correct)
Essentially, the Compileable Security System (CSS) provides access control at sites like banks.
The objective of the subsystem driver 0E (SSD-0E) is to support night guards on their way
through pre-de... / automatic door control intrusion detection and fire alarms. CSS br on duty obstacles like intrusion detection-circuits and a human
On Achieving Fast Damage Appraisal in case of Cyber Attacks - Session Ta Chandana (2000)(Correct)
After the detection of a cyber attack, damage in an affected database system needs to be appraised
immediately. For damage assessment, traditional recovery methods require the log of the affected data... / There are numerous intrusion detection techniques available today br T. F. Lunt A Survey of Intrusion Detection Techniques Computers
Towards an Active IP Accounting Infrastructure - Franco Travostino Nortel (2000)(Correct)
Traditional IP accounting infrastructures cannot
withstand the shock waves produced by voice over IP
integration, increasingly large accounting data volumes,
adaptive pricing schema that reflect resou... / sampled-e.g.for billing intrusion detection or traffic monitoring
IDS/A: An Interface between Intrusion Detection System and Application - Hutchison, Welz (2000)(Correct)
We describe a number of problems which may reduce the effectiveness of a conventional network intrusion detection system. These problems are the result of the IDS having to second-guess the components... / IDS A An Interface between Intrusion Detection System and Application br of a conventional network intrusion detection system. These problems are
Intrusion Detection Systems and Multisensor Data Fusion - Bass (2000)(Correct)
This article provides a brief review of ID concepts
and terms, an overview of the art and science of multisensor
data-fusion technology, and introduces the ID
systems data-mining environment as a comp... / v No. Intrusion Detection Systems And br Next-generation cyberspace intrusion detection ID systems will require
Probabilistic Networks with Undirected Links for Anomaly Detection - Mingming (2000)(Correct)
In this paper we present our experience in applying Bayesian probabilistic networks to intrusion detection through anomaly detection. A Bayesian network (BN) is a graphical model that can encode prior... / probabilistic networks to intrusion detection through anomaly detection. br promising performance in intrusion detection. Keywords Bayesian
Data collection mechanisms for intrusion detection systems - Spafford, Zamboni (2000)(Correct)
Drawing from the experience obtained during the development and testing of a distributed intrusion detection system, we reflect on the data collection needs of intrusion detection systems, and on the ... / collection mechanisms for intrusion detection systems Eugene br and testing of a distributed intrusion detection system we re ect on the