Intrusion Detection [CiteSeer; NEC Research Institute; Steve Lawrence, Kurt Bollacker, Lee Giles]

Home Top: Security: Intrusion Detection [Access Control Encryption Information Warfare Intellectual Property Protection Intrusion Detection]

Change ordering: Authority Hubs (tutorials) Date Expected authority Show titles only
Ordered by the expected number of citations based on the year of publication

This directory is created automatically and some papers may be mislabeled. Only document within the CiteSeer database are listed. The directory is intended to provide entry points for browsing the database and is not intended to be authoritative. Papers may not appear in all relevant categories. For example, papers in a sub-category may not appear in higher level categories.

310.6 EMERALD: Event Monitoring Enabling Responses to Anomalous Live.. - Porras, Neumann (1997) (Correct)
The EMERALD (Event Monitoring Enabling Responses to Anomalous Live Disturbances) en- vironment is a distributed scalable tool suite for track- ing malicious activity through and across large networks.... / with over a decade of intrusion detection research and engineering br Keywords Network security intrusion detection coordinated attacks

281.8 Defending Against Denial of Service Attacks in Scout - Spatscheck, Peterson (1999) (Correct)
We describe a two-dimensional architecture for defending against denial of service attacks. In one dimension, the architecture accounts for all resources consumed by each I/O path in the system; this ... / could be rated by an intrusion detection system with resources

257.1 Forward-Secure Signatures with Optimal Signing and Verifying - Itkis, Reyzin (2001) (Correct)
We propose the rst forward-secure signature scheme for unknown Forward-Secure Signatures with Optimal Signing and Verifying Gene Itkis and Leonid Reyzin Boston University Computer Science Dept.... / of the old keys and proper intrusion detection are non-trivial tasks. br perform such deletion and intrusion detection certainly more reasonable

218.1 Detecting Computer and Network Misuse Through the Production-Based.. - Lindqvist, Porras (1999) (Correct)
This paper describes an expert system development toolset called the Production-Based Expert System Toolset (P-BEST) and how it is employed in the development of a modern generic signature-analysis en... / of P-BEST have been used in intrusion detection research and in the br some of the most wellknown intrusion detection systems but this is the

214.2 Meta-Learning in Distributed Data Mining Systems: Issues and.. - Prodromidis, Chan, al. (2000) (Correct)
Data mining systems aim to discover patterns and extract useful information from facts recorded in databases. A widely adopted approach to this objective is to apply various machine learning algorit... / been successfully applied to intrusion detection in network-based systems br research is supported by the Intrusion Detection Program BAA from

199.9 OS Support for General-Purpose Routers - Peterson, Karlin, Li (1999) (Correct)
This paper argues that there is a need for routers to move from being closed, special-purpose network devices to being open, general-purpose computing/communication systems. The central challenge in m... / to log usage and implement intrusion detection. One can argue with our

190.9 Hardening COTS Software with Generic Software Wrappers - Fraser, Badger, Feldman (1999) (Correct)
Numerous techniques exist to augment the security functionality of Commercial Off-The-Shelf (COTS) applications and operating systems, making them more suitable for use in mission-critical systems. Al... / cause harm access control intrusion detection In some cases the br applications to support intrusion detection

185.7 Intrusion Detection in Wireless Ad-Hoc Networks - Zhang, Lee (2000) (Correct)
As the recent denial-of-service attacks on several major Internet sites have shown us, no open computer network is immune from intrusions. The wireless ad-hoc network is particularly vulnerable due to... / Intrusion Detection in Wireless Ad-Hoc Networks br line of defense. Many of the intrusion detection techniques developed on a

181.8 A Data Mining Framework for Building Intrusion Detection Models - Lee, Stolfo, Mok (1999) (Correct)
There is often the need to update an installed Intrusion Detection System (IDS) due to new attack methods or upgraded computing environments. Since many current IDSs are constructed by manual encoding... / Mining Framework for Building Intrusion Detection Models Wenke Lee br need to update an installed Intrusion Detection System IDS due to new

177.1 Bro: A System for Detecting Network Intruders in Real-Time - Paxson (1998) (Correct)
We describe Bro, a stand-alone system for detecting network intruders in real-time by passively monitoring a network link over which the intruder's traffic transits. We give an overview of the system'... / attacks is termed network intrusion detection a relatively new area of br the Bro language. Because intrusion detection can form a cornerstone of

171.4 An Architecture for Intrusion Detection using Autonomous Agents - Balasubramaniyan, Garcia-Fernandez.. (1998) (Correct)
The Intrusion Detection System architectures commonly used in commercial and research systems have a number of problems that limit their configurability, scalability or efficiency. The most common sho... / An Architecture for Intrusion Detection using Autonomous Agents br Abstract The Intrusion Detection System architectures

165.2 State Transition Analysis: A Rule-Based Intrusion Detection Approach - Ilgun (1995) (Correct)
This paper presents a new approach to representing and detecting computer penetrations in real-time. The approach, called state transition analysis, models penetrations as a series of state changes th... / Analysis A Rule-Based Intrusion Detection Approach Koral Ilgun br and functionality of this intrusion detection approach. Lastly STAT is

159.4 A Sense of Self for Unix Processes - Forrest, Hofmeyr, Somayaji, Longstaff (1996) (Correct)
A method for anomaly detection is introduced in which "normal" is defined by short-range correlations in a process ' system calls. Initial experiments suggest that the definition is stable during norm... / most prior published work on intrusion detection has relied on either a much br are two basic approaches to intrusion detection misuse intrusion

148.5 Data Mining Approaches for Intrusion Detection - Lee, Stolfo (1998) (Correct)
In this paper we discuss our research in developing general and systematic methods for intrusion detection. The key ideas are to use data mining techniques to discover consistent and useful patterns o... / Data Mining Approaches for Intrusion Detection Wenke Lee Salvatore br and systematic methods for intrusion detection. The key ideas are to use

145.4 Detecting Intrusions Using System Calls: Alternative Data Models - Christina Warrender (1999) (Correct)
Intrusion detection systems rely on a wide variety of observable data to distinguish between legitimate and illegitimate activities. In this paper we study one such observable--- sequences of system c... / Abstract Intrusion detection systems rely on a wide br others introduced a simple intrusion detection method based on monitoring

136.3 Experience with EMERALD to Date - Neumann (1999) (Correct)
After summarizing the EMERALD architecture and the evolutionary process from which EMERALD has evolved, this paper focuses on our experience to date in designing, implementing, and applying EMERALD to... / st USENIX Workshop on Intrusion Detection and Network Monitoring br types of misuse. The term intrusion detection is often used to

136.2 Computer Immunology - Forrest, Hofmeyr, Somayaji (1996) (Correct)
this article argues that the similarities are compelling and could point the way to improved computer security. Improvements can be achieved by designing computer immune systems that have some of the ... / systems. Many virus and intrusion detection methods scan only for known br exceptions include anomaly intrusion detection systems and

131.9 JAM: Java Agents for Meta-Learning over Distributed Databases - Stolfo, Tselepis, Lee, Fan (1997) (Correct)
In this paper, we describe the JAM system, a distributed, scalable and portable agent-based data mining system that employs a general approach to scaling data mining applications that we call meta-lea... / applications is fraud and intrusion detection in financial information br machine learning fraud and intrusion detection financial information

128.5 Selecting Examples for Partial Memory Learning - Maloof, Michalski (2000) (Correct)
This paper describes a method for selecting training examples for a partial memory learning system. The method selects extreme examples that lie at the boundaries of concept descriptions and uses th... / problem and a computer intrusion detection problem. Experimental br and computer intrusion detection Maloof Michalski

128.5 Towards Higher Disk Head Utilization: Extracting Free Bandwidth From.. - Lumb, Schindler, Ganger, Nagle (2000) (Correct)
Freeblock scheduling is a new approach to utilizing more of a disk's potential media bandwidth. By filling rotational latency periods with useful media transfers, 20-50% of a never-idle disk's bandwid... /

128.5 STATL: An Attack Language for State-based Intrusion Detection - Eckmann, Vigna, Kemmerer (2000) (Correct)
STATL is an extensible state/transition-based attack description language designed to support intrusion detection. The language allows one to describe computer penetrations as sequences of actions th... / Language for State-based Intrusion Detection Steven T. Eckmann br language designed to support intrusion detection. The language allows one

128.5 State of the Practice of Intrusion Detection Technologies - Allen, al. (2000) (Correct)
Attacks on the nation's computer infrastructures are a serious problem. Over the past 12 years, the growing number of computer security incidents on the Internet has reflected the growth of the Intern... / State of the Practice of Intrusion Detection Technologies Julia Allen br State of the Practice of Intrusion Detection Technologies

127.2 Building Intrusion Tolerant Applications - Wu, Malkin, Boneh (1999) (Correct)
The ITTC project provides tools and an infrastructure for building intrusion tolerant applications. Rather than prevent intrusions or detect them after the fact, the ITTC system ensures that the compr... / system one often installs intrusion detection software to monitor system

119.1 Implementing a Generalized Tool for Network Monitoring - Ranum (1997) (Correct)
Determining how you were attacked is essential to developing a response or countermeasure. Usually, a system or network manager presented with a successful intrusion has very little information with w... / served well as a poor man's intrusion detection system. Other network br and Argus Other intrusion detection burglar alarms have

114.8 Adaptive Fraud Detection - Fawcett, Foster (1997) (Correct)
One method for detecting fraud is to check for suspicious changes in user behavior. This paper describes the automatic design of user profiling methods for the purpose of fraud detection, using a se... / constructive induction intrusion detection applications . br detection is related to intrusion detection a field of computer

113.5 Next Generation Intrusion Detection Expert System (NIDES), Software.. - Anderson, Frivold, Tamaru, Valdes (1994) (Correct)
The Next-Generation Intrusion Detection Expert System (NIDES) is powerful state-of-the-art software that supports intrusion detection on single or multiple computers. unknown Software Users Manual Dec... / Next Generation Intrusion Detection Expert System NIDES br The Next Generation Intrusion Detection Expert System NIDES is

109.0 NetSTAT: A Network-based Intrusion Detection System - Vigna (1999) (Correct)
Network-based attacks are becoming more common and sophisticated. For this reason, intrusion detection systems are now shifting their focus from the hosts and their operating systems to the network it... / NetSTAT A Network-based Intrusion Detection System Giovanni Vigna br For this reason intrusion detection systems are now shifting

109.0 Learning Program Behavior Profiles for Intrusion Detection - Ghosh, Schwartzbard, Schatz (1999) (Correct)
Profiling the behavior of programs can be a useful reference for detecting potential intrusions against systems. This paper presents three anomaly detection techniques for profiling program behavior t... / Program Behavior Profiles for Intrusion Detection Anup K. Ghosh Aaron br attacks against systems intrusion detection systems must be able to

108.5 Temporal Sequence Learning and Data Reduction for Anomaly Detection - Lane, Brodley (1998) (Correct)
ing with credit is permitted. To copy otherwise, to republish, to post on servers, to redistribute to lists, or to use any component of this work in other works, requires prior specific permission and... / firewalls and network-based intrusion detection systems Heberlein et al. br Additionally multi-sensor intrusion detection systems such as AAFID

99.9 A Data Mining Framework for Constructing Features and Models for.. - Lee (1999) (Correct)
Intrusion detection is an essential component of critical infrastructure protection mechanisms. The traditional pure "knowledge engineering" process of building Intrusion Detection Systems (IDSs) is v... / Features and Models for Intrusion Detection Systems Wenke Lee

97.1 NetSTAT: A Network-based Intrusion Detection Approach - Vigna (1998) (Correct)
Network-based attacks have become common and sophisticated. For this reason, intrusion detection systems are now shifting their focus from the hosts and their operating systems to the network itself. ... / NetSTAT A Network-based Intrusion Detection Approach Giovanni Vigna br For this reason intrusion detection systems are now shifting

95.6 Classification And Detection Of Computer Intrusions - Kumar (1995) (Correct)
Some computer security breaches cannot be prevented using access and information flow control techniques. These breaches may be a consequence of system software bugs, hardware or software failures, in... / . What is Intrusion Detection br Premise and Limitations of Intrusion Detection .

91.4 A Secure Active Network Environment Architecture - Alexander (1998) (Correct)
Active Networks are a network infrastructure which is programmable on a per-user or even per-packet basis. Increasing the flexibility of such network infrastructures invites new security risks. Coping... / monitoring e.g.for intrusion detection and other tasks that has

91.4 Intrusion Detection using Sequences of System Calls - Hofmeyr, Forrest, Somayaji (1998) (Correct)
this paper we are primarily concerned with determining empirically if the discriminator is stable. Efficiency is a secondary consideration, and is addressed in this paper to the extent that we analyze... / Intrusion Detection using Sequences of System br the use of tools such as Intrusion Detection Systems IDS The IDS

91.4 Mining Audit Data to Build Intrusion Detection Models - Lee, Stolfo, Mok (1998) (Correct)
In this paper we discuss a data mining framework for constructing intrusion detection models. The key ideas are to mine system audit data for consistent and useful patterns of program and user behavio... / Mining Audit Data to Build Intrusion Detection Models Wenke Lee and br framework for constructing intrusion detection models. The key ideas are

90.9 Activity Monitoring: Noticing interesting changes in behavior - Fawcett, Provost (1999) (Correct)
We introduce a problem class which we term activity monitoring. Such problems involve monitoring the behavior of a large population of entities for interesting events requiring action. We present a fr... / news story monitoring and intrusion detection can be expressed br of fraud detection computer intrusion detection network performance

85.7 Information-Theoretic Measures for Anomaly Detection - Lee, Xiang (2001) (Correct)
Anomaly detection is an essential component of the protection mechanisms against novel attacks. In this paper, we propose to use several information-theoretic measures, namely, entropy, conditional en... / measures. Introduction Intrusion detection systems IDSs is an br The two main techniques for intrusion detection ID are misuse detection

85.7 Middleware Support for Voting and Data Fusion - Zhiyuan (2001) (Correct)
Middleware is a class of software systems above the operating system which is becoming widely used for programming distributed systems. Voting is a fundamental operation when distributed systems invol... / increasingly prevalent and intrusion detection systems which are br to support features such as intrusion detection. . Basic Voter

85.7 Building a Robust Software-Based Router Using Network Processors - Spalink, Karlin, Peterson, Gottlieb (2001) (Correct)
Recent efforts to add new services to the Internet have increased interest in software-based routers that are easy to extend and evolve. This paper describes our experiences using emerging network pro... / support-e.g.firewalls intrusion detection proxies level-n br performance monitoring intrusion detection application-level

85.7 Characteristics of Network Traffic Flow Anomalies - Paul Barford And (2001) (Correct)
INTRODUCTION One of the primary tasks of network administrators is monitoring routers and switches for anomalous traffic behavior such as outages, configuration changes, flash crowds and abuse. Recog... / to this is the development of intrusion detection tools such as Bro br and O. Niggemann Supporting intrusion detection by graph clustering and

85.7 Early Measurements of a Cluster-based Architecture for P2P Systems - Krishnamurthy, Wang, Xie (2001) (Correct)
Peer-to-peer applications such as Napster, Freenet, and Gnutella, have gained much attention recently. These applications are mainly designed and used for largescale sharing of MP3 files. In such syst... / connections. When an intrusion detection system was triggered

85.7 Mobile Agents In Intrusion Detection And Response - Jansen, Mell, Karygiannis, Marks (2000) (Correct)
Effective intrusion detection capability is an elusive goal, not solved easily or with a single mechanism. However, mobile software agents go a long way toward realizing the ideal behavior desired in ... / Mobile Agents In Intrusion Detection And Response W. br Abstract Effective intrusion detection capability is an elusive

81.1 Checking for Race Conditions in File Accesses - Bishop, Dilger (1996) (Correct)
We develop a theory of vulnerabilities and their signatures, and use this theory to categorize race conditions that occur when processes interact with files in the UNIX operating system and that prese... / of attacks in the context of intrusion detection in this context br a very different twist in intrusion detection. Characterizing

79.9 Insertion, Evasion, and Denial of Service: Eluding Network Intrusion.. - Ptacek, Newsham (1998) (Correct)
All currently available network intrusion detection (ID) systems rely upon a mechanism of data collection---passive protocol analysis---which is fundamentally flawed. In passive protocol analysis, t... / of Service Eluding Network Intrusion Detection Thomas H. Ptacek br currently available network intrusion detection ID systems rely upon a

74.0 Automated Detection of Vulnerabilities in Privileged Programs by.. - Ko, Fink, Levitt (1994) (Correct)
We present a method for detecting exploitations of vulnerabilities in privileged programs by monitoring their execution using audit trials, where the monitoring is with respect to specifications of th... / Our work is motivated by the intrusion detection paradigm but is an attempt br Our approach is a variant of intrusion detection wherein audit trails

72.4 Ustat : A Real-time Intrusion Detection System for Unix - Ilgun (1992) (Correct)
Ustat A Real-time Intrusion Detection System for UNIX by Koral Ilgun This thesis presents the design and implementation of a real-time intrusion detection tool called Ustat, a State Transition Analys... / Barbara USTAT A Real-time Intrusion Detection System for UNIX A Thesis br Ustat A Real-time Intrusion Detection System for UNIX by Koral

71.4 A Framework for Constructing Features and Models for Intrusion.. - Lee, Stolfo (2000) (Correct)
This paper describes a novel framework, MADAM ID, for Mining Audit Data for Automated Models for Intrusion Detection. This framework uses data mining algorithms to compute activity patterns from syste... / Features and Models for Intrusion Detection Systems Wenke Lee North br Stolfo Columbia University Intrusion detection ID is an important

71.4 Design and Implementation of a Scalable Intrusion Detection System.. - Jou Gong Sargor (2000) (Correct)
This paper presents the design, implementation, and experimentation of the JiNao intrusion detection system (IDS) which focuses on the protection of the network routing infrastructure. We used Open Sh... / Implementation of a Scalable Intrusion Detection System for the Protection br experimentation of the JiNao intrusion detection system IDS which focuses

71.4 Automated Response Using System-Call Delays - Anil Somayaji Dept (2000) (Correct)
Automated intrusion response is an important unsolved problem in computer security. A system called pH (for process homeostasis) is described which can successfully detect and stop intrusions before t... / detection e.g.virus and intrusion detection Response has been an br email. Commercial intrusion detection systems IDSs are capable

69.5 A Software Architecture to support Misuse Intrusion Detection. - Kumar, Spafford (1995) (Correct)
Misuse Intrusion Detection has traditionally been understood in the literature as the detection of specific, precisely representable techniques of computer system abuse. Pattern matching is well dispo... / to support Misuse Intrusion Detection. Technical Report br Abstract Misuse Intrusion Detection has traditionally been

66.6 A Pattern Matching Model for Misuse Intrusion Detection - Kumar, Spafford (1994) (Correct)
This paper describes a generic model of matching that can be usefully applied to misuse intrusion detection. The model is based on Colored Petri Nets. Guards define the context in which signatures are... / Matching Model For Misuse Intrusion Detection Sandeep Kumar Eugene br Keywords intrusion detection misuse anomaly.

63.6 An Immunological Model of Distributed Detection and Its Application.. - Hofmeyr (1999) (Correct)
This dissertation explores an immunological model of distributed detection, called negative detection, and studies its performance in the domain of intrusion detection on computer networks. The goal o... / performance in the domain of intrusion detection on computer networks. The br model is applied to network intrusion detection. The system monitors TCP

60.8 A Security Policy Model for Clinical Information Systems - Anderson (1996) (Correct)
The protection of personal health information has become a live issue in a number of countries including the USA, Canada, Britain and Germany. The debate has shown that there is widespread confusion a... /

59.5 Unreliable Intrusion Detection in Distributed Computations - Malkhi, Reiter (1997) (Correct)
Distributed coordination is difficult, especially when the system may suffer intrusions that corrupt some component processes. In this paper we introduce the abstraction of a failure detector that a p... / Unreliable Intrusion Detection in Distributed Computations

57.9 Defending a Computer System using Autonomous Agents - Crosbie, Spafford (1996) (Correct)
This report presents a prototype architecture of a defense mechanism for computer systems. The intrusion detection problem is introduced and some of the key aspects of any solution are explained. Stan... / for computer systems. The intrusion detection problem is introduced and br are explained. Standard intrusion detection systems are built as a

57.1 Automated Discovery of Concise Predictive Rules for Intrusion.. - Helmer, Wong, Honavar, Miller (2001) (Correct)
This paper details an essential component of a multi-agent distributed knowledge network system for intrusion detection. We describe a distributed intrusion detection architecture, complete with a dat... / Concise Predictive Rules for Intrusion Detection Guy Helmer Johnny br knowledge network system for intrusion detection. We describe a distributed

57.1 SAVE: Source Address Validity Enforcement Protocol - Li, Mirkovic, Wang, Reiher, Zhang (2001) (Correct)
Many network attacks forge the source address in their IP packets to block traceback. Recently, research activity has focused on packet-tracing mechanisms to counter this deception. Unfortunately, the... / sources of an attack. Intrusion detection and network problem br is possible. Network intrusion detection has also studied how to

57.1 A Data Mining and CIDF Based Approach for Detecting Novel and.. - Lee, Nimbalkar, Yee, Patil, Desai.. (2000) (Correct)
As the recent distributed Denial-of-Service (DDOS) attacks on several major Internet sites have shown us, no open computer network is immune from intrusions. Furthermore, intrusion detection syste... / from intrusions. Furthermore intrusion detection systems IDSs need to be br system based on the Common Intrusion Detection Framework CIDF where

55.3 Immunity-Based Systems: A Survey - Dasgupta, Attoh-Okine (1997) (Correct)
Biological systems such as human beings can be regarded as sophisticated information processing systems, and can be expected to provide inspiration for various ideas to science and engineering. Biolog... /

54.5 Mining in a Data-flow Environment: Experience in Network Intrusion.. - Lee, Stolfo, Mok (1999) (Correct)
In this paper we discuss the KDD process in "data-flow" environments, where unstructured and time dependent data can be processed into various levels of structured and semantically-rich forms for anal... / Experience in Network Intrusion Detection Wenke Lee Salvatore br analysis tasks. Using network intrusion detection as a concrete application

54.5 From Laboratory to Warehouse: Security Robots Meet the Real World - Everett, Gage (1999) (Correct)
The MDARS robotic security program has successfully demonstrated simultaneous control of multiple robots navigating autonomously within an operational warehouse environment. This real-world warehous... / to provide an automated intrusion detection and inventory assessment br sensors for navigation and intrusion detection. The

51.4 Detecting Anomalous and Unknown Intrusions Against Programs - Ghosh, Wanken, Charron (1998) (Correct)
The ubiquity of the Internet connection to desktops has been both boon to business as well as cause for concern for the security of digital assets that may be unknowingly exposed. Firewalls have been ... / has been boon to commercial intrusion detection tools. Two general br has led to the growth of the intrusion detection software industry.

51.4 Intelligent Agents for Intrusion Detection - Helmer, Wong, Honavar, Miller (1998) (Correct)
This paper focuses on intrusion detection and countermeasures with respect to widely-used operating systems and networks. The design and architecture of an intrusion detection system built from distri... / Intelligent Agents for Intrusion Detection Guy G. Helmer br This paper focuses on intrusion detection and countermeasures with

51.4 Intrusion Detection with Neural Networks - Ryan, Lin, Miikkulainen (1998) (Correct)
With the rapid expansion of computer networks during the past few years, security has become a crucial issue for modern computer systems. A good way to detect illegitimate use is through monitoring un... / Intrusion Detection with Neural Networks Jake br user activity. Methods of intrusion detection based on hand-coded rule

51.0 An Efficient Message Authentication Scheme for Link State Routing - Cheung (1997) (Correct)
We study methods for reducing the cost of secure link state routing. In secure link state routing, routers may need to verify the authenticity of many routing updates, and some routers such as border ... / approach which is intrusion detection e.g. br Wu et al. proposed an intrusion detection approach to secure link

51.0 Learning Patterns from Unix Process Execution Traces for Intrusion.. - Lee, Stolfo (1997) (Correct)
In this paper we describe our preliminary experiments to extend the work pioneered by Forrest (see Forrest et al. 1996) on learning the (normal and abnormal) patterns of Unix processes. These patterns... / Process Execution Traces for Intrusion Detection Wenke Lee and br to perhaps provide broader intrusion detection services. The experiments

46.8 Sequence Matching and Learning in Anomaly Detection for Computer.. - Lane, Brodley (1997) (Correct)
Two problems of importance in computer security are to 1) detect the presence of an intruder masquerading as the valid user and 2) detect the perpetration of abusive actions on the part of an otherwis... / security is that of intrusion detection. The goal is to detect br many possible approaches to intrusion detection one that has received

46.8 An Application of Machine Learning to Anomaly Detection - Lane, Brodley (1997) (Correct)
The anomaly detection problem has been widely studied in the computer security literature. In this paper we present a machine learning approach to anomaly detection. Our system builds user profiles ba... / security is that of intrusion detection. The goal is to br many possible approaches to intrusion detection one that has recieved

45.4 Using Program Behavior Profiles for Intrusion Detection - Ghosh, Schwartzbard, Schatz (1999) (Correct)
Intrusion detection and response has traditionally been performed at the network and host levels. That is, intrusion monitors will typically analyze network packet logs or host machine audit logs for ... / Program Behavior Profiles for Intrusion Detection Anup K. Ghosh Aaron br www.rstcorp.com Abstract Intrusion detection and response has

45.4 A High-Performance Network Intrusion Detection System - Sekar, Guang, Verma, Shanbhag (1999) (Correct)
In this paper we present a new approach for network intrusion detection based on concise specifications that characterize normal and abnormal network packet sequences. Our specification language is ge... / A High-Performance Network Intrusion Detection System R. Sekar Y. br a new approach for network intrusion detection based on concise

45.4 The Design of GrIDS: A Graph-Based Intrusion Detection System - Cheung, Crawford, Dilger, Frank.. (1999) (Correct)
This report documents the design of the Graph-based Intrusion Detection System (GrIDS) in reasonable detail. It is intended as a guide to people who wish to understand the implementation, or who have ... / of GrIDS A Graph-Based Intrusion Detection System Steven Cheung br the design of the Graph-based Intrusion Detection System GrIDS in

45.4 Intrusion Detection Inter-component Adaptive Negotiation - Feiertag, Benzinger, Rho, Wu.. (1999) (Correct)
The Intrusion Detection System (IDS) community is developing better techniques for collecting and analyzing data in order to handle intrusions in large, distributed environments [1, 5, 6]. To take adv... / Intrusion Detection Inter-component Adaptive br C - Abstract The Intrusion Detection System IDS community is

42.8 Architecture for an Artificial Immune System - Hofmeyr, Forrest (2000) (Correct)
An artificial immune system (ARTIS) is described which incorporates many properties of natural immune systems, including diversity, distributed computation, error tolerance, dynamic learning and ada... / in the form of a network intrusion detection system called LISYS. LISYS br and implemented LISYS an intrusion detection system that monitors

42.8 Mining Frequent Itemsets Using Support Constraints - Wang, He, Han (2000) (Correct)
Interesting patterns often occur at varied levels of support. The classic association mining based on a uniform minimum support, such as Apriori, either misses interesting patterns of low support ... / frequent itemsets to build intrusion detection models LSM to con- br Mining audit data to build intrusion detection models. KDD -

42.8 Detecting Backdoors - Zhang, Paxson (2000) (Correct)
Backdoors are often installed by attackers who have compromised a system to ease their subsequent return to the system. We consider the problem of identifying a large class of backdoors, namely those ... / network traffic using an intrusion detection system IDS where we br In general network intrusion detection becomes much more

42.8 The STAT Tool Suite - Vigna, Eckmann, Kemmerer (2000) (Correct)
This paper describes a suite of intrusion detection tools developed by the Reliable Software Group at UCSB. The tool suite is based on the State Transition Analysis Technique (STAT), in which compute... / paper describes a suite of intrusion detection tools developed by the br and tailored to perform intrusion detection in different domains and

42.8 Software Tamper Resistance: Obstructing Static Analysis of Programs - Wang, Hill, Knight, Davidson (2000) (Correct)
In this paper we address the problem of protecting trusted software on untrusted hosts by code obfuscation. We address one aspect of the problem, namely obstructing static analysis of programs. The p... / it arises for example in intrusiondetection systems. The parts of the br systems. The parts of the intrusion-detection system that record events

42.8 A Preliminary Attempt to Apply Detection and Estimation Theory to.. - Department (2000) (Correct)
Research into the automated detection of computer security violations is hardly in its infancy, yet little comparison has been made with the established field of detection and estimation theory, the r... / and Estimation Theory to Intrusion Detection Stefan Axelsson br studying the problem of intrusion detection by the use of the

42.8 Detecting Stepping Stones - Zhang, Paxson (2000) (Correct)
One widely-used technique by which network attackers attain anonymity and complicate their apprehension is by employing stepping stones: they launch attacks not from their own computer but from inter... / While as with most forms of intrusion detection with enough diligence br . Accuracy As with intrusion detection in general we face the

42.8 Toward Cost-Sensitive Modeling for Intrusion Detection - Lee (2000) (Correct)
Intrusion detection systems need to maximize security while minimizing costs. In this paper, we study the problem of building cost-sensitive intrusion detection models. We examine the major cost fac... / Cost-Sensitive Modeling for Intrusion Detection Wenke Lee Computer br Abstract Intrusion detection systems need to maximize

42.8 Self-Securing Storage: Protecting Data in Compromised Systems - Strunk, Goodson, Scheinholtz.. (2000) (Correct)
Self-securing storage prevents intruders from undetectably tampering with or permanently deleting stored data. To accomplish this, self-securing storage devices internally audit all requests and keep ... / techniques can extend the intrusion detection window oered by br discovered by an automated intrusion detection system IDS or by a

42.8 Toward Cost-Sensitive Modeling for Intrusion Detection and Response - Lee, Fan, Miller, Stolfo, Zadok (2000) (Correct)
Intrusion detection systems (IDSs) must maximize the realization of security goals while minimizing costs. In this paper, we study the problem of building cost-sensitive intrusion detection models. W... / Cost-Sensitive Modeling for Intrusion Detection and Response Wenke Lee br Abstract Intrusion detection systems IDSs must

42.8 Anomaly Detection over Noisy Data using Learned Probability.. - Eskin (2000) (Correct)
Traditional anomaly detection techniques focus on detecting anomalies in new data after training on normal (or clean) data. In this paper we present a technique for detecting anomalies without trainin... / technique is applied to intrusion detection by examining intrusions br is an important problem in intrusion detection Denning Intrusion

42.8 Intrusion Detection Systems and Multisensor Data Fusion - Bass (2000) (Correct)
This article provides a brief review of ID concepts and terms, an overview of the art and science of multisensor data-fusion technology, and introduces the ID systems data-mining environment as a comp... / v No. Intrusion Detection Systems And br Next-generation cyberspace intrusion detection ID systems will require

42.8 Training a Neural-Network Based Intrusion Detector to Recognize Novel .. - And (2000) (Correct)
While many commercial Intrusion Detection Systems (IDS) are deployed, the protection they afford is modest. At the state-of-the-art, IDS produce voluminous alerts, most false alarms, and function main... / While many commercial Intrusion Detection Systems IDS are br the original concept for an intrusion detection system was an anomaly

42.5 NSTAT: A Model-based Real-time Network Intrusion Detection System - Kemmerer (1997) (Correct)
this report is to provide a single STAT process with a single, chronological audit trail. A client/server approach is currently being built, where the client side has two threads: a producer that read... / Model-based Real-time Network Intrusion Detection System Richard A. br of a real-time expert system intrusion detection tool. The approach is

41.9 An Application of Pattern Matching in Intrusion Detection - Kumar, Spafford (1994) (Correct)
This report examines and classifies the characteristics of signatures used in misuse intrusion detection. Efficient algorithms to match patterns in some of these classes are described. A generalized m... / of Pattern Matching in Intrusion Detection Technical Report br of signatures used in misuse intrusion detection. Efficient algorithms to

40.0 Mimicry Attacks on Host-Based Intrusion Detection Systems - Wagner, Soto (2002) (Correct)
We examine several host-based anomaly detection systems and study their security against evasion attacks. First, we introduce the notion of a mimicry attack, which allows a sophisticated attacker to c... / Mimicry Attacks on Host-Based Intrusion Detection Systems David br call for further research on intrusion detection from both attacker's and

40.0 Denial of Service in Sensor Networks - Wood, Stankovic (2002) (Correct)
Unless their developers take security into account at design time, sensor networks and the protocols they depend on will remain vulnerable to denial of service attacks. We identify denial of service w... /

39.9 Abstraction-Based Misuse Detection: High-Level Specifications and.. - Lin, Wang, Jajodia (1998) (Correct)
ion-Based Misuse Detection: High-Level Specifications and Adaptable Strategies Jia-Ling Lin, X. Sean Wang, Sushil Jajodia Center for Secure Information Systems George Mason University, Fairfax, VA 220... / are made to the file. The intrusion detection system instead of the br common problem with existing intrusion detection systems is that the

39.9 A Framework for Cooperative Intrusion Detection - Polla (1998) (Correct)
The trend towards a strong interdependence among networks has serious security implications. Not only does the compromise of one network adversely a#ect resources needed by others, but the compromis... /

39.1 Intelligence without Robots (A Reply to Brooks) - Etzioni (1993) (Correct)
In his recent papers, entitled "Intelligence without Representation and "Intelligence without Reason," Brooks argues for studying complete agents in real-world environments and for mobile robots as th... / tasks e.g.around-the-clock intrusion detection In short softbots

36.3 Applying Mobile Agents to Intrusion Detection and Response - Jansen, Mell, Karygiannis, Marks (1999) (Correct)
Interfaces ..................................................................................... 21 4.2.4. Knowledge Sharing............................................................................... / Applying Mobile Agents to Intrusion Detection and Response Wayne br . . . Autonomous Agents for Intrusion Detection

36.3 A Method of Tracing Intruders by Use of Mobile Agents - Asaka, Okazawa, TAGUCHI, GOTO (1999) (Correct)
A network intrusion detection system (IDA) retrieves information related to intrusions from target systems across the network by using mobile agents. Simultaneously, the agents trace the intruder... / Abstract. A network intrusion detection system IDA retrieves br been developing a network intrusion detection system IDS called the

35.0 Detecting Intruders in Computer Systems - Lunt (1993) (Correct)
Although a computer system's primary defense is its access controls, computer system access controls cannot be relied upon in most cases to safeguard against a penetration or insider attack. Even the ... / is developing a real-time intrusion-detection expert system NIDES br related to building and using intrusion detection systems. The third part of

34.5 Artificial Intelligence and Intrusion Detection: Current and Future.. - Frank (1994) (Correct)
Intrusion Detection systems (IDSs) have previously been built by hand. These systems have difficulty successfully classifying intruders, and require a significant amount of computational overhead maki... / Artificial Intelligence and Intrusion Detection Current and Future br June Abstract Intrusion Detection systems IDSs have

34.2 Research in Intrusion-Detection Systems: A Survey - Axelsson (1998) (Correct)
There is currently need for an up-to-date and thorough survey of the research in the eld of computer and network intrusion detection. This paper presents such a survey, with a taxonomy of intrusion de... / Research in Intrusion-Detection Systems A Survey br eld of computer and network intrusion detection. This paper presents such

34.2 Intrusion Detection Applying Machine Learning to Solaris Audit Data - Endler (1998) (Correct)
An Intrusion Detection System (IDS) seeks to identify unauthorized access to computer systems' resources and data. The most common analysis tool that these modern systems apply is the operating system... / Intrusion Detection Applying Machine Learning br Abstract An Intrusion Detection System IDS seeks to

34.0 Intrusion Detection for Link-State Routing Protocols - Wu, Wang, Vetter, II, Jou, Gong.. (1997) (Correct)
Security and intrusion detection for routing protocols are two closely related topics in the protection of network infrastructure. The former focuses on secure network control protocols, while the lat... / Intrusion Detection for Link-State Routing br grant FAS - . Intrusion Detection for Link-State Routing

29.7 Architecture Design of a Scalable Intrusion Detection System for the.. - Jou, Wu, Gong, Cleaveland, Sargor (1997) (Correct)
ion Module (IAM) : : : : : : : : : : : 6 2.2.1.6 JiNao Management Information Base (JiNaoMIB) : : : : : : 6 2.2.2 Remote Subsystem : : : : : : : : : : : : : : : : : : : : : : : : : : : : 6 2.2.3 Manag... / Design of a Scalable Intrusion Detection System for the Emerging br Intrusion Detection System Architecture

29.7 Credit Card Fraud Detection Using Meta-Learning: Issues and Initial.. - Stolfo, Fan, Lee, Prodromidis (1997) (Correct)
In this paper we describe initial experiments using meta-learning techniques to learn models of fraudulent credit card transactions. Our collaborators, some of the nation's largest banks, have provide... / to detect fraud and provide intrusion detection services within a single

28.9 Simulated Social Control for Secure Internet Commerce - Rasmusson, Janson (1996) (Correct)
In this paper we suggest that soft security such as social control has to be used to create secure open systems. Social control means that it is the participants themselves who are responsible for the... / Soft security mechanisms for intrusion detection have been tried by Crosbie

28.5 Intrusion Detection via Static Analysis - Wagner, Dean (2001) (Correct)
One of the primary challenges in intrusion detection is modelling typical application behavior, so that we can recognize attacks by their atypical effects without raising too many false alarms. We sho... / Intrusion Detection via Static Analysis David br of the primary challenges in intrusion detection is modelling typical

28.5 Fault Tolerance in Critical Information Systems - Elder (2001) (Correct)
Critical infrastructure applications provide services upon which society depends heavily; such applications require constant, dependable operation in the face of various failures, natural disasters, a... / Figure Money-center bank intrusion detection alarm on event br Experiment Branch bank intrusion detection alarms

28.5 Denial of service in public key protocols - Eronen (2001) (Correct)
Network denial of service attacks have become a widespread problem on the Internet. However, denial of service is often considered to be an implementation issue by protocol designers. In this paper I ... / by spoofed IP addresses. Intrusion detection and reaction systems aim to br or few IP addresses. To an intrusion detection system this might look like

28.5 An Environment for Security Protocol Intrusion Detection - Yasinsac (2001) (Correct)
Secure electronic communication relies on cryptography. Even with perfect encryption, communication may be compromised without effective security protocols for key exchange, authentication, etc. We a... / for Security Protocol Intrusion Detection Alec Yasinsac br method is based on classic intrusion detection techniques of

28.5 A glimpse into the future of ID - Bass, Gruber (2001) (Correct)
Cyberspace is a complex dimension of both enabling and inhibiting data flows in electronic data networks. Current generation intrusion detection (ID) systems are not technologically advanced enough to... / networks. Current-generation intrusion-detection systems IDSes are not br Control ITC and future intrusion-detection systems. Of course this

28.5 Proactive Detection of Distributed Denial of Service Attacks using.. - Cabrera, Lewis, Qin, Lee, Prasanth.. (2001) (Correct)
In this paper we propose a methodology for utilizing Network Management Systems for the early detection of Distributed Denial of Service (DDoS) Attacks. Although there are quite a large number of even... / related to the area of Intrusion Detection eg. Our br System could be used for Intrusion Detection. In the present effort we

28.5 Agile Monitoring for Cyber Defense - Doyle, Kohane, Long, Shrobe.. (2001) (Correct)
The Monitoring, Analysis, and Interpretation Tool Arsenal (MAITA) seeks to support rapid construction and empirical reconfiguration of cyber defense monitoring systems inside the opponent decision cyc... / elements such as existing intrusion detection systems and sensors in a br alerting models in the intrusion detection literature. In the

28.5 Outlier Detection for High Dimensional Data - Aggarwal, Yu (2001) (Correct)
The outlier detection problem has important applications in the field of fraud detection, network robustness analysis, and intrusion detection. Most such applications are high dimensional domains in w... / robustness analysis and intrusion detection. Most such applications are br credit card fraud network intrusion detection financial applications and

28.5 Log Auditing through Model-Checking - Roger, Goubault-Larrecq (2001) (Correct)
Log auditing is a basic intrusion detection mechanism, whereby attacks are detected by uncovering matches of sequences of events against signatures. We argue that this problem is naturally expressed a... / Log auditing is a basic intrusion detection mechanism whereby attacks br it is a cornerstone of intrusion detection which relies on

28.5 A Scalable Algorithm for Clustering Sequential Data - Valerie Guralnik George (2001) (Correct)
Many scientific and commercial domains have seen an enormous growth of data in recentyears. Such data sets have inherent sequential nature. The clustering of such data is useful for various purposes.... / retail transactions intrusion detection and web-logs have an

28.5 Trust Relationships in a Mobile Agent System - Tan, Moreau (2001) (Correct)
The notion of trust is presented as an important component in a security infrastructure for mobile agents. A trust model that can be used in tackling the aspect of protecting mobile agents from ho... /

28.5 Designing a Web of Highly-Configurable Intrusion Detection Sensors - Vigna, Kemmerer, Blix (2001) (Correct)
Intrusion detection relies on the information provided by a number of sensors deployed throughout the monitored network infrastructure. Sensors provide information at different abstraction levels and ... / a Web of Highly-Con gurable Intrusion Detection Sensors Giovanni Vigna br Abstract. Intrusion detection relies on the information

28.5 A Software Fault Tree Approach to Requirements Analysis of an.. - Guy Helmer Johnny (2001) (Correct)
The use of software fault trees for requirements identification and analysis in an Intrusion Detection System (IDS) is described. Intrusions are divided into seven stages, following Ruiu, and a fault ... / Requirements Analysis of an Intrusion Detection System Guy Helmer br and analysis in an Intrusion Detection System IDS is described.

28.5 A Framework for Distributed Intrusion Detection using Interest Driven .. - Gopalakrishna, Spafford (2001) (Correct)
Current distributed intrusion detection systems are not completely distributed with respect to data analysis because of the presence of centralized data analysis components. This deficiency has many u... /

28.5 From Declarative Signatures to Misuse IDS - Jean-Philippe Pouzol And (2001) (Correct)
In many existing misuse intrusion detection systems, intrusion signatures are very close to the detection algorithms. As a consequence, they contain too many cumbersome details. Recent work have pr... / In many existing misuse intrusion detection systems intrusion br to detect misuses. Among the intrusion detection systems IDS briefly

28.5 Adele: An Attack Description Language For Knowledge-Based Intrusion.. - Michel, M� (2001) (Correct)
ADeLe is an attack description language designed to model a database of known attack scenarios. As the descriptions might contain executable attack code, it allows one to test the efficiency of given ... / Language For Knowledge-Based Intrusion Detection C Edric Michel br Keywords Intrusion detection attack description

28.5 Analysis of a Statistics Counter Architecture - Devavrat Shah Sundar (2001) (Correct)
Packet switches (e.g., IP routers, ATM switches and Ethernet switches) maintain statistics for a variety of reasons: performance monitoring, network management, security, network tracing, and traffic ... / stateful firewalling intrusion detection performance monitoring

28.5 A New Intrusion Detection Method Based on Discriminant Analysis - Midori Asaka Regular (2001) (Correct)
This paper explains our newmet6 d for tr separat48 intWE6::E and normal behavior by discriminant analysis, and describes tW classificatEP mets d by which t identen an unknown behavior unknown PAPER... /

28.5 Intrusion Tolerance Approaches in ITUA - Cukier, Lyons, Pandey, Ramasamy.. (2001) (Correct)
This paper presents an overview and the key aspects of the ITUA project. We will describe the kind of attacks we are considering, how unpredictability can be used for intrusion tolerance, the architec... /

28.5 Computer Intrusion: Detecting Masquerades - Schonlau, DuMouchel, Ju, Karr.. (2001) (Correct)
Masqueraders in computer intrusion detection are people who use somebody else's computer account. We investigate a number of statistical approaches for detecting masqueraders. To evaluate them, we col... / Masqueraders in computer intrusion detection are people who use somebody br Unix Introduction Intrusion detection in computer science is an

28.5 On-Line Intrusion Detection Using Sequences of System Calls - Snyder (2001) (Correct)
viii 1. unknown SYSTEM CALLS Name: Damon Snyder Department: Department of Computer Science Major Professor: Robert van Engelen Major Professor: Kyle Gallivan Degree: Master of Science Term Degr... / On-Line Intrusion Detection Using Sequences Of System br techniques for on-line intrusion detection. A detailed analysis of

28.5 Secure Multi-Party Computation Problems and Their Applications: A.. - Du, Atallah (2001) (Correct)
The growth of the Internet has triggered tremendous opportunities for cooperative computation, where people are jointly conducting computation tasks based on the private inputs they each supplies. The... /

28.5 Intrusion detection with unlabeled data using clustering - Portnoy (2001) (Correct)
Intrusions pose a serious security threat in a network environment, and therefore need to be promptly detected and dealt with. New intrusion types, of which detection systems may not even be aware, ... /

28.5 Benchmarking Anomaly-Based Detection Systems - Roy Maxion Kymie (2000) (Correct)
Anomaly detection is a key element of intrusiondetection and other detection systems in which perturbations of normal behavior suggest the presence of intentionally or unintentionally induced attacks,... / detection is a key element of intrusiondetection and other detection systems br characteristics. In intrusion-detection settings however this is

28.5 Intrusion Detection Systems & Multisensor Data Fusion: Creating.. - Bass (2000) (Correct)
Next generation cyberspace intrusion detection (ID) systems will require the fusion of data from myriad heterogeneous distributed network sensors to effectively create cyberspace situational awareness... / For Publication draft Intrusion Detection Systems Multisensor Data br Next generation cyberspace intrusion detection ID systems will require

28.5 Adaptive Intrusion Detection: a Data Mining Approach - Lee, Stolfo, Mok (2000) (Correct)
In this paper we describe a data mining framework for constructing intrusion detection models. The first key idea is to mine system audit data for consistent and useful patterns of program and user ... / Adaptive Intrusion Detection a Data Mining Approach br framework for constructing intrusion detection models. The first key idea

28.5 A Multiple Model Cost-Sensitive Approach for Intrusion Detection - Fan, Lee, Stolfo, Miller (2000) (Correct)
Intrusion detection systems (IDSs) need to maximize security while minimizing costs. In this paper, we study the problem of building cost-sensitive intrusion detection models to be used for realti... / Cost-Sensitive Approach for Intrusion Detection Wei Fan Wenke br Abstract. Intrusion detection systems IDSs need to

28.5 The Middleware Architecture of MAFTIA: A Blueprint - Veríssimo, Neves, Correia (2000) (Correct)
In this paper, we present the middleware architecture of MAFTIA, an... unknown The Middleware Architecture of MAFTIA: A Blueprint Paulo Verssimo Nuno Ferreira Neves Miguel Correia DI{FCUL TR{00... / states can be unveiled by intrusion detection as we will see ahead but br systems generically known as Intrusion Detection Systems IDS Although an

28.5 A Markov Chain Model of Temporal Behavior for Anomaly Detection - Ye (2000) (Correct)
This paper presents an anomaly detection technique to detect intrusions into computer and network systems. In this technique, a Markov chain model is used to represent a temporal profile of normal beh... / Keywords Markov chain intrusion detection and anomaly detection. br model. Section defines the intrusion detection problem using the Markov

28.5 Applying Aspect-Oriented Programming to Intelligent Synthesis - Filman (2000) (Correct)
this paper have emerged from the work of the NASA Ames Variational Design group, the NASA ISE project, and the MCC Object Infrastructure Project. I thank Stu Barrett, Chris Knight, David Korsmeyer, Di... / between correspondents. Intrusion detection Recognizes attacks on

28.5 Modeling Requests among Cooperating Intrusion Detection Systems - Sean (2000) (Correct)
It is important for intrusion detection systems (IDSs) to share information in order to discover attacks involving multiple sites. However, no framework exists for an IDS to request from and send to a... / Requests among Cooperating Intrusion Detection Systems Peng Ning X. br It is important for intrusion detection systems IDSs to share

28.5 Cards: A Distributed System For Detecting Coordinated Attacks - Yang, Ning, Wang, Jajodia (2000) (Correct)
A major research problem in intrusion detection is the efficient Detection of coordinated attacks over large networks. Issues to be resolved include determining what data should be collected, which po... / A major research problem in intrusion detection is the efficient Detection br Keywords computer networks intrusion detection misuse detection network

28.5 Using Finite Automata to Mine Execution Data for Intrusion Detection: .. - Michael, Ghosh (2000) (Correct)
The use of program execution traces to detect intrusions has proven to be a successful strategy. Existing systems that employ this approach are anomaly detectors, meaning that they model a program's n... / to Mine Execution Data for Intrusion Detection a Preliminary Report C. br using execution traces for intrusion detection was pioneered by where

28.5 Handling Generic Intrusion Signatures is not Trivial - Pouzol, Ducassé (2000) (Correct)
This article presents work in progress in the context of misuse scenario detection, where the scenarios are combinations of several actions. An example of a masquerading scenario is: "users manage to ... / of x An intrusion detection system IDS based on a br Recent Advances in Intrusion Detection Toulouse - october

28.5 Using Embedded Sensors for Detecting Network Attacks - Eugene (2000) (Correct)
Embedded sensors for intrusion detection consist of code added to the operating system and the programs of the hosts where monitoring will take place. The sensors check for specific conditions that in... / Embedded sensors for intrusion detection consist of code added to br of the First ACM Workshop on Intrusion Detection Systems November

27.2 BPF+: Exploiting Global Data-flow Optimization in a Generalized.. - Begel, McCanne, Graham (1999) (Correct)
A packet filter is a programmable selection criterion for classifying or selecting packets from a packet stream in a generic, reusable fashion. Previous work on packet filters falls roughly into two c... / like network monitoring and intrusion detection however require both br firewall filtering and intrusion detection The earliest

27.2 An Immunogenetic Approach to Spectra Recognition - Dasgupta, al. (1999) (Correct)
The paper describes an immunogenetic approach to recognize spectra for chemical analysis. In particular, an immunological model for chemical reactions is introduced in which a population of specia... /

27.2 CEDMOS: Complex Event Detection and Monitoring System - Baker, Cassandra, Rashid (1999) (Correct)
cedmos is the Composite Event Detection and Monitoring System developed for DARPA by MCC. cedmos recognizes patterns of events called complex events according to user-- authored event specification... / . . . Network Intrusion Detection . br patterns or security e.g.intrusion detection are two of the many

27.2 Generation of Application Level Audit Data via Library Interposition - Kuperman, Spafford (1999) (Correct)
One difficulty encountered by intrusion and misuse detection systems is a lack of application level audit data. Frequently, applications used are written by third parties and may be distributed only i... / Motivation Researchers in Intrusion detection have stated Kumar br by software developers in the intrusion detection community for an increase

27.2 Synthesizing Fast Intrusion Prevention/Detection Systems from.. - Sekar, Uppuluri (1999) (Correct)
To build survivable information systems (i.e., systems that continue to provide their services in spite of coordinated attacks), it is necessary to detect and isolate intrusions before they impact sy... / useful for many other intrusion detection methods that employ br behavior as needed for intrusion detection or prevention. ffl In

26.0 A Methodology for Testing Intrusion Detection Systems - Puketza, Zhang, Chung, Mukherjee.. (1996) (Correct)
Intrusion Detection Systems (IDSs) attempt to identify unauthorized use, misuse, and abuse of computer systems. In response to the growth in the use and development of IDSs, we have developed a method... / A Methodology for Testing Intrusion Detection Systems Nicholas J. br Abstract Intrusion Detection Systems IDSs attempt to

25.5 A Secure and Reliable Bootstrap Architecture - Arbaugh, Farber, Smith (1997) (Correct)
In a computer system, the integrity of lower layers is treated as axiomatic by higher layers. Under the presumption that the hardware comprising the machine (the lowest layer) is valid, integrity of a... / such as Internet commerce intrusion detection systems and active br elements such as switches intrusion detection monitors or associated

25.5 Forward Integrity For Secure Audit Logs - Bellare, Yee (1997) (Correct)
In this paper, we define the forward integrity security property, motivate its appropriateness as a systems security requirement, and demonstrate designs that achieve this property. Applications inclu... / e.g.syslogd data for intrusion detection or accountability br detectable by basic intrusion detection auditing techniques. It

25.5 Principles of a Computer Immune System - Somayaji (1997) (Correct)
Natural immune systems provide a rich source of inspiration for computer security in the age of the Internet. Immune systems have many features that are desirable for the imperfect, uncontrolled, and ... / in purpose to traditional intrusion-detection systems although we br . D. E. Denning. An intrusion detection model. In IEEE

23.1 Storage Jamming - McDermott, Goldschlag (1996) (Correct)
this paper is to define storage jamming. We also discuss our work to date on possible defenses against it; in order to make the case that there are solutions. In the next section we discuss the nature... /

23.1 Towards a Model of Storage Jamming - McDermott, Goldschlag (1996) (Correct)
Storage jamming can degrade real-world activities that share stored data. Storage jamming is not prevented by access controls or cryptographic techniques. Verification to rule out storage jamming logi... / to the problem the various intrusion detection approaches will not work

23.1 Experiences with Tripwire: Using Integrity Checkers for Intrusion.. - Kim, Spafford (1995) (Correct)
Tripwire is an integrity checking program written for the UNIX environment that gives system administrators the ability to monitor file systems for added, deleted, and modified files. Intended to ai... / Using Integrity Checkers for Intrusion Detection Gene H. Kim and Eugene br files. Intended to aid intrusion detection Tripwire was officially

22.8 A Data Mining Framework for Adaptive Intrusion Detection - Lee, Stolfo, Mok (1998) (Correct)
In this paper we describe a data mining framework for constructing intrusion detection models. The key ideas are to mine system audit data for consistent and useful patterns of program and user behavi... / Framework for Adaptive Intrusion Detection Wenke Lee Salvatore br framework for constructing intrusion detection models. The key ideas are

22.8 Towards Distributed and Dynamic Network Management - Sahai, Morin (1998) (Correct)
In this paper we describe a distributed and dynamic architecture for network management of a heterogeneous distributed system which we have implemented in order to perform network management of our ... / changing problems like intrusion detection the management policies

21.2 Protecting Routing Infrastructures from Denial of Service Using.. - Cheung, Levitt (1997) (Correct)
We present a solution to the denial of service problem for routing infrastructures. When a network suffers from denial of service, packets cannot reach their destinations. Existing routing protocols a... / of Service Using Cooperative Intrusion Detection Steven Cheung br i.e.an expansive view of intrusion detection approach to protect

20.2 IDIOT - Users Guide. - Crosbie, Dole, Ellis, Krsul, Spafford (1996) (Correct)
This manual gives a detailed technical description of the IDIOT intrusion detection system from the COAST Laboratory at Purdue University. It is intended to help anyone who wishes to use, extend or te... / description of the IDIOT intrusion detection system from the COAST br with security issues and intrusion detection in particular is assumed.

20.2 A Taxonomy of Security Faults in the Unix Operating System - Aslam (1995) (Correct)
ix 0.1 An Overview of Software Testing Methods : : : : : : : : : : : : : : : 2 0.2 Provable Security and Formal Methods : : : : ... / audit analysis of systems intrusion detection and fault detection. We br that can be used by an intrusion detection system to detect intrusions

20.2 A Standard Audit Trail Format - Matt Bishop (1995) (Correct)
this paper, but as we claim the format is general enough for all purposes, this serves as one way to test our claim. The log records subject identifier, action performed, 2 security-relevant parameter... / Consider for example intrusion detection over a network. In this br network. In this scenario an intrusion detection system IDS monitors

19.7 Holding Intruders Accountable on the Internet - Staniford-Chen, Heberlein (1994) (Correct)
This paper addresses the problem of tracing intruders who obscure their identity by logging through a chain of multiple machines. After discussing previous approaches to this problem, we introduce thu... / After installation of an intrusion detection tool they detected br In the context of distributed intrusion detection systems such as DIDS

18.5 The TAMU Security Package: An Ongoing Response to Internet Intruders.. - David Safford (1993) (Correct)
Texas A&M University (TAMU) UNIX computers came under coordinated attack in August 1992 from an organized group of internet crackers. This package of security tools represents the results of over seve... / and netlog a set of intrusion detection network monitoring

CiteSeer - citeseer.org - Terms of Service - Privacy Policy - Copyright © 1997-2002 NEC Research Institute