This directory is created automatically and some papers may be mislabeled. Only document within the CiteSeer database are listed. The directory is intended to provide entry points for browsing the database and is not intended to be authoritative. Papers may not appear in all relevant categories. For example, papers in a sub-category may not appear in higher level categories.
4268.8 Meta-Learning in Distributed Data Mining Systems: Issues and.. - Prodromidis, Chan, al. (2000)(Correct)
Data mining systems aim to discover patterns and extract useful information from facts
recorded in databases. A widely adopted approach to this objective is to apply various machine
learning algorithm... / been successfully applied to intrusion detection in network-based systems br Chan. Agentbased fraud and intrusion detection in financial information
3813.7 A Quick Glance at Quantum Cryptography - Lomonaco, Jr. (1998)(Correct)
The recent application of the principles of quantum mechanics to
cryptography has led to a remarkable new dimension in secret communication.
As a result of these new developments, it is now possible t... / this impasse of intrusion detection. A proposed solution to br to determine all quantum intrusion detection algorithms in the open
3526.4 A Taxonomy of Security Faults in the Unix Operating System - Aslam (1995)(Correct)
ix
0.1 An Overview of Software Testing Methods : : : : : : : : : : : : : : : 2
0.2 Provable Security and Formal Methods : : : : ... / audit analysis of systems intrusion detection and fault detection. We br that can be used by an intrusion detection system to detect intrusions
3458.5 Classification And Detection Of Computer Intrusions - Kumar (1995)(Correct)
Some computer security breaches cannot be prevented using access and information flow control techniques. These breaches may be a consequence of system software bugs, hardware or software failures, in... / . What is Intrusion Detection br Premise and Limitations of Intrusion Detection .
3066.6 An Application of Pattern Matching in Intrusion Detection - Kumar, Spafford (1994)(Correct)
This report examines and classifies the characteristics of signatures used in misuse intrusion detection. Efficient algorithms to match patterns in some of these classes are described. A generalized m... / of Pattern Matching in Intrusion Detection Technical Report br of signatures used in misuse intrusion detection. Efficient algorithms to
2773.4 Effective and Efficient Pruning of Meta-Classifiers in a Distributed.. - Prodromidis, Stolfo (1999)(Correct)
Distributed data mining systems aim to discover and combine useful information that is
distributed across multiple databases. One of the main challenges is the design of effective
and efficient method... / research is supported by the Intrusion Detection Program BAA from br Chan. Agent-based fraud and intrusion detection in financial information
2748.1 An Immunological Model of Distributed Detection and Its Application.. - Hofmeyr (1999)(Correct)
This dissertation explores an immunological model of distributed detection, called negative detection,
and studies its performance in the domain of intrusion detection on computer networks. The goal o... / performance in the domain of intrusion detection on computer networks. The br model is applied to network intrusion detection. The system monitors TCP
2612.6 MAFTIA - reference Model and Use Cases - Cachin, Camenisch, Dacier, Deswarte, .. (2000)(Correct)
This document constitutes the first deliverable of MAFTIA
work package 1. The objective of this work package is to define a
consistent framework for ensuring the dependability of distributed
appl... / . Multinational Intrusion Detection Systems br Figure -Intrusion-detection and Tolerance Framework
2449.5 System Performance Advisor: An Expert System For Unix System.. - Hoogenboom (1992)(Correct)
The design of the System Performance Advisor (SPA) expert system is described.
The purpose of SPA is to assist a system administrator in system performance
management. Generally, system performance ma... / . . Intrusion Detection Expert System br that SPA uses. . . Intrusion Detection Expert System The
2436.1 Computer Vulnerability Analysis - Krsul (1997)(Correct)
Computer security professionals and researchers do not have a history of sharing and analyzing computer vulnerability information. Scientists and engineers from older or more established fields have l... / detection mechanisms the intrusion detection work done by Kumar et al. br in industry that market intrusion detection systems require
2400.0 Temporal Sequence Learning and Data Reduction for Anomaly Detection - Lane, Brodley (1998)(Correct)
ing with credit is permitted. To copy otherwise, to republish, to post on
servers, to redistribute to lists, or to use any component of this work in other works, requires prior
specific permission and... / firewalls and network-based intrusion detection systems Heberlein et al. br Additionally multi-sensor intrusion detection systems such as AAFID
2298.8 Error Recovery in Critical Infrastructure Systems - Knight, Elder, Du (1999)(Correct)
Critical infrastructure applications provide services upon which society depends heavily;
such applications require survivability in the face of faults that might cause a loss of service.
These applic... / and switch to aggressive intrusion detection. System-wide restart of
2264.1 A Secure Active Network Environment Architecture - Alexander (1998)(Correct)
Active Networks are a network infrastructure which is programmable on a per-user or even per-packet basis. Increasing the flexibility of such network infrastructures invites new security risks. Coping... / monitoring e.g.for intrusion detection and other tasks that has
2135.5 Authorship Analysis: Identifying The Author of a Program - Krsul (1996)(Correct)
In this paper we show that it is possible to identify the author of a piece of software by looking at stylistic characteristics of C source code. We also show that there exist a set of characteristics... / modules and real time intrusion detection systems can be enhanced to br process. . Real-time intrusion detection systems could be enhanced
1954.9 String Pattern Matching For A Deluge Survival Kit - Apostolico, Crochemore (2000)(Correct)
String Pattern Matching concerns itself with algorithmic and combinatorial issues related to matching and searching on linearly arranged sequences of symbols, arguably the simplest possible discrete s... / dynamics genome studies intrusion detection and countless other br Prediction to Data Mining Intrusion Detection and Security Protein and
1884.1 Hardening COTS Software with Generic Software Wrappers - Fraser, Badger, Feldman (1999)(Correct)
Numerous techniques exist to augment the security
functionality of Commercial Off-The-Shelf (COTS) applications
and operating systems, making them more
suitable for use in mission-critical systems. Al... / cause harm access control intrusion detection In some cases the br applications to support intrusion detection
1882.7 NetSTAT: A Network-based Intrusion Detection System - Vigna (1999)(Correct)
Network-based attacks are becoming more common and sophisticated. For this reason, intrusion detection
systems are now shifting their focus from the hosts and their operating systems to the network
it... / NetSTAT A Network-based Intrusion Detection System Giovanni Vigna br For this reason intrusion detection systems are now shifting
1859.9 Adaptive Knowledge-Based Monitoring for Information Assurance - Doyle, Kohane, Long, Szolovits(Correct)
Contents
1 Executive Summary 3
2 Innovative claims 4
3 Technical plan 9
3.1 Technical Approach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
3.1.1 A vision of the future . . . . . . ... / of knowledge about intrusion detection boundary policies and the br monitoring and some current intrusion detection technologies are based on
1851.1 Research in Intrusion-Detection Systems: A Survey - Axelsson (1998)(Correct)
There is currently need for an up-to-date and thorough survey of the research in the eld of computer and network intrusion detection. This paper presents such a survey, with a taxonomy of intrusion de... / Research in Intrusion-Detection Systems A Survey br eld of computer and network intrusion detection. This paper presents such
1847.1 A Methodology for Testing Intrusion Detection Systems - Puketza, Zhang, Chung, Mukherjee.. (1996)(Correct)
Intrusion Detection Systems (IDSs) attempt to identify unauthorized use, misuse,
and abuse of computer systems. In response to the growth in the use and development
of IDSs, we have developed a method... / A Methodology for Testing Intrusion Detection Systems Nicholas J. br Abstract Intrusion Detection Systems IDSs attempt to
1831.2 Intrusion Detection using Sequences of System Calls - Hofmeyr, Forrest, Somayaji (1998)(Correct)
this paper we are primarily concerned with determining empirically if the
discriminator is stable. Efficiency is a secondary consideration, and is addressed in this
paper to the extent that we analyze... / Intrusion Detection using Sequences of System br the use of tools such as Intrusion Detection Systems IDS The IDS
1820.2 Intrusion Detection Systems: A Survey and Taxonomy - Axelsson (2000)(Correct)
This paper presents a taxonomy of intrusion detection systems that is then used to survey and classify a number of research prototypes. The taxonomy consists of a classification first of the detection... / Intrusion Detection Systems A Survey and br paper presents a taxonomy of intrusion detection systems that is then used
1804.3 Interactive Security Assistance for End-User Supervision of Untrusted .. - Rasmusson (1996)(Correct)
The paper describes a method for end-users to confidently run untrusted
programs that are allowed to access private system resources.
The approach is to use a Personal Security Assistant to automatica... / work in Safe Languages and Intrusion Detection. By constraining the br Related work -Intrusion detection . What are
1734.3 A Data Mining Framework for Adaptive Intrusion Detection - Lee, Stolfo, Mok (1998)(Correct)
In this paper we describe a data mining framework for constructing intrusion detection models.
The key ideas are to mine system audit data for consistent and useful patterns of program and user
behavi... / Framework for Adaptive Intrusion Detection Wenke Lee Salvatore br framework for constructing intrusion detection models. The key ideas are
1733.6 Intrusion Detection: A Bibliography - Mé, Michel (2001)(Correct)
This document contains more than 600 references, dated from 1980 to 2001. We undoubtedly have forgotten some important citations, either through oversight or ignorance. Moreover, errors may remain in ... / Intrusion Detection A Bibliography Ludovic br references relating to intrusion detection. Intrusion detection is
1717.6 Cost Complexity-based Pruning of Ensemble Classifiers - Prodromidis, Stolfo (1999)(Correct)
In this paper we study methods that combine multiple classification models learned
over separate data sets in a distributed database setting. Numerous studies posit that
such approaches provide the me... / research is supported by the Intrusion Detection Program BAA from br such as e-commerce or intrusion detection systems. Memory
1666.2 Securing ATM Networks - Shaw-Cheng Chuang (1995)(Correct)
This is an interim report on the investigations into securing Asynchronous Transfer Mode
(ATM) networks. We look at the challenge in providing such a secure ATM network and
identify the important issu... / and auditing firewall and intrusion detection Byzantine robustness. br and auditing firewall and intrusion detection Byzantine robustness.
1629.3 Selecting Examples for Partial Memory Learning - Maloof, Michalski (2000)(Correct)
This paper describes a method for selecting training examples for a partial memory
learning system. The method selects extreme examples that lie at the boundaries of concept
descriptions and uses th... / problem and a computer intrusion detection problem. Experimental br and computer intrusion detection Maloof Michalski
1587.4 Research on Techniques and Tools for Computer Security: The COAST.. - Spafford(Correct)
The goal of the COAST project is to establish a long-term research program exploringnew approaches
to computer security and computer system management. The principal focus will be on techniques and
to... / systems statistical intrusion detection systems and communications br for virus protection intrusion detection and change management. One
1585.6 Architecture for an Artificial Immune System - Hofmeyr, Forrest (2000)(Correct)
An artificial immune system (ARTIS) is described which incorporates many properties of
natural immune systems, including diversity, distributed computation, error tolerance, dynamic
learning and ada... / in the form of a network intrusion detection system called LISYS. LISYS br and implemented LISYS an intrusion detection system that monitors
1578.3 An Update on the BMA Security Policy - Anderson (1996)(Correct)
In this article, we attempt to step back from the current dispute between the BMA and the government and describe it as a whole. We give a brief account of the origins and development of the BMA secur... / have very strong auditing and intrusion detection systems a deterrent that br and credible . As an intrusion detection mechanism Simmons
1572.4 A Partial Memory Incremental Learning Methodology and its Application .. - Marcus Maloof(Correct)
This paper discusses work in progress and introduces a partial memory incremental
learning methodology. The incremental learning architecture uses hypotheses induced from
training examples to determin... / Its Application To Computer Intrusion Detection Marcus A. Maloof and br its Application to Computer Intrusion Detection Marcus A. Maloof and
1570.1 Automated Discovery of Concise Predictive Rules for Intrusion.. - Helmer, Wong, Honavar, Miller (1999)(Correct)
We examine the effectiveness of rule learning to detect intrusions against privileged programs, using a
feature vector representation to describe the system calls executed by each process. We then use... / Concise Predictive Rules for Intrusion Detection Guy Helmer Johnny br used in one component of our intrusion detection system which implements a
1566.4 Access Control: The Neglected Frontier - Sandhu (1996)(Correct)
Access control is an indispensable security technology. However, it has been relatively neglected by the research community. Over the past ten years, the doctrine of mandatory and discretionary acce... / control authentication intrusion detection and recovery risk analysis
1542.4 Adaptability Using Reflection - Sonntag, Härtig, Kowalski.. (1994)(Correct)
Adaptability, i.e. the ability of a system to adapt dynamically
to changes in its execution environment, is
considered as an important property of computer systems.
Scaling directory replication in na... / employed in some systems for intrusion detection. The detection of suspect
1541.7 A Data Mining Framework for Constructing Features and Models for.. - Lee (1999)(Correct)
Intrusion detection is an essential component of critical infrastructure protection mechanisms. The traditional pure "knowledge engineering" process of building Intrusion Detection Systems (IDSs) is v... / Features and Models for Intrusion Detection Systems Wenke Lee
1514.4 Rewriting Histories: Recovering from Malicious Transactions - Liu, Ammann, Jajodia (1999)(Correct)
We consider recovery from malicious but committed transactions.
Traditional recovery mechanisms do not address this problem, except
for complete rollbacks, which undo the work of good transactions a... / where the capacity of intrusion detection techniques is limited. In br class. As the techniques of intrusion detection are advanced the latency
1493.1 Rule-Based Query Optimization, Revisited - Lane Warshaw (1999)(Correct)
We present the architecture and a performance assessment of an extensible query optimizer written in Venus. Venus is a
general-purpose active-database rule language embedded in C++. Following the deve... / heterogeneous databases and intrusion detection on military networks
1486.3 Applying Mobile Agents to Intrusion Detection and Response - Jansen, Mell, Karygiannis, Marks (1999)(Correct)
Interfaces ..................................................................................... 21
4.2.4. Knowledge Sharing............................................................................... / Applying Mobile Agents to Intrusion Detection and Response Wayne br . . . Autonomous Agents for Intrusion Detection
1474.0 Data Mining Approaches for Intrusion Detection - Lee, Stolfo (1998)(Correct)
In this paper we discuss our research in developing general and systematic methods for intrusion detection. The key ideas are to use data mining techniques to discover consistent and useful patterns o... / Data Mining Approaches for Intrusion Detection Wenke Lee Salvatore br and systematic methods for intrusion detection. The key ideas are to use
1466.6 Use of A Taxonomy of Security Faults - Aslam, Krsul, Spafford (1996)(Correct)
Security in computer systems is important so as to
ensure reliable operation and to protect the integrity
of stored information. Faults in the implementation
of critical components can be exploited to... / audit analysis of systems intrusion detection and fault detection. We br in the development of intrusion detection patterns for the COAST
1462.1 Algorithms For Mining System Audit Data - Lee, Stolfo, Mok (1999)(Correct)
We describe our research in applying data mining techniques to
construct intrusion detection models. The key ideas are to mine system audit
data for consistent and useful patterns of program and use... / techniques to construct intrusion detection models. The key ideas are br holes Bel GM Intrusion detection is therefore needed as
1461.0 Defending Against Denial of Service Attacks in Scout - Spatscheck, Peterson (1999)(Correct)
We describe a two-dimensional architecture for defending against denial of service attacks. In one dimension, the architecture accounts for all resources consumed by each I/O path in the system; this ... / could be rated by an intrusion detection system with resources
1403.2 Artificial Immune Systems: Part II - A Survey Of Applications - de Castro, Von Zuben (2000)(Correct)
this report (De Castro & Von Zuben, 1999) is intended to present the basic theory and concepts necessary for the development of immune-based systems. It brings an instructive introduction to the mamma... / immune system for network intrusion detection. br of the proposed multi-agent intrusion detection system.
1394.6 Précis: Research on Techniques and Tools for Computer.. - Spafford (1998)(Correct)
The goal of the COAST project is to establish a long-term research program exploringing new approaches
to computer security and computer system management in a first-class educational environment.
The... / covert channels statistical intrusion detection systems and communications br for virus protection intrusion detection and change management. One
1391.4 Adaptive Fraud Detection - Fawcett, Foster (1997)(Correct)
One method for detecting fraud is to check for suspicious changes in user behavior. This paper describes the automatic design of user profiling methods for the purpose of fraud detection, using a se... / constructive induction intrusion detection applications . br detection is related to intrusion detection a field of computer
1354.1 Cost-based Modeling for Fraud and Intrusion Detection: Results from.. - Stolfo, Fan, Lee(Correct)
In this paper we describe the results achieved using the
JAM distributed data mining system for the real world problem
of fraud detection in financial information systems. For
this domain we provide c... / Modeling for Fraud and Intrusion Detection Results from the JAM br to the important area of Intrusion Detection in networked information
1349.8 Practical Defenses Against Storage Jamming - McDermott, Froscher (1997)(Correct)
detection objects satisfy two properties
1. Indistinguishability: To any jamming process, a detection object is indistinguishable from a
storage object.
2. Sensitivity: The only authentic process that... / attacks can also avoid intrusion detection. For this reason these br and may not be possible. Intrusion detection techniques cannot be
1339.5 An Efficient Message Authentication Scheme for Link State Routing - Cheung (1997)(Correct)
We study methods for reducing the cost of secure link
state routing. In secure link state routing, routers may need
to verify the authenticity of many routing updates, and some
routers such as border ... / approach which is intrusion detection e.g. br Wu et al. proposed an intrusion detection approach to secure link
1331.6 BPF+: Exploiting Global Data-flow Optimization in a Generalized.. - Begel, McCanne, Graham (1999)(Correct)
A packet filter is a programmable selection criterion for classifying
or selecting packets from a packet stream in a generic, reusable
fashion. Previous work on packet filters falls roughly into two c... / like network monitoring and intrusion detection however require both br firewall filtering and intrusion detection The earliest
1321.5 A Data Mining Framework for Building Intrusion Detection Models - Lee, Stolfo, Mok (1999)(Correct)
There is often the need to update an installed Intrusion Detection System (IDS) due to new attack methods
or upgraded computing environments. Since many current IDSs are constructed by manual encoding... / Mining Framework for Building Intrusion Detection Models Wenke Lee br need to update an installed Intrusion Detection System IDS due to new
1320.9 Checking for Race Conditions in File Accesses - Bishop, Dilger (1996)(Correct)
We develop a theory of vulnerabilities and their signatures, and use this theory to categorize race
conditions that occur when processes interact with files in the UNIX operating system and that
prese... / of attacks in the context of intrusion detection in this context br a very different twist in intrusion detection. Characterizing
1287.5 Abstraction-Based Misuse Detection: High-Level Specifications and.. - Lin, Wang, Jajodia (1998)(Correct)
ion-Based Misuse Detection:
High-Level Specifications and Adaptable Strategies
Jia-Ling Lin, X. Sean Wang, Sushil Jajodia
Center for Secure Information Systems
George Mason University, Fairfax, VA 220... / are made to the file. The intrusion detection system instead of the br common problem with existing intrusion detection systems is that the
1286.7 Intelligence without Robots (A Reply to Brooks) - Etzioni (1993)(Correct)
In his recent papers, entitled "Intelligence without Representation and "Intelligence without
Reason," Brooks argues for studying complete agents in real-world environments and for
mobile robots as th... / tasks e.g.around-the-clock intrusion detection In short softbots
1249.8 A Pattern Matching Model for Misuse Intrusion Detection - Kumar, Spafford (1994)(Correct)
This paper describes a generic model of matching that can be usefully applied to misuse intrusion detection. The model is based on Colored Petri Nets. Guards define the context in which signatures are... / Matching Model For Misuse Intrusion Detection Sandeep Kumar Eugene br Keywords intrusion detection misuse anomaly.
1245.8 A Method for Partial-Memory Incremental Learning and its Application.. - Marcus Maloof (1995)(Correct)
This paper describes a partial-memory incremental
learning method based on the AQ15c inductive learning
system. The method maintains a representative set of
past training examples that are used togeth... / its Application to Computer Intrusion Detection Marcus A. Maloof Ryszard br to the problem of computer intrusion detection in which symbolic profiles
1217.3 Practical Network Security: Experiences with ntop - Deri, Suin (2000)(Correct)
This paper shows how ntop can also be unknown
Practical Network Security: Experiences with ntop
Luca Deri
and Stefano Suin
2
1
Finsiel S.p.A., Via Matteucci 34/b, 56124 Pisa. Email l.deri@finsi... / monitoring network security intrusion detection TCP IP. . Introduction br it into a sophisticated intrusion detection system The goal of
1213.8 Detecting Intrusions in Security Protocols - Yasinsac (2000)(Correct)
Secure electronic communication relies on the application of cryptography. However, even with perfect encryption, communication may be compromised without effective security protocols for key exchange... / method is based on classic intrusion detection techniques of br protocol verification and intrusion detection. The following sections
1203.2 PNrule: A New Framework for Learning Classifier Models in Data Mining .. - Agarwal, Joshi (2000)(Correct)
We have developed a new solution framework for the multi-class classification problem in data mining.
The method is especially applicable in situations where different classes have widely different d... / A Case-Study in Network Intrusion Detection Ramesh Agarwal br the technique to the Network Intrusion Detection Problem KDD-CUP' Our
1201.7 The Use of Information Retrieval Techniques for Intrusion Detection - Anderson, Khattak (1997)(Correct)
Intrusion detection is a broad problem, and we need a greater range of tools than is currently available. In this article, we report a new approach. We have applied information retrieval techniques to... / Retrieval Techniques for Intrusion Detection Ross Anderson Abida br th June Abstract. Intrusion detection is a broad problem and we
1193.7 Artificial Intelligence and Intrusion Detection: Current and Future.. - Frank (1994)(Correct)
Intrusion Detection systems (IDSs) have previously been built by hand. These systems have difficulty successfully classifying intruders, and require a significant amount of computational overhead maki... / Artificial Intelligence and Intrusion Detection Current and Future br June Abstract Intrusion Detection systems IDSs have
1182.8 Observations on Information Security Crisis - Jussipekka Leiwo Jussi(Correct)
Despite a wide body of academic knowledge of secure information systems,
application software, communication protocols and cryptographic primitives remain
insecure. This is especially alarming in the ... / there is also a need for intrusion detection to strengthen the security. br to strengthen the security. Intrusion detection is a valuable tool for
1180.0 Sleepy Network-Layer Authentication Service for IPSEC - Shyhtsun Wu (1996)(Correct)
Network-layer authentication security services are typically
pessimistic and static. A conservative IP security gateway checks/verifies
the authentication information for every packet it forwards. T... / security mechanism or an intrusion detection module to protect the br When no application or intrusion detection system complains about
1178.9 A Software Architecture to support Misuse Intrusion Detection. - Kumar, Spafford (1995)(Correct)
Misuse Intrusion Detection has traditionally been understood in the literature as the detection of specific, precisely representable techniques of computer system abuse. Pattern matching is well dispo... / to support Misuse Intrusion Detection. Technical Report br Abstract Misuse Intrusion Detection has traditionally been
1174.4 Goal-Oriented Auditing and Logging - Bishop, Wee, Frank (1996)(Correct)
This paper presents a technique for deriving audit requirements from security
policy, with examples for informal specifications. Augmenting these
requirements with a system model allows an analyst to ... / being monitored were chosen. Intrusion detection mechanisms that focus on
1155.9 Internet Service Delivery Control with Mobile Code - Günter, Braun(Correct)
The trend towards value-added Internet services causes network providers
to deploy new network based quality-of-service and security services. Today,
however, the customer has only limited means of ... / BGP and network intrusion detection JMKM On the network br Applying mobile agents to intrusion detection and response. Technical
1151.9 Protecting Routing Infrastructures from Denial of Service Using.. - Cheung, Levitt (1997)(Correct)
We present a solution to the denial of service problem
for routing infrastructures. When a network
suffers from denial of service, packets cannot reach
their destinations. Existing routing protocols a... / of Service Using Cooperative Intrusion Detection Steven Cheung br i.e.an expansive view of intrusion detection approach to protect
1147.5 Learning Program Behavior Profiles for Intrusion Detection - Ghosh, Schwartzbard, Schatz (1999)(Correct)
Profiling the behavior of programs can be a useful
reference for detecting potential intrusions against
systems. This paper presents three anomaly detection
techniques for profiling program behavior t... / Program Behavior Profiles for Intrusion Detection Anup K. Ghosh Aaron br attacks against systems intrusion detection systems must be able to
1125.9 Bro: A System for Detecting Network Intruders in Real-Time - Paxson (1998)(Correct)
We describe Bro, a stand-alone system for detecting network
intruders in real-time by passively monitoring a network
link over which the intruder's traffic transits. We give
an overview of the system'... / attacks is termed network intrusion detection a relatively new area of br the Bro language. Because intrusion detection can form a cornerstone of
1117.4 Artificial Neural Networks for Misuse Detection - Cannady (1998)(Correct)
Misuse detection is the process of attempting to identify instances of network attacks by comparing current activity against the expected actions of an intruder. Most current approaches to misuse dete... / this approach. Keywords Intrusion detection misuse detection neural br area are discussed. . Intrusion Detection Systems . . Background
1079.7 Audio-Visual Person Verification - Ben-Yacoub, Lüttin, al. (1998)(Correct)
In this paper we investigate benefits of classifier combination (fusion) for a multimodal
system for personal identity verification. The system uses frontal face images and speech. We
show that a so... / buildings surveillance and intrusion detection. In person identity
1066.7 Using Context-Based Correlation in Network Operations and Management - Perrochon(Correct)
Network operation consists to a large degree of reaction to activities happening in
the network. Better knowledge of the network at any time allows more appropriate
reactions. On the example of intrus... / reactions. On the example of intrusion detection we show how context-based br concept of causal context to intrusion detection. The correlator is able to
1064.9 Sleepy Security Management with Proxy-Based Filtering - Wu(Correct)
We consider the problem of performance versus security in the proposed Internet Security architecture
[Atk95]. Previously, we proposed a network-layersecurity protocol, SSGP[Wu96b], on top of IPSEC
to... / security mechanism or an intrusion detection module to deal with the br it will depend on a separate intrusion detection system Den to protect
1038.9 JAM: Java Agents for Meta-Learning over Distributed Databases - Stolfo, Tselepis, Lee, Fan (1997)(Correct)
In this paper, we describe the JAM system, a distributed, scalable and portable agent-based data mining system that employs a general approach to scaling data mining applications that we call meta-lea... / applications is fraud and intrusion detection in financial information br machine learning fraud and intrusion detection financial information
1035.2 Mobile Agents In Intrusion Detection And Response - Jansen, Mell, Karygiannis, Marks (2000)(Correct)
Effective intrusion detection capability is an elusive goal, not solved easily or with a single mechanism.
However, mobile software agents go a long way toward realizing the ideal behavior desired in ... / Mobile Agents In Intrusion Detection And Response W. br Abstract Effective intrusion detection capability is an elusive
1030.7 DATABASE RESEARCH at Columbia University - Chang, Gravano, Kaiser, Ross, Stolfo(Correct)
this report,
we describe the Columbia Fast Query Project (Section
2), the JAM project (Section 3), the CARDGIS
project (Section 4), the Columbia Internet Information
Searching Project (Section 5), the... / to detect fraud and provide intrusion detection services within a single br Mining audit data to build intrusion detection models. In KDD .
1027.0 A Taxonomy of UNIX System and Network Vulnerabilities - Bishop (1995)(Correct)
Ambrose Bierce defined ``history'' as ``a record of mistakes made in the past, so we shall know when we make them again.'' Although sardonic, his definition describes the state of affairs of computer ... / The second was the advent of intrusion detection systems first proposed in br against systems and the intrusion detection mechanisms would look for
1012.0 DEMIDS: A Misuse Detection System for Database Systems - Chung, Gertz, Levitt (1999)(Correct)
Despite the necessity of protecting information stored in database systems (DBS),
existing security models are insufficient to prevent misuse, especially insider abuse by
legitimate users. Further, co... / abuse and intrusion. Intrusion Detection System IDS is often used br Data mining approaches for intrusion detection. In Proceedings of the
1002.2 An Agent-based Architecture for Supporting Application Aware Security - Campbell, al. (1997)(Correct)
required for mobile computing, to allow the frequent
migration of computers in and out of security enclaves, and wide-area collaboration, to create
dynamic sessions that stretch across organizational ... / of active auditing and intrusion detection facilities into the br framework capable of intrusion detection and response. ffl Item
1000.5 A Secure and Reliable Bootstrap Architecture - Arbaugh, Farber, Smith (1997)(Correct)
In a computer system, the integrity of lower layers is
treated as axiomatic by higher layers. Under the presumption
that the hardware comprising the machine
(the lowest layer) is valid, integrity of a... / such as Internet commerce intrusion detection systems and active br elements such as switches intrusion detection monitors or associated
995.5 Model-Based Vulnerability Analysis of Computer Systems - Cram (1998)(Correct)
Vulnerability analysis is concerned with the problem of identifying weaknesses in computer systems that can be exploited to compromise their security. Most vulnerabilities arise from unexpected intera... / Vulnerability analysis intrusion detection network security computer br vulnerability analysis and intrusion detection techniques which detect
976.7 Security Policy Specification Using a Graphical Approach - Hoagland, Pandey, Levitt (1998)(Correct)
this paper. 1. We use "system" generally here. It can be almost anything on a computer that contains some sort of entities and can be interacted with or can be seen as executing. Some examples are: a ... / or after the fact with an intrusion detection system and other br by an application such as an intrusion detection system that would scan over
976.2 A Framework for Constructing Features and Models for Intrusion.. - Lee, Stolfo (2000)(Correct)
This paper describes a novel framework, MADAM ID, for Mining Audit Data for
Automated Models for Intrusion Detection. This framework uses data mining algorithms to compute
activity patterns from syste... / Features and Models for Intrusion Detection Systems Wenke Lee North br Stolfo Columbia University Intrusion detection ID is an important
966.4 Continuous Assessment of a Unix Configuration: Integrating Intrusion.. - Mounji, Le Charlier (1996)(Correct)
Computer security is a topic of growing concern because,
on the one hand, the power of computers continues to increase
at exponential speed and all computers are virtually
connected to each other and ... / Configuration Integrating Intrusion Detection and Configuration Analysis br In this paper we extend our intrusion detection system ASAX with a
944.8 The Technical Cooperation Program -.. (1997)(Correct)
This report was drafted at the first meeting of STP-11, Secure Information Systems, held at
DERA Malvern, United Kingdom, April 21-25, 1997. The following STP-11 members
contributed to the report:
Dr.... / domain and coordination of intrusion detection systems should be pursued. br . Intrusion Detection
943.6 Detecting Computer and Network Misuse Through the Production-Based.. - Lindqvist, Porras (1999)(Correct)
This paper describes an expert system development toolset
called the Production-Based Expert System Toolset
(P-BEST) and how it is employed in the development of a
modern generic signature-analysis en... / of P-BEST have been used in intrusion detection research and in the br some of the most wellknown intrusion detection systems but this is the
931.1 Mining Frequent Itemsets Using Support Constraints - Wang, He, Han (2000)(Correct)
Interesting patterns often occur at varied levels
of support. The classic association mining
based on a uniform minimum support, such
as Apriori, either misses interesting patterns
of low support ... / frequent itemsets to build intrusion detection models LSM to con- br Mining audit data to build intrusion detection models. KDD -
929.5 John Holland's Invisible Hand: An Artificial Immune System - Forrest, Hofmeyr (1999)(Correct)
We describe an artificial immune system (AIS)
that is distributed, robust, dynamic, diverse and
adaptive. It captures many features of the vertebrate
immune system and places them in the
context o... / detection host-based intrusion detection and network security br the computational cost of intrusion detection. Such distribution will
899.7 Model-Based Analysis of Configuration Vulnerabilities - Ramakrishnan, Sekar (2000)(Correct)
Vulnerability analysis is concerned with the problem of identifying weaknesses in computer systems that can
be exploited to compromise their security. In this paper we describe a new approach to vuln... / patterns for misuse intrusion detection. When vulnerabilities are br vulnerable systems is misuse intrusion detection where system use is
897.1 Simulating Concurrent Intrusions for Testing Intrusion Detection.. - Mandy Chung (1995)(Correct)
For testing Intrusion Detection Systems (IDS), it is essential
that we be able to simulate intrusions in different forms
(both sequential and parallelized) in order to comprehensively
test and evaluat... / Intrusions for Testing Intrusion Detection Systems Parallelizing br Abstract For testing Intrusion Detection Systems IDS it is
897.0 Storage Jamming - McDermott, Goldschlag (1996)(Correct)
this paper is to define storage jamming. We also discuss our work to date on
possible defenses against it; in order to make the case that there are solutions. In the next section
we discuss the nature... /
896.8 Detecting Intrusions Using System Calls: Alternative Data Models - Christina Warrender (1999)(Correct)
Intrusion detection systems rely on a wide variety of observable
data to distinguish between legitimate and illegitimate
activities. In this paper we study one such observable---
sequences of system c... / Abstract Intrusion detection systems rely on a wide br others introduced a simple intrusion detection method based on monitoring
894.6 Forward Integrity For Secure Audit Logs - Bellare, Yee (1997)(Correct)
In this paper, we define the forward integrity security property, motivate its appropriateness
as a systems security requirement, and demonstrate designs that achieve this property. Applications
inclu... / e.g.syslogd data for intrusion detection or accountability br detectable by basic intrusion detection auditing techniques. It
893.6 Detecting Anomalous and Unknown Intrusions Against Programs - Ghosh, Wanken, Charron (1998)(Correct)
The ubiquity of the Internet connection to desktops
has been both boon to business as well as cause
for concern for the security of digital assets that
may be unknowingly exposed. Firewalls have been
... / has been boon to commercial intrusion detection tools. Two general br has led to the growth of the intrusion detection software industry.
892.8 A Graph-based Language for Specifying Security Policies - Hoagland, Pandey, Levitt(Correct)
A security policy states the acceptable actions of an information system,
as the actions bear on security. There is a pressing need for organizations
to declare their security policies, even informal
... / by an application such as an intrusion detection system that scans over an
885.7 Security in Clinical Information Systems - Dr Ross Anderson (1996)(Correct)
this document deals only with the clinical aspects of information security,
and not with associated business aspects such as the commercial confidentiality
of purchaser and provider contract data. and... / than the postal service intrusion detection systems can log accesses
871.3 Active Protection of Trusted Security Services - Yasinsac(Correct)
Secure electronic communication relies on the application of cryptography. Recently, there has been an explosion in the growth of Public Key Infrastructure technology, where centralized or partially c... / based on techniques proven in intrusion detection research and products and br of the Internet. Conversely Intrusion Detection System IDS research has
860.1 Intrusion Detection via Static Analysis - Wagner, Dean (2001)(Correct)
One of the primary challenges in intrusion detection is
modelling typical application behavior, so that we can recognize
attacks by their atypical effects without raising too
many false alarms. We sho... / Intrusion Detection via Static Analysis David br of the primary challenges in intrusion detection is modelling typical
841.6 Resource Management in Software Programmable Router Operating Systems - Yau, Chen(Correct)
Future routers will not only forward data packets, but also provide value-added services such as security, accounting, caching and resource management. These services can be implemented as general pro... / as copyright management and intrusion detection protect legal properties
840.6 Multisensor Data Fusion for Next Generation Distributed Intrusion.. - Bass (1999)(Correct)
Next generation cyberspace intrusion detection systems will fuse data from heterogeneous distributed network sensors to create cyberspace situational awareness. This paper provides a few first steps t... / Next Generation Distributed Intrusion Detection Systems Tim Bass Silk br Next generation cyberspace intrusion detection systems will fuse data
829.8 A Sense of Self for Unix Processes - Forrest, Hofmeyr, Somayaji, Longstaff (1996)(Correct)
A method for anomaly detection is introduced in which
"normal" is defined by short-range correlations in a process
' system calls. Initial experiments suggest that the definition
is stable during norm... / most prior published work on intrusion detection has relied on either a much br are two basic approaches to intrusion detection misuse intrusion
828.0 Intelligent Agents for Intrusion Detection - Helmer, Wong, Honavar, Miller (1998)(Correct)
This paper focuses on intrusion detection and
countermeasures with respect to widely-used
operating systems and networks. The design and
architecture of an intrusion detection system built
from distri... / Intelligent Agents for Intrusion Detection Guy G. Helmer br This paper focuses on intrusion detection and countermeasures with
820.9 AQ-PM: A System for Partial Memory Learning - Marcus Maloof(Correct)
This paper describes AQ-PM, a system for partial memory learning,
which determines and memorizes representative concept examples, and then uses
them with new training examples to induce new concept ... / and to a computer intrusion detection problem Maloof br of computing behavior for intrusion detection Maloof Michalski
814.3 Intrusion Confinement by Isolation in Information Systems - Liu, Jajodia, McCollum(Correct)
System protection mechanisms such as access controls can be fooled by authorized but
malicious users, masqueraders, and misfeasors. Intrusion detection techniques are therefore used
to supplement th... / masqueraders and misfeasors. Intrusion detection techniques are therefore br caused by intrusions during intrusion detection is referred to as
800.9 Run-Time Security Evaluation (RTSE) for Distributed Applications - Serban, McMillin (1996)(Correct)
Formal security specifications for a distributed application
can be checked for compliance at run-time using
executable security assertions. We propose the RunTime
Security Evaluation (RTSE) method wh... / By contrast except for intrusion detection the behavior of the br those usually employed for intrusion detection as it covers hardware and
796.8 Prospectives for Modelling Trust in Information Security - Jøsang (1997)(Correct)
This paper describes trust in information security as a subjective
human belief. On this background, four formal models for trust
which have been proposed in the recent years are analysed with the p... / security incidents and intrusion detection. All these and possibly
783.2 Fault Tolerance in Critical Information Systems - Elder (2001)(Correct)
Critical infrastructure applications provide services upon which society depends heavily;
such applications require constant, dependable operation in the face of various failures,
natural disasters, a... / Figure Money-center bank intrusion detection alarm on event br Experiment Branch bank intrusion detection alarms
777.5 Detecting the Abnormal: Machine Learning in Computer Security - Lane, Brodley (1997)(Correct)
Two problems of importance in computer security are to 1) detect the presence of an intruder masquerading as the valid user and 2) detect the perpetration of abusive actions on the part of an otherwis... / security is that of intrusion detection Anderson br Denning D. E. An intrusion-detection model. IEEE Transactions
774.2 Automated Detection of Vulnerabilities in Privileged Programs by.. - Ko, Fink, Levitt (1994)(Correct)
We present a method for detecting exploitations of vulnerabilities
in privileged programs by monitoring their execution
using audit trials, where the monitoring is with
respect to specifications of th... / Our work is motivated by the intrusion detection paradigm but is an attempt br Our approach is a variant of intrusion detection wherein audit trails
773.9 STATL: An Attack Language for State-based Intrusion Detection - Eckmann, Vigna, Kemmerer (2000)(Correct)
STATL is an extensible state/transition-based attack description language designed to support intrusion detection.
The language allows one to describe computer penetrations as sequences of actions th... / Language for State-based Intrusion Detection Steven T. Eckmann br language designed to support intrusion detection. The language allows one
767.7 An Algorithm for Estimating all Matches Between Two Strings - Atallah, Chyzak, Dumas(Correct)
We give a randomized algorithm for estimating the score vector of matches between a text
string of length N and a pattern string of length M ; this is the vector obtained when the
pattern is slid alon... / many applications including intrusion detection in a computer system br A Pattern-Matching Model for Intrusion Detection Proceedings of the
767.4 Mining in a Data-flow Environment: Experience in Network Intrusion.. - Lee, Stolfo, Mok (1999)(Correct)
In this paper we discuss the KDD process in "data-flow" environments, where unstructured and
time dependent data can be processed into various levels of structured and semantically-rich forms
for anal... / Experience in Network Intrusion Detection Wenke Lee Salvatore br analysis tasks. Using network intrusion detection as a concrete application
765.6 Contributions to Electronic Commerce: what law enforcement and.. - Rgec(Correct)
This report takes up where the Electronic Commerce Task Force (ECTF) unknown Contributions to
Electronic
Commerce: what
law enforcement
and revenue
agencies can do.
rgec
Commonwealth of Australia 1... / securely. CIDF Common Intrusion Detection Framework. A set of br communication between intrusion detection tools. CIDR Classless
764.1 Towards a Model of Storage Jamming - McDermott, Goldschlag (1996)(Correct)
Storage jamming can degrade real-world activities that share stored data. Storage jamming is not prevented by access controls or cryptographic techniques. Verification to rule out storage jamming logi... / to the problem the various intrusion detection approaches will not work
760.6 Inspect: a Lightweight Distributed Approach to Automated Audit Trail.. - Vigna(Correct)
Security is a key issue in the design and implementation of complex information
systems. Security mechanisms and policies have to be deployed
and then continuously maintained, monitored and audited.... / such tools with real-time intrusion detection capabilities. This paper br which aims at real-time intrusion detection. Inspect tries to emulate
760.2 Sequence Matching and Learning in Anomaly Detection for Computer.. - Lane, Brodley (1997)(Correct)
Two problems of importance in computer security are
to 1) detect the presence of an intruder masquerading
as the valid user and 2) detect the perpetration of
abusive actions on the part of an otherwis... / security is that of intrusion detection. The goal is to detect br many possible approaches to intrusion detection one that has received
758.0 Insertion, Evasion, and Denial of Service: Eluding Network Intrusion.. - Ptacek, Newsham (1998)(Correct)
All currently available network intrusion detection (ID) systems rely
upon a mechanism of data collection---passive protocol analysis---which
is fundamentally flawed. In passive protocol analysis, t... / of Service Eluding Network Intrusion Detection Thomas H. Ptacek br currently available network intrusion detection ID systems rely upon a
756.1 Detecting Intruders in Computer Systems - Lunt (1993)(Correct)
Although a computer system's primary defense is its access controls, computer
system access controls cannot be relied upon in most cases to safeguard against a
penetration or insider attack. Even the ... / is developing a real-time intrusion-detection expert system NIDES br related to building and using intrusion detection systems. The third part of
754.8 Using Program Behavior Profiles for Intrusion Detection - Ghosh, Schwartzbard, Schatz (1999)(Correct)
Intrusion detection and response has traditionally been performed at the network and host levels. That is, intrusion monitors will typically analyze network packet logs or host machine audit logs for ... / Program Behavior Profiles for Intrusion Detection Anup K. Ghosh Aaron br www.rstcorp.com Abstract Intrusion detection and response has
753.4 Mining Audit Data to Build Intrusion Detection Models - Lee, Stolfo, Mok (1998)(Correct)
In this paper we discuss a data mining framework for constructing intrusion detection models. The key ideas are to mine system audit data for consistent and useful patterns of program and user behavio... / Mining Audit Data to Build Intrusion Detection Models Wenke Lee and br framework for constructing intrusion detection models. The key ideas are
738.6 Doing intrusion detection using embedded sensors - Zamboni (2000)(Correct)
Intrusion detection systems have usually been developed using large host-based components. These components impose an extra load on the system where they run (sometimes even requiring a dedicated syst... / Doing intrusion detection using embedded sensors br Abstract Intrusion detection systems have usually been
736.9 Transport and Application Protocol Scrubbing - Robert Malan David (2000)(Correct)
This paper describes the design and implementation of a protocol
scrubber, a transparent interposition mechanism for explicitly removing
network attacks at both the transport and application protocol ... / passive network-based intrusion detection systems whereas the br active network-based intrusion detection systems. The transport
733.7 Principles of a Computer Immune System - Somayaji (1997)(Correct)
Natural immune systems provide a rich source of inspiration for computer security in the age of the Internet. Immune systems have many features that are desirable for the imperfect, uncontrolled, and ... / in purpose to traditional intrusion-detection systems although we br . D. E. Denning. An intrusion detection model. In IEEE
728.8 Writing, Supporting, and Evaluating Tripwire: A Publically Available.. - Kim, Spafford (1994)(Correct)
Tripwire is an integrity checking program written for the Unix environment that gives system
administrators the ability to monitor file systems for added, deleted, and modified files. First
released i... / intended to be used for intrusion detection and its design and br be used for the purposes of intrusion detection and recovery. Changed files
710.0 Distributed Tracing of Intruders - Staniford-Chen (1995)(Correct)
Unwelcome intrusions into computer systems are being perpetrated by strangers,
and the number of such incidents is rising steadily. One of the things that facilitates
this malfeasance is that computer... / After installation of an intrusion detection tool they detected br . DIDS The Distributed Intrusion Detection System DIDS was initially
709.5 Experiences with Tripwire: Using Integrity Checkers for Intrusion.. - Kim, Spafford (1994)(Correct)
Tripwire is an integrity checking program written for
the UNIX environment. It gives system administrators
the ability to monitor file systems for added,
deleted, and modified files. Intended to aid i... / Using Integrity Checkers for Intrusion Detection Purdue Technical br files. Intended to aid intrusion detection Tripwire was officially
703.9 Distributed Data Mining: The JAM System Architecture - Prodromidis, Stolfo, Tselepis..(Correct)
This paper describes the system architecture of JAM (Java Agents for Meta-learning), a distributed data mining system that scales up to large and physically separated data sets. An early version of th... / applications is fraud and intrusion detection in nancial information br research was supported by the Intrusion Detection Program BAA from
703.7 Intrusion Detection in Wireless Ad-Hoc Networks - Zhang, Lee (2000)(Correct)
As the recent denial-of-service attacks on several major Internet
sites have shown us, no open computer network is
immune from intrusions. The wireless ad-hoc network is
particularly vulnerable due to... / Intrusion Detection in Wireless Ad-Hoc Networks br line of defense. Many of the intrusion detection techniques developed on a
697.4 A Distributed Concurrent Intrusion Detection Scheme Based On.. - Upadhyaya, Kwiat (1999)(Correct)
This paper presents a new technique for intrusion detection based on concurrent monitoring of user operations. In this scheme, prior to starting a session on a computer, an auxiliary process called wa... / A Distributed Concurrent Intrusion Detection Scheme Based On Assertions br information assurance intrusion detection ABSTRACT This paper
693.0 Hidden Pattern Statistics - Flajolet, Guivarc'h, al.(Correct)
Two fundamental problems in combinatorics on words and string manipulation are string
matching and sequence comparison. In string matching one searches for all occurrences of a given
string, unders... / a reliable threshold for intrusion detections from textual data br study this problem came from intrusion detection in the area of computer
673.9 PGRIP: PNNI Global Routing Infrastructure Protection - di Vimercati, Lincoln, Ricciulli..(Correct)
We describe a system for achieving PNNI (Private
Network-Network Interface) Global Routing Infrastructure
Protection (PGRIP). We give details of PGRIP's
system-level design and identify some condition... / design merges ideas from intrusion detection network management fault br et al. They designed an intrusion detection system that can detect
671.9 Automated Intrusion Detection Methods Using NFR - Lee, Park, Stolfo (1999)(Correct)
There is often the need to update an installed Intrusion Detection System (IDS) due to new attack methods or upgraded computing environments. Since many current IDSs are constructed by manual encoding... / Automated Intrusion Detection Methods Using NFR Wenke br need to update an installed Intrusion Detection System IDS due to new
671.4 Behavior-based Confinement of Untrusted Applications - Department(Correct)
In my thesis, I propose a class-specific sandboxing mechanism to confine untrusted applications. The key idea is to identify different application classes like editor, browser, mail client, shell, fil... / . . Intrusion Detection Systems . br to detect networkbased intrusion detection Netstat A language for
665.8 An Experimental Study of Insider Attacks for the OSPF Routing Protocol - Vetter, Wang, Wu (1997)(Correct)
It is critical to protect the network infrastructure (e.g., network routing
and management protocols) against security intrusions, yet dealing with insider
attacks are probably one of the most challen... / security control with intrusion detection in one single system br network infrastructure intrusion detection project Murphy and
664.2 Information-Theoretic Measures for Anomaly Detection - Lee, Xiang (2001)(Correct)
Anomaly detection is an essential component of the protection mechanisms against novel attacks. In this paper, we propose to use several information-theoretic measures, namely, entropy, conditional en... / measures. Introduction Intrusion detection systems IDSs is an br The two main techniques for intrusion detection ID are misuse detection
654.0 Defending a Computer System using Autonomous Agents - Crosbie, Spafford (1996)(Correct)
This report presents a prototype architecture of a defense mechanism for computer systems. The intrusion
detection problem is introduced and some of the key aspects of any solution are explained. Stan... / for computer systems. The intrusion detection problem is introduced and br are explained. Standard intrusion detection systems are built as a
653.5 Benchmarking Anomaly-Based Detection Systems - Roy Maxion Kymie (2000)(Correct)
Anomaly detection is a key element of intrusiondetection
and other detection systems in which perturbations
of normal behavior suggest the presence of intentionally
or unintentionally induced attacks,... / detection is a key element of intrusiondetection and other detection systems br characteristics. In intrusion-detection settings however this is
648.8 NetSTAT: A Network-based Intrusion Detection Approach - Vigna (1998)(Correct)
Network-based attacks have become common and sophisticated.
For this reason, intrusion detection systems are
now shifting their focus from the hosts and their operating
systems to the network itself. ... / NetSTAT A Network-based Intrusion Detection Approach Giovanni Vigna br For this reason intrusion detection systems are now shifting
648.4 Service Configuration and Management in Adaptable Networks - Livio Ricciulli Computer (1999)(Correct)
We describe ANCORS, an architecture for the design, configuration,
and management of adaptable networks. We describe the primary
components of the architecture and their common system management
... / tools like RMON and intrusion detection engines from the EMERALD br Ricciulli a monitor for intrusion detection that produced intrusion
645.7 Detecting Backdoors - Zhang, Paxson (2000)(Correct)
Backdoors are often installed by attackers who have compromised
a system to ease their subsequent return to the system.
We consider the problem of identifying a large class of
backdoors, namely those ... / network traffic using an intrusion detection system IDS where we br In general network intrusion detection becomes much more
645.6 The Application Of Neural Networks To UNIX Computer Security - Tan (1995)(Correct)
Computer security can be divided into two distinct areas, preventive security and the detection of security violations.
Of the two, a greater degree of research and emphasis has been applied to preven... / LANL Network Security Intrusion Detection Network Security
638.1 A Data Mining and CIDF Based Approach for Detecting Novel and.. - Lee, Nimbalkar, Yee, Patil, Desai.. (2000)(Correct)
As the recent distributed Denial-of-Service (DDOS) attacks
on several major Internet sites have shown us, no open computer network
is immune from intrusions. Furthermore, intrusion detection syste... / from intrusions. Furthermore intrusion detection systems IDSs need to be br system based on the Common Intrusion Detection Framework CIDF where
635.5 Denial of service in public key protocols - Eronen (2001)(Correct)
Network denial of service attacks have become a widespread problem on the Internet. However, denial of service is often considered to be an implementation issue by protocol designers. In this paper I ... / by spoofed IP addresses. Intrusion detection and reaction systems aim to br or few IP addresses. To an intrusion detection system this might look like
634.8 Security and Dependability: Then and Now - Meadows, McLean (1999)(Correct)
We survey security research from the point of view of the dependability taxonomy developed by IFIP Working Group 10.4 and discuss changes since a similar survey was performed four years ago. unknown S... / of work that is being done on intrusion detection. Intrusion detection br done on intrusion detection. Intrusion detection systems detect if the
621.6 The STAT Tool Suite - Vigna, Eckmann, Kemmerer (2000)(Correct)
This paper describes a suite of intrusion detection tools
developed by the Reliable Software Group at UCSB. The
tool suite is based on the State Transition Analysis Technique
(STAT), in which compute... / paper describes a suite of intrusion detection tools developed by the br and tailored to perform intrusion detection in different domains and
612.1 An Approach to UNIX Security Logging - Axelsson, Lindqvist, Gustafson.. (1998)(Correct)
Off-line intrusion detection systems rely on logged data. However, the logging mechanism may be
complicated and time-consuming and the amount of logged data tends to be very large. To counter
these pr... / Abstract Off-line intrusion detection systems rely on logged br be incorporated into an intrusion-detection system IDS and by its
611.7 Immunity by Design: An Artificial Immune System - Hofmeyr, Forrest (1999)(Correct)
We describe an artificial immune system (AIS)
that is distributed, robust, dynamic, diverse and
adaptive. It captures many features of the vertebrate
immune system and places them in the
context o... / detection host-based intrusion detection and network security br the computational cost of intrusion detection. Such distribution will
607.9 Comparing Local Search with respect to Genetic Evolution to Detect.. - Neri University Of(Correct)
The detection of intrusions over computer networks
(i.e., network access by non-authorized users) can
be cast to the task of detecting anomalous patterns of network
traffic. In this case, models of no... / project and the DARPA Intrusion Detection Evaluation have been chosen br A variety of approaches to intrusion detection do exist Denning
606.4 Integrating Security in the MAC Layer of WDM Optical Networks - Simov, Tridandapani(Correct)
We introduce a new technique for providing security in a broadcast-and-select, wavelengthdivision
-multiplexed (WDM) optical network. The approach provides privacy of communications
by employing a n... / to integrate privacy and intrusion detection at the media-access layer.
596.9 Handbook for the Computer Security Certification of Trusted Systems - Chapter Overview Chapter(Correct)
Penetration testing is required for National Computer Security Center (NCSC) security evaluations of
systems and products for the B2, B3, and A1 class ratings of the Trusted Computer System Evaluation... / . . . Intrusion Detection . br a successful hit list. . . Intrusion Detection Considerable research
596.1 Software Tamper Resistance: Obstructing Static Analysis of Programs - Wang, Hill, Knight, Davidson (2000)(Correct)
In this paper we address the problem of protecting trusted software on untrusted hosts by code obfuscation.
We address one aspect of the problem, namely obstructing static analysis of programs.
The p... / it arises for example in intrusiondetection systems. The parts of the br systems. The parts of the intrusion-detection system that record events
596.0 Building Intrusion Tolerant Applications - Wu, Malkin, Boneh (1999)(Correct)
The ITTC project provides tools and an infrastructure for building intrusion tolerant applications. Rather than prevent intrusions or detect them after the fact, the ITTC system ensures that the compr... / system one often installs intrusion detection software to monitor system