W. Lee, C. T. Park, S. J. Stolfo. Automated Intrusion Detection using NFR: Methods and Experiences. In Workshop on Intrusion Detection & Network Monitoring, Santa Clara, CA, April 1999.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....in the connection records and features that could be identi ed by NFR. If this is not the case, then a modi cation of the base lters of NFR would needs to be done, but the lack of NFR s source code prevents us from doing so. The conversion of rules to N code uses ideas similar to those in [6]. 4. alert information from the anomaly based agents is received: Store alert info in the anomaly queue. The following is the functionality of the tagger thread which waits for fresh input into the anomaly queue. If 1. the source of the alert is NFR: Matches this data with other pre existing ....

W. Lee, C. T. Park, S. J. Stolfo. Automated Intrusion Detection using NFR: Methods and Experiences. In Workshop on Intrusion Detection & Network Monitoring, Santa Clara, CA, April 1999.

....true when variables have been added to these languages. On the other hand, a regular language based formulation lends itself more readily to an automaton based patternmatching approach that can be implemented efficiently. 8. 2 Network Intrusion Detection Most network intrusion detection systems [15, 32, 17, 21, 29, 31, 40, 34] operate by inspecting IP (or lower level) packets, most of them attempt to reconstruct the higher level interactions between end hosts and remote users, and identify anomalous or attack behaviors. Based on this, they attempt to identify a broad class of attacks, focusing particularly on malicious ....

....surveillance, probing and a large number of denial of service attacks in existence fall into this category of low level network attacks. This twopart approach enables us to simplify the detection of diverse kinds of intrusions. A completely different approach is taken for intrusion detection in [21], where techniques based on data mining are employed. Several previous works such as [15] also employed statistical and expert system based techniques for detecting anomalous behaviors that could be indicative of attacks. These techniques largely complement patternmatching based schemes such as ....

W. Lee, C. Park and S. Stolfo, Automated Intrusion Detection using NFR: Methods and Experiences, USENIX Intrusion Detection Workshop, 1999.

....individual hosts and operate on the basis of information contained in audit logs or other similar sources of data, and network based systems, which operate by monitoring network traffic. The system described in this paper falls in the second category. Although network intrusion detection systems [Heberlein90, PN97, Hochberg93, LPS99, MHL94, Paxson98, VK98, Ranum97] operate by inspecting IP (or lower level) 0 0.2 0.4 0.6 0.8 1 10 20 30 40 50 60 70 80 Average Execution Time(seconds GB) Number of rules Figure 7: Pattern matching time Vs number of rules. 0 5 10 15 20 10 20 30 40 50 60 70 80 Average Execution Time (seconds GB) Number of ....

....of denial of service attacks in existence fall into this category of low level network attacks. This approach complements host based approaches that can identify higher level attacks by examining audit logs or system calls. A completely different approach is taken for intrusion detection in [LPS99], where techniques based on data mining are employed. Several previous works such as [Heberlein90] also employed statistical and expert system based techniques for detecting anomalous behaviors that could be indicative of attacks. These techniques largely complement pattern matching based schemes ....

W. Lee, C. Park and S. Stolfo, Automated Intrusion Detection using NFR: Methods and Experiences, USENIX Intrusion Detection Workshop, 1999.

....intrusion detection system. We are in the process of implementing a real time system using Network Flight Recorder [NFR 97] a powerful packet sniffing engine with the ability to program scripts in N code (an interpreted traffic analysis language) in order to compute our connection attributes[Lee2 99] As this work progresses, a more thorough cost analysis of attribute computation can be performed, and actual measures of performance gains offered by training RIPPER with cost sensitivity can be determined. ....

Lee, Wenke; Park, Christopher T.; Stolfo, Salvatore J.: Automated Intrusion Detection Using NFR: Methods and Experiences. From USENIX Workshop on Intrusion Detection and Network Monitoring (ID '99) Proceedings, 1999.

No context found.

Lee, W., Park, C., and Stolfo, S. (1999a). Automated Intrusion Detection Using NFR : Methods and Experiences. In Proceedings of the 1st USENIX Workshop on Intrusion Detection and Network Monitoring.

No context found.

W Lee, Park.C, and Stolfo.S. Automated intrusion detection using nfr: Methods and experiences. In USENIX Intrusion Detection Workshop, 1999.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC