S.T. Eckmann, G. Vigna, and R.A. Kemmerer, STATL: An Attack Language for State-based Intrusion Detection, Journal of Computer Security 10,1/2 (2002) p. 71-104. Home/Search Document Details and Download
Summary Related Articles Check |
This paper is cited in the following contexts:
First 50 documents
Policy Specification for Non-Local Fault Tolerance in Large.. - Varner (Correct)
....read, understand, and modify. There is little or no mechanism for abstraction and the syntax is not conducive for understanding the semantic meaning of a specification [38] Declaration of policy elements is not modularized, so multiple, different semantic levels must be understood simultaneously [13]. The ability to abstract away detail and focus on single conceptual levels is essential for a maintainable and scalable language. Many general purpose formal specification languages have syntax based on discrete mathematical constructs. These concepts are incredibly powerful but not intuitive ....
....be contained within a single declaration. 8.2.2 IDS Languages Much work has been done in the area of specification languages that are specifically for intrusion detection systems. These languages mostly fall into the categories of event, response, reporting, correlation, exploit, and detection [13]. Event languages describe how data should be formatted and are generally used for application logging. Examples are Sun Microsystems SunSHIELD Basic Security Module (BSM) audit records [45] syslog messages [3] shorewall firewall log messages [61] xinetd messages, tcpdump packets [42] and the ....
[Article contains additional citation context not shown here]
S. Eckmann, G. Vigna, and R. Kemmerer. STATL: An Attack Language for State-based Intrusion Detection. Journal of Computer Security, 10(1/2):71--104, 2002.
Denial of Service Intrusion Detection Using Time Dependent.. - Branch, Bivens (2002) (1 citation) (Correct)
....ETG to generate a sequence of tokens. Together, all of these predefined tokens, each being a string of one or more ASCII characters, compose a language used by our system for recognizing DoS attacks. The efficiency of domainindependent IDS languages has been shown with such languages as STATL [3] (used by both USTAT and NETSTAT) which partially serves as our motivation for using a proprietary language. Our other incentive is that it drives the operation of our detection engine: the TDFA transversal unit (to be explained later) The following is a condensed explanation of how the ETG ....
S.T. Eckmann, G. Vigna, and R. A. Kernmeter. STATL: An Attack Language for State-based Intrusion Detection. Dept. of Computer Science, University of California, Santa Barbara, 2000.
Log Auditing through Model-Checking - Roger, al. (2001) (5 citations) (Correct)
....signature based mechanisms that allow one to keep the number of false positives low, but can only detect behaviors obeying known patterns. Our work lies clearly in the signature based, misuse detection field. To be more precise, it is based on a detection language (taking the terminology of [6]) which will take the form of a temporal logic. There are now a handful of proposals for detection systems and languages, among which NFR and its N code [16] Emerald and P BEST [9] IDIOT [4] STATL [6] ASAX and Russel [13] Temporal logics have the advantage that they are a high level, compact ....
....field. To be more precise, it is based on a detection language (taking the terminology of [6] which will take the form of a temporal logic. There are now a handful of proposals for detection systems and languages, among which NFR and its N code [16] Emerald and P BEST [9] IDIOT [4] STATL [6], ASAX and Russel [13] Temporal logics have the advantage that they are a high level, compact and mostly readable notation for events occurring as time passes [10] Amongst those, the systems closest to our work are IDIOT, STATL and ASAX, and we have borrowed some ideas from each. Our algorithms ....
S. T. Eckmann, V. Giovanni, and R. A. Kemmerer. STATL: An attack language for state-based intrusion detection. In ACM Workshop on Intrusion Detection Systems, 2000.
Log Auditing through Model-Checking - Roger, Goubault-Larrecq (2001) (5 citations) (Correct)
....signature based mechanisms that allow one to keep the number of false positives low, but can only detect behaviors obeying known patterns. Our work lies clearly in the signature based, misuse detection field. To be more precise, it is based on a detection language (taking the terminology of [6]) a.k.a. what is usually and improperly called an attack language, which will take the form of a temporal logic. There are now a handful of proposals for detection systems and languages, among which NFR and its N code [18] Emerald and P BEST [11] IDIOT [4] STATL [6] ASAX and Russel [15] ....
....(taking the terminology of [6] a.k.a. what is usually and improperly called an attack language, which will take the form of a temporal logic. There are now a handful of proposals for detection systems and languages, among which NFR and its N code [18] Emerald and P BEST [11] IDIOT [4] STATL [6], ASAX and Russel [15] Temporal logics have the advantage that they are a high level, compact and mostly readable notation for events occurring as time passes [12] Amongst those, the systems closest to our work are IDIOT, STATL and ASAX, and we have borrowed some ideas from each. The algorithms ....
[Article contains additional citation context not shown here]
S. T. Eckmann, V. Giovanni, and R. A. Kemmerer. STATL: An attack language for state-based intrusion detection. In ACM Workshop on Intrusion Detection Systems, 2000.
On the Detection of - Anomalous System Call (2003) Self-citation (Vigna) (Correct)
No context found.
S.T. Eckmann, G. Vigna, and R.A. Kemmerer. STATL: An Attack Language for State-based Intrusion Detection. Journal of Computer Security, 10(1/2):71-104, 2002.
A Comprehensive Approach to Intrusion Detection Alert.. - Valeur, Vigna.. (2004) (1 citation) Self-citation (Vigna Kemmerer) (Correct)
No context found.
S.T. Eckmann, G. Vigna, and R.A. Kemmerer, "STATL: An Attack Language for State-Based Intrusion Detection," J. Computer Security, vol. 10, nos. 1-2, pp. 71-104, 2002.
Sensor Families For Intrusion Detection Infrastructures - Kemmerer, Vigna (2004) Self-citation (Vigna Kemmerer) (Correct)
No context found.
S.T. Eckmann, G. Vigna, and R.A. Kemmerer. STATL: An Attack Language for State-based Intrusion Detection. Journal of Computer Security, 2002.
On the Detection of Anomalous System Call Arguments - Kruegel, Mutz, Valeur, Vigna (2003) (5 citations) Self-citation (Vigna) (Correct)
No context found.
S.T. Eckmann, G. Vigna, and R.A. Kemmerer. STATL: An Attack Language for State-based Intrusion Detection. Journal of Computer Security, 10(1/2):71-104, 2002.
A Stateful Intrusion Detection System for World-Wide.. - Vigna, Robertson.. (2003) (5 citations) Self-citation (Vigna Kemmerer) (Correct)
No context found.
S.T. Eckmann, G. Vigna, and R.A. Kemmerer. STATL: An Attack Language for State-based Intrusion Detection. Journal of Computer Security, 10(1/2):71-- 104, 2002.
An Experience Developing an IDS Stimulator for the.. - Mutz, Vigna, Kemmerer (2003) (1 citation) Self-citation (Vigna Kemmerer) (Correct)
No context found.
S.T. Eckmann, G. Vigna, and R.A. Kemmerer. STATL: An Attack Language for State-based Intrusion Detection. In Proceedings of the ACM Workshop on Intrusion Detection Systems, Athens, Greece, November 2000.
Detecting Malicious Java Code Using Virtual Machine Auditing - Soman, Krintz, Vigna (2003) (1 citation) Self-citation (Vigna) (Correct)
....The JVM auditing system maps authenticated user IDs to threads so that malicious users can be identified and their threads selectively terminated. Our system implementation couples and extends two existing frameworks: the JikesRVM, a high performance Java virtual machine [30, 1] and STAT [51, 14], a general platform for the creation of intrusion detection sensors that we developed as part of prior work. The grayed boxes in the figure identify our extensions to these systems. In the sections that follow, we describe each of these components. 4 An Auditing System For A Java Virtual ....
....[26, 50] The STAT framework provides a generic signature based intrusion detection engine that can be extended to match a specific environment through a welldefined process. The first step of the extension process includes the definition of a language extension module. This module extends STATL [14], the domain independent attack modeling language provided by the framework, with the event types that are specific of a particular target domain. Therefore, we developed a language extension module that defines the event types that are produced by the JikesRVM auditing facility (e.g. the JEvent ....
S.T. Eckmann, G. Vigna, and R.A. Kemmerer. STATL: An Attack Language for State-based Intrusion Detection. Journal of Computer Security, 10(1/2):71--104, 2002.
Stateful Intrusion Detection for High-Speed Networks - Kruegel, Valeur, Vigna.. (2002) (9 citations) Self-citation (Vigna Kemmerer) (Correct)
....arithmetic relation (e.g. y can be a constant, the value of a variable, or a value derived from the same frame. Clauses and event spaces may be derived automatically from the attack descriptions, for example from signatures written in attack languages such as Bro [6] Sutekh [7] STATL [2], or Snort [8] 3.3 Frame Routing Event spaces are the basis for the definition of the filters used by the slicers to route frames to different channels. The filters are determined by composing the event spaces associated with all the scenarios that are active on a specific channel. More ....
S.T. Eckmann, G. Vigna, and R.A. Kemmerer. STATL: An Attack Language for State-based Intrusion Detection. In Proceedings of the ACM Workshop on Intrusion Detection Systems, Athens, Greece, November 2000.
Translating Snort rules to STATL scenarios - Eckmann (2001) (3 citations) Self-citation (Eckmann) (Correct)
....well supported by a large community. This paper considers automated translation of Snort rules to STATL scenarios. STAT is a framework developed by the Reliable Software Group at UCSB for building IDSs [6] The STAT framework includes a domain independent attack description language called STATL [1]. The family of IDSs that have been built as STAT extensions includes a networkbased system called NetSTAT [7] NetSTAT includes support for the Snort supported protocols and others (e.g. ethernet and ARP) Automatically translating Snort rules to STATL scenarios has the practical effect of ....
S. Eckmann, G. Vigna, and R. Kemmerer. STATL: An attack language for state-based intrusion detection. In Proceedings of WIDS (held in conjunction with ACMCCS
Measuring a System's Attack Surface - Pratyusa Manadhata Pratyus (2004) (1 citation) (Correct)
No context found.
S.T. Eckmann, G. Vigna, and R.A. Kemmerer, STATL: An Attack Language for State-based Intrusion Detection, Journal of Computer Security 10,1/2 (2002) p. 71-104.
Measuring a System's Attack Surface - Pratyusa Manadhata Jeannette (2004) (1 citation) (Correct)
No context found.
S.T. Eckmann, G. Vigna, and R.A. Kemmerer, STATL: An Attack Language for State-based Intrusion Detection, Journal of Computer Security 10,1/2 (2002) p. 71-104.
A Declarative Approach to Stateful Intrusion - Detection And Network (2004) (Correct)
No context found.
S. Eckmann, G. Vigna, and R. Kemmerer, "STATL: An Attack Language for State-based Intrusion Detection," Journal of Computer Security, vol. 10, no. 1/2, pp. 71--104, 2002.
Techniques and Tools for Analyzing Intrusion Alerts - Ning, Cui, Reeves, Xu (2004) (1 citation) (Correct)
No context found.
Eckmann, S., Vigna, G., and Kemmerer, R. 2002. STATL: An Attack Language for State-based Intrusion Detection. Journal of Computer Security 10, 1/2, 71--104.
Using Decision Trees to Improve Signature-Based Intrusion.. - Kruegel, Toth (2003) (Correct)
No context found.
S.T. Eckmann, G. Vigna, and R.A. Kemmerer. STATL: An Attack Language for State-based Intrusion Detection. In Proceedings of the ACM Workshop on Intrusion Detection Systems, Athens, Greece, November 2000.
Building Attack Scenarios through Integration of.. - Correlation Methods Peng (Correct)
No context found.
S. Eckmann, G. Vigna, and R. Kemmerer. STATL: An Attack Language for State-based Intrusion Detection. Journal of Computer Security, 10(1/2):71--104, 2002.
Reasoning about Complementary Intrusion Evidence - Zhai, Ning, Iyer, Reeves (2004) (Correct)
No context found.
S.T. Eckmann, G. Vigna, and R.A. Kemmerer. STATL: An Attack Language for State-based Intrusion Detection. Journal of Computer Security, 10(1/2):71--104, 2002.
Learning Attack Strategies from Intrusion Alerts - Ning, Xu (2003) (3 citations) (Correct)
No context found.
S.T. Eckmann, G. Vigna, and R.A. Kemmerer. STATL: An Attack Language for State-based Intrusion Detection. Journal of Computer Security, 10(1/2):71--104, 2002.
Learning Attack Strategies from Intrusion Alerts - Ning, Xu (2003) (3 citations) (Correct)
No context found.
S.T. Eckmann, G. Vigna, and R.A. Kemmerer. STATL: An Attack Language for State-based Intrusion Detection. J. of Computer Security, 10(1/2):71--104, 2002.
Panoptis: Intrusion Detection using a Domain-specific Language - Spinellis, Gritzalis (2002) (Correct)
No context found.
S. Eckmann, G. Vigna, and R. Kemmerer. STATL: An attack language for state-based intrusion detection. In Proceedings of the ACM Workshop on Intrusion Detection, Athens, Greece, Nov. 2000. ACM.
Using Decision Trees to Improve Signature-Based Intrusion.. - Kruegel, Toth (2003) (Correct)
No context found.
S.T. Eckmann, G. Vigna, and R.A. Kemmerer. STATL: An Attack Language for State-based Intrusion Detection. In Proceedings of the ACM Workshop on Intrusion Detection Systems, Athens, Greece, November 2000.
Modeling Multistep Cyber Attacks for Scenario Recognition - Cheung, Lindqvist, Fong (2003) (1 citation) (Correct)
No context found.
S. T. Eckmann, G. Vigna, and R. A. Kemmerer. STATL: An attack language for state-based intrusion detection. Journal of Computer Security, 10:71--103, 2002.
First 50 documents
Online articles have much greater impact More about CiteSeer.IST Add search form to your site Submit documents Feedback
CiteSeer.IST - Copyright Penn State and NEC