S. Staniford, J. A. Hoagland, and J. M. McAlerney. Practical Automated Detection of Stealthy Portscans. Journal of Computer Security, 10:105--136, 2002. Home/Search Document Not in Database Summary Related Articles Check |
This paper is cited in the following contexts:
Internet Intrusions: Global Characteristics and Prevalence - Yegneswaran, Barford.. (2003) (18 citations) (Correct)
....IP ranges where: A = random number not equal to 10,127,172 or 192, B = 0 255, C = 1 255 and D = 1 254. The primary function of the worm is to email passwords and related system information to ixltd postone.com [1, 14, 25] 4. 2 Scan Types We broadly categorize scans into four well known types [22]. 1. Vertical Scan is defined as a sequential or random scan of multiple (more than 5) ports of a single IP address from the same source during a one hour period. These are usually an attempt to survey which of several well known vulnerabilities applies to this host and are also known as strobe ....
.... scans Aug 2001 July 2002, over 32, 24 and 16 aggregates Figure 17: Projection of non worm scans Aug 2001 July 2002, over 32, 24 and 16 aggregates cept of developing an infrastructure that would pool resources in order to more rapidly and more effectively respond to attacks and intrusions [6, 10, 22]. There are many issues involved in the creation of such an infrastructure, not the least of which is understanding its potential for success. Given the fact that there is likely to be little synchronization of timestamps between daily firewall logs in our data set, we did not attempt to evaluate ....
Stuart Staniford, James Hoagland, and Joseph McAlerney. Practical Automated Detection of Stealthy Portscans. In Journal of Computer Security, 2002.
An Intrusion Alert Correlator Based on Prerequisites of Intrusions - Ning, Cui (2002) (2 citations) (Correct)
....similarity between classes of alerts) and cannot discover the causal relationships between related alerts that do not share similar features. A similar approach along with several heuristics was used to evaluate the strength of connections between alerts (events) to detect stealthy portscans [12]. Though the heuristics can be potentially extended to general alert correlation problems, it cannot fully discover the causal relationships between related alerts, either. Another approach was proposed to learn alert correlation models by applying machine learning techniques to training data ....
....It is usually up to the human users to discover the connections between alerts. However, in the intrusion intensive situations, the IDSs may generate large amount of alerts, making manual correlation of alerts a very difficult task. We have discussed the previous alert correlation techniques [2, 3, 12, 13] in the introduction. Our alert correlation approach is complementary to these methods; using the specific knowledge about various types of intrusions (i.e. the prerequisites and consequences of intrusions) our approach is able to discover the causal relationships between related alerts and ....
S. Staniford, J.A. Hoagland, and J.M. McAlerney. Practical automated detection of stealthy portscans. To appear in Journal of Computer Security.
Constructing Attack Scenarios through Correlation of.. - Ning, Cui, Reeves (2002) (15 citations) (Correct)
....overlap with TR 2001 13 and TR 2002 01. The intention of this technical report is to provide a full version for the paper to appear in ACM CCS 02 [14] Several alert correlation methods have been proposed to address this problem. These methods fall into three classes. The first class (e.g. Spice [17], the probabilistic alert correlation [19] and the MIRADOR method [4] correlates alerts based on the similarities between alert attributes. Though they are effective for correlating some alerts (e.g. alerts with the same source and destination IP addresses) they cannot fully discover the ....
S. Staniford, J.A. Hoagland, and J.M. McAlerney. Practical automated detection of stealthy portscans. To appear in Journal of Computer Security, 2002.
Correlating Alerts Using Prerequisites of Intrusions - Ning, Reeves, Cui (2001) (Correct)
....In [20] a probabilistic method was used to correlate alerts using similarity between their features. However, this method depends on parameters selected by human experts (e.g. similarity between classes of alerts) and is not suitable for fully discovering causal relationships between alerts. In [19], a similar approach was applied to detect stealthy portscans along with several heuristics. Though some such heuristics (e.g. feature separation heuristics [19] may be extended to the general alert correlation problem, the approach cannot fully recover the causal relationships between alerts, ....
....experts (e.g. similarity between classes of alerts) and is not suitable for fully discovering causal relationships between alerts. In [19] a similar approach was applied to detect stealthy portscans along with several heuristics. Though some such heuristics (e.g. feature separation heuristics [19]) may be extended to the general alert correlation problem, the approach cannot fully recover the causal relationships between alerts, either. Techniques for aggregating and correlating alerts have been proposed by others [6] In particular, the correlation method in [6] uses a consequence ....
S. Staniford, J.A. Hoagland, and J.M. McAlerney. Practical automated detection of stealthy portscans. To appear in Journal of Computer Security.
Mining Intrusion Detection Alarms for Actionable Knowledge - Julisch, Dacier (2002) (9 citations) (Correct)
....detection. An overview of these projects and a general treatment of data mining in computer security can be found in a recent book edited by Barbara and Jajodia [4] Data mining for fraud detection is investigated by Fawcett and Provost [15] and by Chan and Stolfo [10] Alarm correlation systems [12, 14, 40, 42] try to group alarms so that the alarms of the same group pertain to the same phenomenon (e.g. the same attack) In that way, they o#er a more condensed view on the security issues raised by an IDS. The work by Dain and Cunningham [12] is noteworthy as it uses data mining techniques to learn ....
S. Staniford, J. A. Hoagland, and J. M. McAlerney. Practical Automated Detection of Stealthy Portscans. In ACM Computer and Communications Security IDS Workshop, pages 1--7, 2000.
Service Specific Anomaly Detection for Network Intrusion.. - Krügel, Toth, Kirda (2002) (Correct)
....parameters like the number of total connection arrivals in a certain period of time, the inter arrival time between packets or the number of packets to from a certain machine. These parameters can be used to detect port scans or denial of service attempts. Most current network based systems [12, 13, 2, 17] rely on trac models to perform the bulk of their anomaly detection. The application model attempts to incorporate application speci c knowledge. Unfortunately, such models [3] are currently very simple and include mainly additional TCP header information or count the number of bytes that are ....
Stuart Staniford, James A. Hoagland, and Joseph M. , McAlerney. Practical automated detection of stealthy portscans. In Proceedings of the IDS Workshop of the 7th Computer and Communications Security Conference, Athens, 2000.
A Multi-Resolution Approach for Worm Detection and Containment .. - Vyas Sekar Yinglian (Correct)
No context found.
S. Staniford, J. A. Hoagland, and J. M. McAlerney. Practical Automated Detection of Stealthy Portscans. Journal of Computer Security, 10:105--136, 2002.
Scan Detection: A Data Mining Approach - Gyorgy Simon Univ (2005) (Correct)
No context found.
Stuart Staniford, James A. Hoagland, and Joseph M. McAlerney. Practical automated detection of stealthy portscans. Journal of Computer Security, 10(1/2):105-- 136, 2002.
Techniques and Tools for Analyzing Intrusion Alerts - Ning, Cui, Reeves, Xu (2004) (1 citation) (Correct)
No context found.
Staniford, S., Hoagland, J., and McAlerney, J. 2002. Practical automated detection of stealthy portscans. Journal of Computer Security 10, 1/2, 105--136.
Detecting Anomalies in Network Traffic Using Maximum Entropy.. - Yu Gu Andrew (2005) (Correct)
No context found.
STANIFORD, S., HOAGLAND, J., AND MCALERNEY, J. M. Practical automated detection of stealthy portscans. In Proceedings of the IDS Workshop of the 7th Computer and Communications Security Conference (2000).
Adapting Query Optimization Techniques for Efficient Intrusion.. - Ning, Xu (2002) (Correct)
No context found.
S. Staniford, J.A. Hoagland, and J.M. McAlerney. Practical automated detection of stealthy portscans. Journal of Computer Security, 10(1/2):105--136, 2002.
Alert Correlation through Triggering Events and Common Resources - Dingbang Xu And (Correct)
No context found.
S. Staniford, J. Hoagland, and J. McAlerney. Practical automated detection of stealthy portscans. Journal of Computer Security, 10(1/2):105--136, 2002.
Building Attack Scenarios through Integration of.. - Correlation Methods Peng (Correct)
No context found.
S. Staniford, J. Hoagland, and J. McAlerney. Practical automated detection of stealthy portscans. Journal of Computer Security, 10(1/2):105--136, 2002.
Reasoning about Complementary Intrusion Evidence - Zhai, Ning, Iyer, Reeves (2004) (Correct)
No context found.
S. Staniford, J.A. Hoagland, and J.M. McAlerney. Practical automated detection of stealthy portscans. Journal of Computer Security, 10(1/2):105--136, 2002.
Analyzing Intensive Intrusion Alerts Via Correlation - Peng Ning Yun (2002) (1 citation) (Correct)
No context found.
Staniford, S., Hoagland, J., McAlerney, J.: Practical automated detection of stealthy portscans. To appear in Journal of Computer Security (2002)
On Scalable Attack Detection in the Network - Ramana Rao Kompella (2004) (2 citations) (Correct)
No context found.
Staniford, S., Hoagland, J. A., and McAlerney, J. M. Practical automated detection of stealthy portscans. In In Proceedings of the 7th ACM Conference on Computer and Communications Security (2000).
Privacy-Preserving Alert Correlation: A Concept Hierarchy.. - Dingbang Xu And (2005) (1 citation) (Correct)
No context found.
S. Staniford, J. Hoagland, and J. McAlerney. Practical automated detection of stealthy portscans. Journal of Computer Security, 10(1/2):105--136, 2002.
Learning Attack Strategies from Intrusion Alerts - Ning, Xu (2003) (3 citations) (Correct)
No context found.
S. Staniford, J.A. Hoagland, and J.M. McAlerney. Practical automated detection of stealthy portscans. J. of Computer Security, 10(1/2):105--136, 2002.
Fusion and Filtering in Distributed Intrusion Detection.. - Barford, Jha, Yegneswara (2004) (1 citation) (Correct)
No context found.
S. Staniford, J. Hoagland, and J. McAlerney. Practical automated detection of stealthy portscans. In Proceedings of the ACM CCS IDS Workshop, November 2000.
On the Design and Use of Internet Sinks for Network.. - Yegneswaran, Barford.. (2004) (3 citations) (Correct)
No context found.
S. Staniford, J. Hoagland, and J. McAlerney. Practical Automated Detection of Stealthy Portscans. In Proceedings of the ACM CCS IDS Workshop, November 2000.
A Holistic Approach to Service Survivability - Keromytis, Parekh, Gross.. (2003) (Correct)
No context found.
S. Staniford, J. Hoagland, and J. McAlerney. Practical automated detection of stealthy portscans. In Proceedings of the Seventh ACM Conference on Computer and Communications Security, Athens, Greece, 2000.
Fast Detection of Scanning Worm Infections - Stuart Schechter Jaeyeon (2004) (9 citations) (Correct)
No context found.
Stuart Staniford, James Hoagland, and Joseph McAlerney. Practical automated detection of stealthy portscans. Journal of Computer Security, 10(1):105--136, 2002.
Raj Basu, Robert K. Cunningham, Senior Member, IEEE, - Seth Webster Richard (2001) (Correct)
No context found.
S. Staniford, J. Hoagland, and J. McAlerney, "Practical Automated Detection of Stealthy Portscans," presented at ACM CCS IDS Workshop, Athens, Greece, 2000.
Digging For Worms, Fishing For Answers - The Cerias Intrusion (2002) (Correct)
No context found.
S. Staniford, J. A. Hoagland, and J. M. McAlerney. Practical Automated Detection of Stealthy Portscans. To appear in the Journal of Computer Security, 2002. Available at http://www.silicondefense.com/ research/pubs.htm.
Fast Detection of Scanning Worm Infections - Jaeyeon Jung Stuart (2004) (9 citations) (Correct)
No context found.
Stuart Staniford, James Hoagland, and Joseph McAlerney. Practical automated detection of stealthy portscans. Journal of Computer Security, 10(1):105--136, 2002.
Mining Alarm Clusters to Improve Alarm Handling Efficiency - Julisch (2001) (9 citations) (Correct)
No context found.
S. Staniford, J. A. Hoagland, and J. M. McAlerney. Practical Automated Detection of Stealthy Portscans. In ACM Computer and Communications Security IDS Workshop, pages 1--7, 2000.
Fast Portscan Detection Using Sequential Hypothesis Testing - Jaeyeon Jung Vern (2004) (15 citations) (Correct)
No context found.
S. Staniford, J. A. Hoagland, and J. M. McAlerney. Practical automated detection of stealthy portscans. In Proceedings of the 7th ACM Conference on Computer and Communications Security, Athens, Greece, 2000.
Modeling Multistep Cyber Attacks for Scenario Recognition - Cheung, Lindqvist, Fong (2003) (1 citation) (Correct)
No context found.
S. Staniford, J. A. Hoagland, and J. M. McAlerney. Practical automated detection of stealthy portscans. Journal of Computer Security, 10:105--136, 2002.
Fast Portscan Detection Using Sequential Hypothesis Testing - Jaeyeon Jung Vern (2004) (15 citations) (Correct)
No context found.
S. Staniford, J. A. Hoagland, and J. M. McAlerney. Practical automated detection of stealthy portscans. In Proceedings of the 7th ACM Conference on Computer and Communications Security, Athens, Greece, 2000.
A Taxonomy of DDoS Attack and DDoS Defense Mechanisms - Mirkovic, Reiher (2004) (13 citations) (Correct)
No context found.
S. Staniford, J. Hoagland, and J. McAlerney. Practical automated detection of stealthy portscans. Journal of Computer Security, 10(1/2), 2002.
MINDS - Minnesota Intrusion Detection System - Ertöz, Eilertson, Lazarevic.. (Correct)
No context found.
Stuart Staniford, James A. Hoagland, and Joseph M. McAlerney. Practical automated detection of stealthy portscans. Journal of Computer Security, 10:105--136, 2002.
A Holistic Approach to Service Survivability - Keromytis, Parekh, Gross.. (2003) (Correct)
No context found.
S. Staniford, J. Hoagland, and J. McAlerney. Practical automated detection of stealthy portscans. In Proceedings of the Seventh ACM Conference on Computer and Communications Security, Athens, Greece, 2000.
Global Intrusion Detection in the DOMINO Overlay System - Yegneswaran, Barford, Jha (2004) (9 citations) (Correct)
No context found.
S. Staniford, J. Hoagland, and J. McAlerney. Practical automated detection of stealthy portscans. In Proceedings of the ACM CCS IDS Workshop, November 2000.
Adapting Query Optimization Techniques for Efficient Intrusion.. - Ning, Xu (2002) (Correct)
No context found.
S. Staniford, J.A. Hoagland, and J.M. McAlerney. Practical automated detection of stealthy portscans. To appear in Journal of Computer Security, 2002.
Analyzing Intensive Intrusion Alerts Via Correlation - Peng Ning Yun (2002) (1 citation) (Correct)
No context found.
Staniford, S., Hoagland, J., McAlerney, J.: Practical automated detection of stealthy portscans. To appear in Journal of Computer Security (2002)
Constructing Attack Scenarios through Correlation of.. - Ning, Cui, Reeves (2002) (15 citations) (Correct)
No context found.
S. Staniford, J. Hoagland, and J. McAlerney. Practical automated detection of stealthy portscans. To appear in Journal of Computer Security, 2002.
Online articles have much greater impact More about CiteSeer.IST Add search form to your site Submit documents Feedback
CiteSeer.IST - Copyright Penn State and NEC