D. Anderson, T. Frivold, and A. Valdes. Nextgeneration intrusion detection expert system (NIDES). Technical Report SRI-CSL-95-07, Computer Science Laboratory, SRI International, 1995.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....not correspond to expectations is considered suspicious. The strength of these methods lies in their ability to differentiate normal user behaviour, anomalous acceptable behaviour, and intrusive behaviour. Techniques used for constructing models include statistical measures (static or adaptive) [Anderson95], expert systems [Frank92] neural networks [Debar92] and user behaviour patterning [Lane97] Any observed behaviour is compared to known patterns or expected behaviour large deviations are noted as suspicious. Few commercial systems currently use this approach systems using these methods ....

Debra Anderson, Thane Frivold, Alfonso Valdes "Next-generation Intrusion Detection Expert System (NIDES) A Summary", SRI-CSL-95-07, May 1995, http://www.sdl.sri.com/nides/reports/4sri.pdf

....other work is given in [19] Here, we merely allude to its position in the spectrum of research in intrusion detection, fault detection, and alarm correlation. A. Related Intrusion Detection Research EMERALD considerably generalizes and extends the earlier pioneering work of SRI s IDES and NIDES [1], overcoming previous limitations with respect to scalability, applicability to networking, interoperability, and inability to detect distributed coordinated attacks. It generalizes to network environments the Safeguard ex perience [2] which overcame profile explosion and scala bility problems ....

D. Anderson, T. Frivold, and A. Valdes. Next-generation intrusion-detection expert system (NIDES). Technical re- port, Computer Science Laboratory, SRI International, Menlo Park, CA, SRI-CSL-95-07, May 1995.

.... [150] alert.sh for FW 1 [138] auditGUARD [38] eTrust ID [27] pH [135] 53 ) ADS [118] AID [134] CIDDS, CMDS [115] CyberCop Monitor [110] CyberTrace [123] CylantSecure [154] Entercept [46] IDA [6] Monitor [29] Manhunt [119] NADIR [63] NIDES [3], NSTAT [74] NetProwler [148] NetRanger [25] PRCis [84] Shadow [100] UNICORN [22] eTrust Audit [26] AAFID [137] AFJ [4] CARDS [156] CSM [153] Centrax [53] DIDS [133] DPEM [77] GrIDS [139] HP IDS 9000 [61] Hummer [51] JiNao [73] LISYS [64] ....

.... Host based (52 ) ADS [118] AID [134] ALVA [90] ASAX [56] CMDS [115] CompWatch [42] CyberCop Monitor [110] Haystack [132] Hyperview [39] IDA [6] IDES [86] IDIOT [79] Intruder Alert [148] Kane Security Monitor [29] MIDAS [128] NADIR [63] NIDES [3], NSTAT [74] POLYCENTER [41] PRCis [84] Logcheck LogSentry [116] UNICORN [22] USTAT [70] Wisdom Sense [150] alert.sh for FW 1 [138] auditGUARD [38] eTrust Audit [26] AAFID [137] CARDS [156] CSM [153] Centrax [53] DIDS [133] DPEM [77] Dragon ....

D. Anderson, T. Frivold, and A. Valdes. Next-generation intrusion-detection expert system (NIDES): A summary. SRI-CSL 95-07, SRI International, Menlo Park, California, May 1995. URL http://www.sdl.sri.com/nides/reports/ 4sri.pdf.

....to also allow specification of reactions. 1. Introduction Approaches to intrusion detection can be broadly divided into anomaly detection and misuse detection. Anomaly detection based approaches first create a profile that describes normal behaviors and then detect deviations from this profile [Fox90, Lunt88, Lunt92, Anderson95]. In contrast, misuse detection based approaches [Porras92, Ilgun93, Kumar94] define and look for precise sequences of events that damage the system. Anomaly detection approaches possess the advantage that learning to identify normal behavior can be automated, but they are prone to false ....

D. Anderson, T. Lunt, H. Javitz, A. Tamaru, and A. Valdes, Next-generation Intrusion Detection Expert System (NIDES): A Summary, SRI-CSL95 -07, SRI International, 1995.

....8 Related Work 8.1 Host Based Detection Host based techniques are aimed at protecting individual hosts and operate on the basis of information contained in audit logs or other similar sources of data. These techniques can be broadly divided into misuse detection [33, 20] anomaly detection [1, 8, 13], and specification based detection [19, 38] Among misuse based approaches, a state transition diagram based approach is used in [33] to capture signatures of intrusions. 20] uses colored petri nets to specify intrusive activity. This language is more expressive than ours in some ways (e.g. ....

D. Anderson, T. Lunt, H. Javitz, A. Tamaru, and A. Valdes, Next-generation Intrusion Detection Expert System (NIDES): A Summary, SRI-CSL-95-07, SRI International, 1995.

....from one set of patterns to another. 7 Related Work 7.1 Intrusion Detection Techniques for prevention of intrusions draw on previous research on (post attack) intrusion detection. Intrusion detection techniques can be broadly divided into misuse detection [PK92, Kumar95] anomaly detection [ALJTV95, FHS97, GSS99], and specification based detection [Ko96, SBS99] Among misuse based approaches, a state transition diagram based approach is used in [PK92] to capture signatures of intrusions. Kumar95] uses colored petri nets to specify intrusive activity. This language is more expressive than ours in some ....

D. Anderson, T. Lunt, H. Javitz, A. Tamaru, and A. Valdes, Next-generation Intrusion Detection Expert System (NIDES): A Summary, SRI-CSL-95-07, SRI International, 1995.

....detection. Misuse detection techniques [29, 23, 17] model known attacks using patterns (also known as signatures) and detect them via pattern matching. Their benefit is a high degree of accuracy, and their main drawback is the inability to identify novel attacks. Anomaly detection techniques [1, 5, 20, 24, 4, 8] address this problem by flagging any abnormalities in user or system behavior as a potential attack. One of the main research problems in anomaly detection is that of learning normal user or system behaviors. We focus our discussion below on anomaly detection techniques most closely related to ....

D. Anderson, T. Lunt, H. Javitz, A. Tamaru, and A. Valdes, Next-generation Intrusion Detection Expert System (NIDES): A Summary, SRI-CSL-95-07, SRI International, 1995.

....refers to a broad range of techniques that have been developed over the past several years to protect against malicious attacks. A majority of these techniques take the passive approach of of ine monitoring of system (or user) activities to identify those activities that deviate from the norm [1, 26, 10, 12, 17, 21] or are otherwise indicative of attacks [14, 18, 22] More recently, several proactive approaches have emerged. These approaches can prevent or isolate attacks before any damage is caused [9, 13, 20, 28] Most approaches aimed at preventing intrusions [9, 13, 20, 28] are based on the following ....

.... pid = waitForCall( wait for a monitored process to enter exit sys call call = getscno(pid) if (isEntry(call) Pre entry processing, details omitted switch (call) get system call identifier case OPEN ENTRY: supObj[id] open entry(scInfo[OPEN ENTRY] 0] scInfo[OPEN ENTRY][1], scInfo[OPEN ENTRY] 2] break; cases for other system calls not shown Post entry processing (omitted) else if (isExit(call) Pre exit processing (omitted) switch (call) get system call identifier case OPEN EXIT: supObj[id] open exit(scInfo[OPEN EXIT] 0] ....

[Article contains additional citation context not shown here]

D. Anderson, T. Lunt, H. Javitz, A. Tamaru, and A. Valdes, Next-generation Intrusion Detection Expert System (NIDES): A Summary, SRI-CSL-95-07, SRI International, 1995.

No context found.

D. Anderson, T. Frivold, and A. Valdes. Nextgeneration intrusion detection expert system (NIDES). Technical Report SRI-CSL-95-07, Computer Science Laboratory, SRI International, 1995.

No context found.

Anderson, D., Frivold, T., Tamaru, A., and Valdes, A. Next-generation Intrusion Detection Expert System, NIDES. Tech. Rep. SRI--CSL--95--07, Computer Science Laboratory, SRI International, Menlo Park, CA, May 1994.

No context found.

D. Anderson, T. Frivold, A. Tamaru, and A. Valdes. Next Generation Intrusion Detection Expert System (NIDES). SRI International, 1994.

No context found.

D. Anderson, T. Lunt, H. Javitz, A. Tamaru, and A. Valdes, Next-generation Intrusion Detection Expert System (NIDES): A Summary, SRI-CSL-95-07, SRI International, 1995.

No context found.

Anderson, D., Frivold, T., Tamaru, A., and Valdes, A. Next-generation intrusion detection expert system (nides), software users manual, betaupdate release. Tech. Rep. SRI--CSL--95--07, Computer Science Laboratory, SRI International, 333 Ravenswood Avenue, Menlo Park, CA 94025-3493, May 1994.

No context found.

Anderson D., Frivold T., Valdes A., "NextGeneration Intrusion Detection Expert System (NIDES). Technical Report SRICSL -95-07, Computer Science Laboratory, SRI International, Menlo Park CA , May 1995

No context found.

D Anderson, T Frivold, and A Valdes. Next-generation intrusion-detection expert system (NIDES). Technical Report SRI-CSL-95-07, Computer Science Laboratory, SRI International, Menlo Park, CA 94025-3493, USA, May 1995.

No context found.

D. Anderson, T. Frivold, and A. Valdes, Next-generation intrusion detection expert system (NIDES): A summary. Technical Report SRI-CSL-95-07, Computer Science Laboratory, SRI International, May 1995.

No context found.

D. Anderson et al. Next-generation intrusion detection expert system (NIDES): A summary. Technical Report SRI-CSL-95-07, SRI Int'l., 1995.

No context found.

D. Anderson, T. Lunt, H. Javitz, A. Tamaru, and A. Valdes, Next-generation Intrusion Detection Expert System (NIDES): A Summary, SRI-CSL-95-07, SRI International, 1995.

No context found.

D. Anderson, T. Lunt, H. Javitz, A. Tamaru, and A. Valdes, Next-generation Intrusion Detection Expert System (NIDES): A Summary, SRI-CSL-95-07, SRI International, 1995.

No context found.

D. Anderson, T. Frivold, and A. Valdes. Next-generation intrusion detection expert system. Technical Report SRI-CSL-95-07, Computer Science Laboratory, SRI International, Menlo Park, CA, May 1995.

No context found.

Anderson D, Frivold T, Valdes A. Next-generation intrusion detection expert system (NIDES): A summary. Technical Report SRI-CSL-97-07, SRI International, Menlo Park, CA, May 1995.

No context found.

Debra Anderson, Thane Frivold, and Alfonso Valdes. Next-generation intrusion detection expert system (NIDES) : A summary. Technical report, SRI, May 1995. SRI-CSL-95-07.

No context found.

Anderson, D., T. Frivold and A. Valdes. "Next-generation Intrusion Detection Expert System (NIDES): A Summary." SRI International Computer Science Laboratory Technical Report SRI-CSL-95-07, May 1995.

No context found.

D. Anderson, T. Lunt, H. Javitz, A. Tamaru, and A. Valdes, Next-generation Intrusion Detection Expert System (NIDES): A Summary, SRI-CSL-95-07, SRI International, 1995.

No context found.

D. Anderson, T. Lunt, H. Javitz, A. Tamaru, and A. Valdes, Next-generation Intrusion Detection Expert System (NIDES): A Summary, SRI-CSL-95-07, SRI International, 1995.

First 50 documents  Next 50

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC