Jean-Philippe Pouzol, Mireille Ducassé  Home/Search
Context Related
| irisa.fr/lande/pou...casseraid01.ps.gz Cached: PS.gz PS PDF This document uses CoBlitz to cache paper downloads. If your firewall is blocking outgoing connections to port 3125, you can use these links to download local copies.
Image Update HelpPS.gz PS PDF From: irisa.fr/lande/pouzol/ (more) (Enter author homepages) |
Rate this article:      (best)Comment on this article |
Abstract: In many existing misuse intrusion detection systems, intrusion signatures are very close to the detection algorithms. As a consequence, they contain too many cumbersome details. Recent work have proposed declarative signature languages that raise the level of abstraction when writing signatures. However, these languages do not always come with operational support. In this article, we show how to transform such declarative signatures into operational ones. This process points out several... (Update)
Context of citations to this paper: More
.... be derived automatically from the attack descriptions, for example from signatures written in attack languages such as Bro [6] Sutekh [7], STATL [2] or Snort [8] 3.3 Frame Routing Event spaces are the basis for the definition of the filters used by the slicers to route frames...
.... [35] Roger and Goubault Larreq s linear time temporal logic [57] Uppuluri and Sekar s REE [59, 60] Sutekh from Pouzol and Ducasse [53, 54], Gerard s LaDAA language for generating ASAX rules [17] LAMBDA from Cuppens and Ortalo [10] and ADeLe from Michel and Me [44]...
Cited by: More
Policy Specification for Non-Local Fault Tolerance in Large.. - Varner (Correct)
Stateful Intrusion Detection for High-Speed Networks - Kruegel, Valeur, Vigna.. (2002) (Correct)
Active bibliography (related documents): More All
0.6: Modeling Multistep Cyber Attacks for Scenario Recognition - Cheung, Lindqvist, Fong (2003) (Correct)
0.4: Testing C Programs for Buffer Overflow Vulnerabilities - Haugh (2002) (Correct)
0.2: Abstraction-based Intrusion Detection in Distributed.. - Ning, Jajodia, Wang (2001) (Correct)
Similar documents based on text: More All
0.7: Handling Generic Intrusion Signatures is not Trivial - Pouzol, Ducassé (2000) (Correct)
0.4: Benchmarking a distributed intrusion detection system.. - Abily, Ducassé (2000) (Correct)
0.3: A Software Architecture to support Misuse Intrusion Detection. - Kumar, Spafford (1995) (Correct)
Related documents from co-citation: More All
2: STATL: An Attack Language for State-based Intrusion Detection - Eckmann, Vigna et al. - 2000
2: A High-Performance Network Intrusion Detection System - Sekar, Guang et al. - 1999
2: Snort - Lightweight Intrusion Detection for Networks (context) - Roesch - 1999
BibTeX entry: (Update)
J. Pouzol and M. Ducasse. From Declarative Signatures to Misuse IDS. In W. Lee, L. Me, and A. Wespi, editors, Proceedings of the RAID International Symposium, volume 2212 of LNCS, pages 1 -- 21, Davis, CA, October 2001. Springer-Verlag. http://citeseer.ist.psu.edu/pouzol01from.html More
@article{ pouzol01from,
author = "Jean-Philippe Pouzol and Mireille Ducass{\'e}",
title = "From Declarative Signatures to Misuse {IDS}",
journal = "Lecture Notes in Computer Science",
volume = "2212",
pages = "1--??",
year = "2001",
url = "citeseer.ist.psu.edu/pouzol01from.html" }
Citations (may not include all citations):105 State Transition Analysis: A RuleBased Intrusion Detection A.. - Ilgun, ans et al. - 1995
80 Composite Events for Active Databases: Semantics (context) - Chakravarthy, Krishnaprasad et al. - 1994
58 A Pattern Matching Model for Misuse Intrusion Detection - Kumar, Spafford - 1994
48 Classification and Detection of Computer Intrusions - Kumar - 1995 ACM
41 Experience with Emerald to Date - Neumann, Porras - 1999 ACM DBLP
39 Detecting Computer and Network Misuse Through the Production.. - Lindqvist, Porras - 1999
32 STATL: An Attack Language for State-based Intrusion Detectio.. - Eckmann, Vigna et al. - 2000 DBLP
28 ASAX: Software Architecture and Rule-based Language for Univ.. - Habra, Le Charlier et al. - 1992 DBLP
22 Abstraction-Based Misuse Detection: High-Level Specification.. - Lin, Wang et al. - 1998 DBLP
21 Intrusion Detection Systems: A Survey and Taxonomy - Axelsson - 2000
20 LAMBDA: A Language to Model a Database for Detection of Atta.. (context) - Cuppens, Ortalo DBLP
20 Languages and Tools for Rule-Based Distributed Intrusion Det.. (context) - Mounji - 1997
17 SunSHIELD Basic Security Module Guide (context) - MicroSystem - 2000
5 Advisory CA (context) - Center
2 ADeLe: an Attack Description Language for Knowledgebased Int.. - Michel, M'e - 2001
1 D'efinition et impl'ementation d'un langage d'analyse d'audi.. (context) - G'erard - 1998
Online articles have much greater impact More about CiteSeer.IST Add search form to your site Submit documents Feedback
CiteSeer.IST - Copyright Penn State and NEC