David Wagner, Paolo Soto  Home/Search
Context Related
| berkeley.edu/~daw/papers/mimicry.ps Cached: PS.gz PS PDF This document uses CoBlitz to cache paper downloads. If your firewall is blocking outgoing connections to port 3125, you can use these links to download local copies.
Image Update HelpPS.gz PS PDF From: berkeley.edu/~daw/papers/ (more) Homepages: D.Wagner |
Rate this article:      (best)Comment on this article |
Abstract: We examine several host-based anomaly detection systems and study their security against evasion attacks. First, we introduce the notion of a mimicry attack, which allows a sophisticated attacker to cloak their intrusion to avoid detection by the IDS. Then, we develop a theoretical framework for evaluating the security of an IDS against mimicry attacks. We show how to break the security of one published IDS with these methods, and we experimentally confirm the power of mimicry attacks by giving ... (Update)
Cited by: More
Reverse Engineering of Network Signatures - Mutz, Kruegel, Robertson.. (2005) (Correct)
Dataflow Anomaly Detection - Bhatkar, Chaturvedi, Sekar (Correct)
Improving Attack Detection in Host-Based IDS by.. - Chaturvedi, Bhatkar.. (2005) (Correct)
Active bibliography (related documents): More All
0.6: Formalizing Sensitivity in Static Analysis for Intrusion Detection - Feng (2004) (Correct)
0.5: Efficient Context-Sensitive Intrusion Detection - Giffin, Jha, Miller (2004) (Correct)
0.5: Trust Infrastructure for Policy Based Messaging in Open.. - Zhao, Chadwick (2005) (Correct)
Similar documents based on text: More All
0.6: Intrusion Detection via Static Analysis - Wagner, Dean (2001) (Correct)
0.4: Ntop: a Lightweight Open-Source Network IDS - Deri (Correct)
0.4: Improving Network Security Using Ntop - Deri, Suin (Correct)
Related documents from co-citation: More All
17: Intrusion detection via static analysis - Wagner, Dean - 2001
14: A sense of self for unix processes - Forrest, Hofmeyr et al. - 1996
11: Anomaly detection using call stack information - Feng, Kolesnikov et al. - 2003
BibTeX entry: (Update)
D. Wagner and P. Soto. Mimicry attacks on host based intrusion detection systems. In Proc. Ninth ACM Conference on Computer and Communications Security, 2002. http://citeseer.ist.psu.edu/wagner02mimicry.html More
@misc{ wagner02mimicry,
author = "D. Wagner and P. Soto",
title = "Mimicry attacks on host based intrusion detection systems",
text = "D. Wagner and P. Soto. Mimicry attacks on host based intrusion detection
systems. In Proc. Ninth ACM Conference on Computer and Communications Security,
2002.",
year = "2002",
url = "citeseer.ist.psu.edu/wagner02mimicry.html" }
Citations (may not include all citations):1911 Introduction to Automata Theory (context) - Hopcroft, Ullman - 1979
603 Kluwer Academic Publishers (context) - McMillan, Checking - 1993
470 Design and Validation of Computer Protocols (context) - Holzmann - 1990 ACM
123 Bro: A System for Detecting Network Intruders in Real-Time - Paxson - 1999 DBLP
85 Special issue on Formal Methods in Software Practice (context) - Holzmann, Checker et al. - 1997
84 Data Mining Approaches for Intrusion Detection - Lee, Stolfo - 1998
74 Self-Nonself Discrimination in a Computer - Forrest, Perelson et al. - 1994 ACM
70 A Data Mining Framework for Building Intrusion Detection Mod.. - Lee, Stolfo et al. - 1999 DBLP
63 Intrusion Detection Using Sequences of System Calls - Hofmeyr, Forrest et al. - 1998 DBLP
60 Detecting intrusions using system calls: Alternative data mo.. - Warrender, Forrest et al. - 1999 DBLP
54 Intrusion Detection via Static Analysis - Wagner, Dean - 2001 ACM DBLP
51 and Denial of Service: Eluding Network Intrusion Detection (context) - Ptacek, Newsham et al. - 1998
40 Temporal Sequence Learning and Data Reduction for Anomaly De.. - Lane, Brodley - 1999 ACM DBLP
27 Automated Response Using System-Call Delays - Somayaji, Forrest - 2000
25 Sequence Matching and Learning in Anomaly Detection for Comp.. - Lane, Brodley - 1997
20 Network Intrusion Detection: Evasion (context) - Handley, Kreibich et al. - 2001
12 Detecting Manipulated Remote Call Streams (context) - Gin, Jha et al. - 2002 ACM DBLP
11 Intrusion Detection Using Variable-Length Audit Trail Patter.. (context) - Wespi, Dacier et al. - 2000
8 Using Finite Automata to Mine Execution Data for Intrusion D.. - Michael, Ghosh - 2000 DBLP
7 Undermining an Anomaly-Based Intrusion Detection System Usin.. (context) - Tan, Killourhy et al. - 2002
6 Operating System Stability and Security through Process Home.. (context) - Somayaji - 2002 ACM
5 Hiding Intrusions: From the abnormal to the normal and beyon.. (context) - Tan, McHugh et al. - 2002 DBLP
4 Simulating Concurrent Intrusions for Testing Intrusion Detec.. - Chung, Puketza et al. - 1995
2 ACM Transactions on Information & System Security (context) - Schneider, policies - 2000
1 Using 3rd SANS Workshop on Intrusion Detection & Response (context) - Ghosh, Schwartzbard et al. - 1999
1 IEEE Symposium on Security & Privacy (context) - Forrest, Hofmeyr et al. - 1996
1 Learning 1st USENIX Workshop on Intrusion Detection & Networ.. (context) - Ghosh, Schwartzbard et al. - 1999
The graph only includes citing articles where the year of publication is known.
Documents on the same site (http://www.cs.berkeley.edu/~daw/papers/): More
Building PRFs from PRPs - Hall, Wagner, Kelsey, Schneier (1998) (Correct)
Cryptanalysis of TWOPRIME - Coppersmith, Wagner, Schneier, Kelsey (1998) (Correct)
Cryptanalysis of Some Recently-Proposed Multiple Modes of Operation - Wagner (1998) (Correct)
Online articles have much greater impact More about CiteSeer.IST Add search form to your site Submit documents Feedback
CiteSeer.IST - Copyright Penn State and NEC