A methodology for testing intrusion detection systems

IEEE Transactions on Software Engineering

Volumn 22, Issue 10, 1996, Pages 719-729

  Puketza, Nicholas J ^a   Zhang, Kui ^b   Chung, Mandy ^a   Mukherjee, Biswanath ^b   Olsson, Ronald A ^a  

^a UNIVERSITY OF CALIFORNIA   (United States)

^b HEWLETT PACKARD COMPANY   (United States)

Author keywords

Computer security; Computer user simulation; Intrusion detection; Software testing

Indexed keywords

EID: 0001214789     PISSN: 00985589     EISSN: None     Source Type: Journal    
DOI: 10.1109/32.544350     Document Type: Article

References (35)

1. D. Anderson et al., "Next Generation Intrusion Detection Expert System (NIDES)," Software Design, Product Specification, and Version Description Document, Project 3131, SRI Int'l, July 11, 1994.
2. R.G. Bace, Division of Infosec Computer Science, Research, and Technology, Nat'l Security Agency, private communication, May 1995.
3. S.M. Bellovin, "There Be Dragons," Proc. Third USENIX UNIX Security Symp., pp. 1-16, Baltimore, Sept. 1992.
4. S.M. Bellovin, "Security Problems in the TCP/IP Protocol Suite," ACM Computer Comm. Rev., vol. 19, no. 2, pp. 32-48, Apr. 1989.
5. M. Bishop, "A Taxonomy of UNIX System and Network Vulnerabilities," Technical Report CSE-95-10, Univ. of California at Davis, Sept. 1995.
6. P. Brinch Hansen, "Reproducible Testing of Monitors," Software Practice and Experience, vol. 8, pp. 721-729, 1978.
7. M. Chung, N. Puketza, R.A. Olsson, and B. Mukherjee, "Simulating Concurrent Intrusions for Testing Intrusion Detection Systems: Parallelizing Intrusions," Proc., 18th Nat'l Information Systems Security Conf., pp. 173-183, Baltimore, Oct. 1995.
8. D.E. Denning, "An Intrusion-Detection Model," IEEE Trans. Software Eng., vol. 13, no. 2, pp. 222-232, Feb. 1987.
9. C. Dowell and P. Ramstedt, "The COMPUTERWATCH Data Reduction Tool," Proc. 13th Nat'l Computer Security Conf., pp. 99-108, Washington, D.C., Oct. 1990.
10. D. Farmer and W. Venema, "Improving the Security of Your Site by Breaking into It," USENET posting, Dec. 1993.
11. D. Farmer and E.H. Spafford, "The COPS Security Checker System," Proc. Summer USENIX Conf., pp. 165-170, June 1990.
12. L.D. Gary, talk presented in "Crime on the Internet" session, 17th Nat'l Computer Security Conf., Baltimore, Oct. 12, 1994.
13. L.T. Heberlein, G. Dias, K. Levitt, B. Mukherjee, J. Wood, and D. Wolber, "A Network Security Monitor," Proc. 1990 IEEE Symp. Research in Security and Privacy, pp. 296-304, Oakland, Calif., May 1990.
14. J. Hochberg et al., "NADIR: An Automated System for Detecting Network Intrusion and Misuse," Computers and Security, vol. 12, no. 3, pp. 235-248, May 1993.
15. K. Ilgun, "USTAT: A Real-Time Intrusion Detection System for UNIX," Proc. IEEE Symp. Research in Security and Privacy, pp. 16-28, Oakland, Calif., May 1993.
16. K. Ilgun, R.A. Kemmerer, and P.A. Porras, "State Transition Analysis: A Rule-Based Intrusion Detection Approach," IEEE Trans. Software Eng., vol. 21, no. 3, pp. 181-199, Mar. 1995.
17. H.S. Javitz and A. Valdes, "The SRI IDES Statistical Anomaly Detector," Proc. IEEE Symp. Research in Security and Privacy, pp. 316-376, Oakland, Calif., May 1991.
18. S. Kumar and E.H. Spafford, "A Software Architecture to Support Misuse Intrusion Detection," Technical Report CSD-TK-95-009, Purduc Univ., Mar. 17, 1995.
19. S. Kumar and E.H. Spafford, "An Application of Pattern Matching in Intrusion Detection," Technical Report CSD-TR-94-013, Purdue Univ., June 17, 1994.
20. S. Kumar and E.H. Spafford, "A Pattern Matching Model for Misuse Intrusion Detection," Proc. 17th Nat'l Computer Security Conf., pp. 11-21, Baltimore, Oct. 1994.
21. C.E. Landwehr et al., "A Taxonomy of Computer Program Security Flaws," ACM Computing Surveys, vol. 26, no. 3, pp. 211-254, Sept. 1994.
22. T.J. LeBlanc and J.M. Mellor-Crummey, "Debugging Parallel Programs with Instant Replay," IEEE Trans. Computers, vol. 36, no. 4. pp. 471-482, Apr. 1987.
23. D. Libes, Exploring Expect: A Tel-Based Toolkit for Automating Interactive Programs. O'Reilly & Associates, 1994.
24. T.F. Lunt et al., "IDES: A Progress Report," Proc. Sixth Ann. Computer Security Applications Conf., Tucson, Ariz., Dec. 1990.
25. T.F. Lunt et al., "A Real-Time Intrusion Detection Expert System(IDES)," Interim Progress Report, Project 6784, SRI Int'l, May 1990.
26. G.J. Myers, The Art of Software Testing. John Wiley & Sons, 1979.
27. B. Mukherjee, L.T. Heberlein, and K.N. Levitt, "Network Intrusion Detection," IEEE Network, vol. 8, no. 3, pp. 26-41, May/June 1994.
28. P.C. Neumann and D.B. Parker, "A Summary of Computer Misuse Techniques," Proc. 12th Nat'l Computer Security Conf., pp. 396-407, Baltimore, Oct. 1989.
29. J.K. Ousterhout, Tcl and the Tk Toolkit. Addison-Wesley, 1994.
30. D.R. Safford, D.L. Schales, and O.K. Hess, "The TAMU Security Package: An Ongoing Response to Internet Intruders in an Academic Environment," Proc. Fourth USENIX UNIX Security Symp., pp. 91-118, Santa Clara, Calif., Oct. 1993.
31. M.M. Sebring, E. Shellhouse, M.E. Hanna, and R.A. Whitehurst, "Expert Systems in Intrusion Detection: A Case Study," Proc. 11th Nat'l Computer Security Conf., pp. 74-81, Baltimore, Oct. 1988.
32. S.E. Smaha, "Haystack: An Intrusion Detection System," Proc. IEEE Fourth Aerospace Computer Security Applications Conf., Orlando, Fla., Dec. 1988.
33. S. Snapp, J. Brentano, G. Dias, T. Goan, L. Heberlein, C. Ho, K. Levitt, B. Mukherjee, S. Smaha, T. Grance, D. Teal, and D. Mansur, "DIDS (Distributed Intrusion Detection System) - Motivation, Architecture, and An Early Prototype," Proc. 14th Nat'l Computer Security Conf., pp. 167-176, Washington, D.C., Oct. 1991.
34. E.J. Weyuker and B. Jeng, "Analyzing Partition Testing Strategies," IEEE Trans. Software Eng., vol. 17, no. 7, pp. 703-711, July 1991.
35. K. Zhang, "A Methodology for Testing Intrusion Detection Systems," MS thesis, Univ. of California at Davis, May 1993.