Intrusion-detection for incident-response, using a military battlefield-intelligence process

Computer Networks

Volumn 34, Issue 4, 2000, Pages 671-697

  Yuill, J ^a   Wu, F ^a   Settle, J ^a   Gong, F ^a   Forno, R ^a   Huang, M ^a   Asbery, J ^a  

^a North Carolina State University   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

DATA PRIVACY; DATA STRUCTURES; MATHEMATICAL MODELS; MILITARY ELECTRONIC COUNTERMEASURES; SECURITY OF DATA; SIGNAL DETECTION;

INTRUSION DETECTION SYSTEMS;

COMPUTER NETWORKS;

EID: 0034300584     PISSN: 13891286     EISSN: None     Source Type: Journal    
DOI: 10.1016/S1389-1286(00)00142-0     Document Type: Article

References (36)

1. E. Amoroso, Intrusion Detection, Intrusion.Net Books, 1999.
2. Maximum Security: A Hacker's Guide to Protecting Your Internet Site and Network, Sams.net Publishing, 1997.
3. T. Aslam et al., Use of a taxonomy of security faults, COAST Laboratory, Technical Report TR-96-051, Purdue University, 1996.
4. J. Cameron, Method in Software Development, JSP & JSD: The Jackson Approach to Software Development, IEEE Computer Society, Silver Spring, MD, 1983.
5. von Clausewitz C. On War. 1832;Princeton University Press, Princeton, NJ.
6. Denning D. Cryptography and Data Security. 1982;Addison-Wesley, Reading, MA.
7. DilDog, Back Orifice 2000, http://www.bo2k.com/, 2000.
8. D. Farmer et al., Improving the security of your site by breaking into it, full text at http://www.cerias.purdue.edu, comp.security.unix, December 1993.
9. R. Firth et al., Detecting signs of intrusion, Full text at http://www.cert.org, Carnegie Mellon University, Software Engineering Institute, Security Improvement Module CMU/SEI-SIM-001, 1997.
10. US Army Intelligence Center, FM 34-130 Intelligence Preparation of the Battlefield, Full-text at http://155.217.58.58/atdls.htm, US Army, 1994.
11. R. Forno et al., The art of information warfare: Insight into the knowledge warrior philosophy, Full text at http://www.upublish.com, Upublish.com, 1999.
12. Freedman D.et al. At Large: The Strange Case of the World's Biggest Internet Invasion. 1997;Simon & Schuster, New York.
13. Fyodor, nmap, http://www.insecure.org/, 2000.
14. R. Heuer, Psychology of intelligence analysis, Full text at http://www.odci.gov/csi/, CIA, Center for the Study of Intelligence, 1999.
15. D. Icove, Collaring the cybercrook: An investigator's view, IEEE Spectrum, 1997.
16. Invisible Evil, Hacking Kit v2.0.b, distributed on the Internet, 1997.
17. Godwin G.M. Hunting Serial Predators. 2000;CRC Press, Boca Raton.
18. A.A. Jalali et al., The other side of the mountain: Mujahideen tactics in the Soviet-Afghan war, US Marine Corps, Studies and Analysis Division, 1999.
19. G. Kim et al., The design of a system integrity monitor: Tripwire, Full text at http://www.cerias.purdue.edu/, COAST TR 93-01, Department of Computer Sciences, Purdue University, 1993.
20. K.P. Kossakowski et al., Responding to intrusions, Full text at http://www.cert.org, Carnegie Mellon University, Software Engineering Institute, Security Improvement Module CMU/SEI-SIM-006, 1999.
21. U. Lindqvist et al., How to systematically classify computer security intrusions, in: Proceedings of the 1997 IEEE Symposium on Security and Privacy, IEEE Computer Society Press, Silver Spring, MD, 1997.
22. McClure S.et al. Hacking Exposed: Network Security Secrets and Solutions. 1999;Osborne/McGraw-Hill, New York.
23. Doctrine Division, MCDP 1-3 Tactics, Full text at http://www.doctrine.usmc.mil, US Marine Corps, MCCDC, 1997.
24. Doctrine Division, MCDP 2 Intelligence, Full text at http://www.doctrine.usmc.mil, US Marine Corps, MCCDC, 1997.
25. MCI 7510B Tactical Fundamentals, US Marine Corps, Marine Corps Institute, 1984.
26. Doctrine Division, MCWP 2-1 Intelligence Operations, Full text at http://www.doctrine.usmc.mil, US Marine Corps, MCCDC, 1998.
27. C4I & MCIA, MCWP 2-12 MAGTF Intelligence Analysis and Production, Full text at http://www.doctrine.usmc.mil, US Marine Corps, MCCDC, Doctrine Division, 1999.
28. L. von Mises, Human Action, first ed., Ludwig von Mises Institute, 1949.
29. O'Hara C. Fundamentals of Criminal Investigation. 1994;Thomas, Springfield.
30. M. Reynolds, Crime by choice: An economic analysis, Fisher Institute, 1985.
31. S. Romig, State of the hack, Full text at ftp://ftp.net.ohio-state.edu:/users/romig/talks/state-of-the-hack, Ohio State University, UTS Network Security Group.
32. Rubin A.et al. Web Security Sourcebook. 1997;Wiley, New York.
33. E.E. Schultz et al., Responding to computer security incidents: Guidelines for incident handling, Full text at ftp://ciac.llnl.gov/pub/ciac/ciacdocs/ihg.txt, Technical report from Department of Energy, LLNL, 1990.
34. M. Slatalla, Masters of Deception: The Gang That Ruled Cyberspace, HarperCollins, 1995.
35. Super et al., The Undernet Botdocs: An Introduction to IRC Bots, http://www.undernet.org/documents/, Internet document, circa 1997.
36. West-Brown et al., Handbook for Computer Security Incident Response Teams (CSIRTS), Full text at http://www.sei.cmu.edu/, Carnegie Mellon, Software Engineering Institute, Handbook CMU/SEI-98-HB-001, 1998 AA avenue of approach AO areas of operation AOI areas of interest ARNC attack repair, neutralization and containment C-IPB Cyber-IPB CD compromised device COA course of action ID intrusion detection IDS intrusion-detection system IPB intelligence preparation of the battlespace IR incident response KCD known compromised device LCD likely compromised device MO method of operations USMC US Marine Corps.