Towards the scalable implementation of a user level anomaly detection system

Proceedings - IEEE Military Communications Conference MILCOM

Volumn 2, Issue , 2002, Pages 1503-1508

  Chinchani, Ramkumar ^a   Upadhyaya, Shambhu ^a   Kwiat, Kevin ^b  

^a State University of New York   (United States)

^b AIR FORCE RESEARCH LABORATORY   (United States)

Author keywords

Anomaly detection; Scalability; User level detection

Indexed keywords

COMPUTER CRIME; CRYPTOGRAPHY; FAULT TOLERANT COMPUTER SYSTEMS; MATHEMATICAL MODELS; SECURITY SYSTEMS;

ANOMALY DETECTION SYSTEM; SCALABILITY; USER LEVEL DETECTION;

SECURITY OF DATA;

EID: 0037001741     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (31)

1. H. Debar, M. Dacier and A. Wespie "Towards a Taxonomy of Intrusion Detection Systems", Computer Networks, Elsevier, Vol. 31, 1999, pp. 805-822.
2. T. F. Lunt, R. Jagannathan, R. Lee, A. Whitehurst and S. Listgarten, Knowledge based Intrusion Detection", Proceedings of Annual AI Systems in Government Conference, Washington D. C., March 1989.
3. S. E. Smaha, "Tools for Misuse Detection", Proceedings of ISSA'93, Crystal City, VA, April 1993.
4. S. Kumar and E. Spafford, "A Pattern Matching Model for Misuse Intrusion Detection", Proceedings of the 17th National Computer Security Conference, Oct. 1994, pp. 11-21.
5. P. A. Porras and R. A. Kemmerer, "Penetration State Transition Analysis - A Rule-Based Intrusion Detection Approach", Eight Annual Computer Security Applications Conference, IEEE Computer Society Press, November 30-December 4 1992, pp.220-229.
6. K. Ilgun, R. Kemmerer and P. Porras, "State Transition Analysis: A Rule Based Intrusion Detection System", IEEE Transactions on Software Engineering, Mar. 1995, 21(3).
7. F. Wang, F. Gong, F. S. Wu and H. Qi, "Design and Implementation of A New Intrusion Detection Approach: Property-Oriented Detection", Proceedings of the 2001 IEEE Workshop on Information Assurance and Security, United States Military Academy, West Point, New York, June 4-5, 2001, pp. 91-99.
8. D. E. Denning, "An Intrusion Detection Model", IEEE Transactions on Software Engineering, 13(2), 1987, pp. 222-232.
9. G. E. Liepins and H. S. Vaccaro, "Anomaly Detection: Purpose and Framework", Proceedings of the 12th National Computer Security Conference, Oct. 1989, pp. 495-504.
10. H. Javitz and A. Valdez, "The SRI IDES Statistical Anomaly Detector", Proceedings of IEEE Symposium on Research in Security and Privacy, May 1991, pp. 316-326.
11. R. Jagannathan, T. Lunt, D. Anderson, C. Dodd, F. Gilham, C. Jalali, H. Javitz, P. Neumann, A. Tamaru and A. Valdez, "System Design Document: Next Generation Intrusion Detection Expert System (NIDES). Technical Report A007/A008/A009/A011/A012/A014", SRI International, March 1993.
12. P. A. Porras and P. G. Neumann, "EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances", Proceedings of the 19th National Computer Security Conference, Baltimore, MD, Oct. 1997, pp. 353-365.
13. S. Stolfo, W. Fan, W. Lee, A. Prodromidis and P. Chan, "Cost-based Modeling for Fraud and Intrusion Detection: Results from the JAM Project", Proc. DARPA Information Survivability Conference and Exposition, IEEE Computer Press, 2000, pp. 130-144.
14. Y. Yemini, A. Dailianas, D. Florissi and G. Huberman, "Market-Net: Market-based Protection of Information Systems", Proceedings of ICE'98, First International Conference on information and Computation Economics, Charleston, SC, Oct. 1998.
15. T. Spyrou and J. Darzentas, "Intrusion Modeling: Approximating Computer User Intentions for Detection and Predictions of Intrustions", Information Systems Security, May 1996, pp. 319-335.
16. T. Lane, "Hidden Markov Models for Human/Computer Interface Modeling", Proceedings of the IJCAI'99 Workshop on Learning about Users, 1999, pp. 35-44.
17. T. Lane and C. E. Brodley, "Temporal Sequence Learning and Data Reduction For Anomaly Detection", ACM Transactions on Information and System Security, 2(3), 1999, pp. 295-331.
18. S. Upadhyaya and K. Kwiat, "A Distributed Concurrent Intrusion Detection Scheme Based on Assertions", SCS International Symposium on Performance Evaluation of Computer and Telecommunications Systems, June 1999, pp. 369-376.
19. J. Feldman, J. Giordano and J. Palmer, "Information Survivability at Rome Laboratory", 1997 IEEE Information Survivability Workshop, 1997.
20. S. Upadhyaya, R. Chinchani and K. Kwiat, "An Analytical Framework for Reasoning About Intrusions", 20th IEEE Symposium on Reliable and Distributed Systems, New Orleans, LA, USA, Oct. 2001, pp. 99-108.
21. K. Mantha, R. Chinchani, S. Upadhyaya and K. Kwiat, "Simulation of Intrusion Detection in Distributed Systems", SCS Summer Simulation Conference, July 2000.
22. Claude Lecommandeur, http://ctwm.dl.nu.
23. Robert Nation et. al, http://www.fvwm.org.
24. The Open Group, http://www.opengroup.org/cde.
25. G. C. Necula and P. Lee, "Proof-Carrying Code" Proceedings of the 24th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, Paris, Jan. 1997, pp. 106-119.
26. R. Sekar, C. R. Ramkrishnan, I. V. Ramamkrishnan and Scott A. Smolka, "Model-Carrying Code (MCC): A New Paradigm for Mobile-Code Security", New Security Paradigms Workshop (NSPW'01), Cloudcroft, New Mexico, Sept. 2001.
27. C. Ko, M. Ruschitzka and K. Levitt, "Execution Monitoring of Security-Critical Programs in Distributed Systems: A Specification-based Approach", IEEE Symposium on Security and Privacy, Oakland, CA, USA, May 1997, pp. 175-188.
28. A. Somayaji and S. Forrest, "Automated Response Using System-Call Delays", Usenix Security Symposium, 2000.
29. K. Jain and R. Sekar, "User-Level Infrastructure for System Call Interception: A Platform for Intrusion Detection and Confinement", Network and Distributed Systems Security Symposium (NDSS), 2000.
30. T. Fraser, L. Badger and M. Feldman, "Hardening COTS Software with Generic Software Wrappers", Symposium on Security and Privacy, 1999.
31. T. Mitchum, R. Lu and R. O'Brien, "Using Kernel Hypervisors to Secure Applications", Annual Computer Security Conference, Dec. 1997.