Determining the operational limits of an anomaly-based intrusion detector

IEEE Journal on Selected Areas in Communications

Volumn 21, Issue 1, 2003, Pages 96-110

  Tan, Kymie M C ^a   Maxion, Roy A ^a  

^a Carnegie Mellon University ^*  (United States)

Author keywords

Anomaly; Anomaly detection; Evaluation; Intrusion detection; Stide

Indexed keywords

ALGORITHMS; COMPUTER VIRUSES; PROBABILITY; UNIX;

ANOMALY DETECTION TECHNIQUES; DATA SEQUENCES; INTRUSION DETECTION;

SECURITY OF DATA;

EID: 0037252253     PISSN: 07338716     EISSN: None     Source Type: Journal    
DOI: 10.1109/JSAC.2002.806130     Document Type: Article

References (13)

1. P. D'haeseleer, S. Forrest, and P. Helman, "An immunological approach to change detection: Algorithms, analysis and implications," in Proc. IEEE Symp. Security and Privacy, Oakland, CA, May 6-8, 1996, pp. 110-119.
2. S. Forrest, S. A. Hofmeyr, A. Somayaji, and T. A. Longstaff, "A sense of self for Unix processes," in Proc. IEEE Symp. Security and Privacy, Oakland, CA, May 6-8, 1996, pp. 120-128.
3. S. Forrest, A. S. Perelson, L. Allen, and R. Cherukuri, "Self-nonself discrimination in a computer," in Proc. IEEE Symp. Security and Privacy, Oakland, CA, May 16-18, 1994, pp. 202-212.
4. S. A. Hofmeyr, S. Forrest, and A. Somayaji, "Intrusion detection using sequences of system calls," J. Comput. Security, vol. 6, no. 3, pp. 151-180, 1998.
5. W. Lee and D. Xiang, "Information-theoretic measures for anomaly detection," in Proc. IEEE Symp. Security and Privacy, Oakland, CA, May 14-16, 2001, pp. 130-143.
6. C. Marceau, "Characterizing the behavior of a program using multiple-length n-grams," in Proc. New Security Paradigms Workshop, Bally-cotton, Ireland, Sept. 18-22, 2000, pp. 101-110.
7. G. Marsaglia, "A current view of random number generators," in Computer Science and Statistics: Proc. 16th Symp. Interface, L. Billard, Ed., Atlanta, GA, Mar. 1984, pp. 3-10.
8. R. A. Maxion and K. M. C. Tan, "Benchmarking anomaly-based detection systems," in Proc. Int. Conf. Dependable Systems and Networks, New York, NY, June 25-28, 2000, pp. 623-630.
9. ____, "Anomaly detection in embedded systems," IEEE Trans. Comput., Special Issue on Embedded Fault-Tolerant Systems, vol. 51, pp. 108-120, Feb. 2002.
10. M. Stillerman, C. Marceau, and M. Stillman, "Intrusion detection for distributed applications," Commun. ACM, vol. 42, no. 7, pp. 62-69, July 1999.
11. K. M. C. Tan, K. S. Killourhy, and R. A. Maxion, "Undermining an anomaly-based intrusion detection system using common exploits," in Lectures Notes in Computer Science, A. Wespi, G Vigna, and L Deri, Eds. Berlin, Germany: Springer-Verlag, 2002, vol. 2516, Fifth International Symposium on Recent Advances in Intrusion Detection (RAID-2002), pp. 54-73.
12. Univ. New Mexico, Albuquerque. (Feb. 2002) Computer Immune Systems, Data Sets and Software: Sequence-Based Intrusion Detection. [Online]. Available: http://www.cs.unm.edu/~immsec/systemcalls.htm
13. C. Warrender, S. Forrest, and B. Pearlmutter, "Detecting intrusions using system calls: Alternative data models," in Proc. IEEE Symp. Security and Privacy, Oakland, CA, May 9-12, 1999, pp. 133-145.