A real-time intrusion detection system (IDS) for large scale networks and its evaluations

IEICE Transactions on Communications

Volumn E82-B, Issue 11, 1999, Pages 1817-1825

  Katqt, Nei ^a   Nitotjt, Hiroaki ^b   Ohta, Kohei ^a   Mansfield, Glenn ^b   Nemoto, Yoshiaki ^b  

^a TOHOKU UNIVERSITY   (Japan)

^b Cyber Solutions Inc   (Japan)

Author keywords

Dynamic access tress; Intrusion detection system; Real time; Traffic monitoring; Traffic tendency

Indexed keywords

EID: 0037741425     PISSN: 09168516     EISSN: None     Source Type: Journal    
DOI: None     Document Type: Article

References (33)

1. JPCERT/CC at http://www.jpcert.or.jp/
2. "Illegal computer network access occurs frequently," ASAHI SHINBUN, p.31, July 3rd, 1998.
3. B. Mukherjee, L.T. Heberlein, and K.N. Levitt, "Network intrusion detection," IEEE Network, vol.8, no.3, pp.26-41, 1994.
4. D.E. Denning, "An intrusion-detection model," IEEE TVans. Software Engineering, vol.SE-13, no.2, pp.222-232, 1987.
5. O. Kyas, Internet Security: Risk Analysis, Strategies and Firewalls, International Thomson Publishing, 1997.
6. B. Fraser, Site Security Handbook, RFC219G, Sept. 1997.
7. S. Bellovin, Report of the IAB Security Architecture Workshop, RCF231G, April 1998.
8. WheelGroup Coporation, "Netranger," http://www.whee!group.com/
9. Internet Security System, http://www.iss.net/
10. [10 ] L.T. Heberlein, G. Dias, K.N. Levitt, B. Mukherjee, J. Wood, and D. Wolber, "A network security monitor," Proc. 1990 Symposium on Research in Security and Privacy, pp.296-303, 1990.
11. S.R. Snapp, J. Brentano, G. Dias, T.L. Goan, L.T. Heberlein, C.L. Ho, K.N. Levitt, B. Mukherjee, T. Grance, D.M. Teal, and D. Mansur, "DIDS (distributed intrusion detection system)-Motivation, architecture, and an early prototype,!' Proc. 14th National Computer Security Conference, pp.167-176, 1991.
12. P.A. Porras and P.G. Neuman, "EMERALD: Event monitoring enabling responses to anomalous live disturbances," Prof. National Information System Security Conference, pp.353-365, 1997.
13. U.S. Javitz and A. Valdes, "The NIDES statistical component-Description and justification," Technical Report, SRI International, 1994.
14. M. Iguchi and S. Goto, "Network surveillance for detecting intrusions," Proc. IWS'99 Internet Workshop'99, pp.134141, 1998.
15. M. Iguchi and S. Goto, "Detecting malicious activities through port profiling," IEICE Trans. Inf. fc Syst., vol.E82D, no.4, pp.784-792, April 1999.
16. [1C] S. Cheung, R. Crawford, M. Dilger, J. Frank, J. Hoagland, K. Levitt, J. Rowe, S. Staniford-Chen, R. Yip, and D. Zerkle, "The design of GrIDS: A graph-based intrusion detection system," U.C. Davis Computer Science Department Technical Report CSE-99-2, 1999.
17. Description about TOPIC at: http://www.topic.ad.jp/
18. "Butter overflows in some POP servers," CERT Advisory CA-98:08, July. 14, 1998.
19. "Buffer overflow in some implementations of IMAP servers," CERT Advisory CA-98:09, July 20, 1998.
20. "Multiple vulnerabilities in BIND," CERT Advisory CA-98:05, April 8, 1998.
21. J. Postel, "Internet control message protocol," 09/01/1981.
22. N. Kato, K. Ohta, T. Ika, G. Mansfield, and Y. Nemoto, "A proposal of event correlation for distributed network fault management and its evaluation," IEICE Trans. Commun., vol.E82-B, no.G, pp.859-8G7, June 1999.
23. J. Postel, "Transmission control protocol," 09/01/1981.
24. S. Waldbusser, "Remote network monitoring management information base," RFC 1757 02/10/1995.
25. Database Language SQL, ISO/IEC 9075.
26. W. Stallings, SNMP, SNMPv2, and CMIP-the Practical Guide to Network Management Standards, Addison-Wesley Publishing Company 1993.
27. K. McCloghrie and M. Rose, "Management information base for network management of tcp/ip-based internet: MIB-II," March 1991.
28. K.C. Claffy, H.-W. Braun, and G.G. Polyzos, "A param-eterizable methodology for internet traffic flow profiling," IEEE J. Select. Areas Commun., vol.13, no.8, pp.1481-1494, 1995.
29. J. Reynolds and J. Postel, "ASSIGNED NUMBERS," RFC1700, Oct. 1991.
30. T. Ibaraki, Algorithms and Data Structures, Syoukoudou, 1994.
31. "Multiple vulnerabilities in BIND," CERT Advisory CA-98:05, April 8, 1998.
32. "Sanitizing user-supplied data in CGI scripts," CERT Advisory CA-97:25, Nov. 10, 1997.
33. "Trojan horse version of TCP wrappers," CERT Advisory CA-99:01, Jan. 21, 1999.