Live Traffic Analysis of TCP/IP Gateways

Proceedings of the Symposium on Network and Distributed System Security, NDSS 1998

Volumn , Issue , 1998, Pages

  Porras, Phillip A ^a   Valdes, Alfonso ^b  

^a SRI INTERNATIONAL   (United States)

^b Radiophysics Laboratory   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

GATEWAYS (COMPUTER NETWORKS); TRANSMISSION CONTROL PROTOCOL;

ANALYSIS TECHNIQUES; EXCEPTIONAL EVENTS; FILTERING MECHANISM; FLOWTHROUGH; LARGE ENTERPRISE; MALICIOUS ACTIVITIES; NETWORK TRAFFIC; PACKET STREAMS; TCP/IP PACKET; TRAFFIC ANALYSIS;

NETWORK SECURITY;

EID: 0038323501     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (27)

1. D. Anderson, T. Frivold, and A. Valdes. Next-generation intrusion-detection expert system (NIDES): Final technical report. Technical report, Computer Science Laboratory, SRI International , Menlo Park, CA, 16November 1994.
2. B. Chapman and E. Zwicky. Building internet firewalls. O'Reilly and Associates, Inc. Sebastopol, CA, 1995.
3. D. Chapman. Network (in)security through IP packet filtering. In Proceedings of the Third USENIX Unix Security Symposium, Baltimore, MD, September 1992.
4. W.R. Cheswick and S.M. Bellovin. Firewalls and internet security: Repelling the wily hacker. Addison-Wesley, Reading, MA, 1994.
5. D.E. Denning. An intrusion-detection model. IEEE Transactions on Software Engineering, 13(2), February 1987.
6. L.T. Heberlein, G. Dias, K.N. Levitt, B. Mukherjee, J. Wood, and D. Wolber. A network security monitor. In Proceedings of the Symposium on Research in Security and Privacy, pages 296-303, Oakland, CA, May 1990. IEEE Computer Society.
7. K. ackson, D. DuBois, and C. Stallings. An expert system application for network intrusion detection. In Proceedings of the Fourteenth Computer Security Group Conference. Department of Energy, 1991.
8. G. Jakobson and M.D. Weissman. Alarmcorrelation. IEEE Network, pages 52-59, November 1993.
9. H.S. Javitz and A. Valdes. The NIDES statistical component description and justification. Technical report, Computer Science Laboratory, SRI International, Menlo Park, CA, March 1994.
10. H.S. Javitz, A. Valdes, D.E. Denning, and P.G. Neumann. Analytical techniques development for a statistical intrusion-detection system (SIDS) based on accounting records. Technical report, SRI International, Menlo Park, CA, July 1986.
11. S. Kliger, S. Yemini, Y. Yemini, D. Ohsie, and S. Stolfo. A coding approach to event correlation. In Proceedi ngs of the ourth International Symposium on Integrated etwork Management IFIP/IEEE, Santa Barbara, CA, May 1995, pages 266-277. Chapman & Hall , London, England, 1995.
12. T.F. Lunt, R. Jagannathan, R. Lee, A. Whitehurst, and S. Listgarten. Knowledge-based intrusion detection. In Proceedings of the AI Systems in Government Conference, March 1989.
13. T.F. Lunt, A. Tamaru, F. Gilham, R. Jagannathan, C. Jalali , P.G. Neumann, H.S. Javitz, and A. Valdes. A real-time intrusion-detection expert system (IDES). Technical report, Computer Science Laboratory, SRI International, Menlo Park, CA, 28 February 1992.
14. Uriel Maimon. Port scanning without the SYN flag. Phrack Magazine, vol. 7, issue 49.
15. M. Mansouri-Samani and M. Sloman. Monitoring distributed systems. IEEE Network, pages 20-30, November 1993.
16. K. Meyer, M. Erlinger, J. Betser, C. Sunshine, G. Goldszmidt, and Y. Yemini. Decentralizing control and intelligence in network management. In Proceedings of the Fourth International Symposium on Integrated Network Management IFIIP/IEEE, Santa Barbara, CA, May , pages 4-16. Chapman & Hall, London, England, 1995.
17. Robert T. Morris. A weakness in the 4.2bsd UNIX TCP/IPsoftware. In Computing Science Technical Report 117. AT&T Bell Laboratories, Murray Hills, NJ, 25 February 1985.
18. A. Mounji, B. Le Charlier, and D. Zampunieris. Distributed audit trail analysis. In Proceedings of the ISOC Symposium on Network and Distributed System Security, pages 102-112, February 1995.
19. P.A. Porras. STAT: A State Transition Analysis Tool for intrusion detection. Master's thesis, Computer Science Department, University of California, Santa Barbara, July 1992.
20. P.A. Porras and P.G. Neumann. EMERALD: Event monitoring enabling responses to anomalous live disturbances. In National Information Systems Security Conference, pages 353-365, Baltimore, MD, October 1997.
21. J. Postel. Internet protocol, request for comment, RFC791. Technical report, Information Sciences Institute, September 1981.
22. L. Ricciulli and N. Shacham. Modeling correlated alarms in network management systems. In Communication Networks and Distributed Systems Modeling and Simulation, 1997.
23. S.R. Snapp, J. Brentano, G.V. Dias, T.L. Goan, L.T. Heberlein, C.-L. Ho, K.N. Levitt, B. Mukherjee, T. Grance, D.M. Teal, and D. Mansur. DIDS (Distributed Intrusion Detection System) -motivation, architecture, and an early prototype. In Proceedings of the Fourteenth National Computer Security Conference, pages 167-176, Washington, D.C., 1-4 October 1991. NIST/NCSC
24. S. Staniford-Chen, S. Cheung, R. Crawford, M. Dilger, J. Frank, J. Hoagland, K. Levitt, C. Wee, R. Yip, and D. Zerkle. GrIDS-a graph based intrusion detection system for large networks. In Proceedings of the Nineteenth National Information Systems Security Conference, pages 361-370 (Volume I), Washington. D.C., October 1996. NIST/NCSC.
25. S. Staniford-Chen and L.T. Heberlein. Holding intruders accountable on the internet. In Proceedings of the I Symposiumon Security and Privacy, 1995.
26. A. Valdes and D. Anderson. Statistical methods for computer usage anomaly detection using NIDES. Proceedings of the Third International Workshop on Rough Sets and Soft Computing (RSSC94), San Jose, January 1995.
27. W. Venema. Project SATAN: UNIX/internet security. In Proceedings of the COMPSEC-95 Conference, Elsevier, London, 1995.