Operational experiences with high-volume network intrusion detection

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2004, Pages 2-11

  Dreger, Holger ^a   Feldmann, Anja ^a   Paxson, Vern ^b   Sommer, Robin ^a  

^a TECHNICAL UNIVERSITY OF MUNICH   (Germany)

^b INTERNATIONAL COMPUTER SCIENCE INSTITUTE   (United States)

Author keywords

Bro; Evaluation; Network intrusion detection; Security

Indexed keywords

COMPUTER CRIME; COMPUTER HARDWARE; DATA STRUCTURES; EVALUATION; HIGH LEVEL LANGUAGES; PERSONAL COMPUTERS; SECURITY OF DATA; TELECOMMUNICATION TRAFFIC;

BRO; NETWORK INSTRUSION DETECTION SYSTEMS (NIDS); NETWORK MONITORING; RESOURCE MANAGEMENT;

COMPUTER NETWORKS;

EID: 14844312929     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1030083.1030086     Document Type: Conference Paper

References (28)

1. D. Agarwal, J. M. Gonzalez, G. Jin, and B. Tierney. An infrastructure for passive network monitoring of application data streams. In Proc. Passive and Active Measurement Workshop, 2003.
2. S. A. Crosby and D. S. Wallach. Denial of service via algorithmic complexity attacks. In Proc. 12th USENIX Security Symposium, 2003.
3. L. Deri. Improving passive packet capture: Beyond device polling. Technical report, University of Pisa, 2003.
4. A. Feldmann, A. C. Gilbert, and W. Willinger. Data networks as cascades: Investigating the multifractal nature of Internet WAN traffic. In Proc. of ACM SIGCOMM, 1998.
5. S. Floyd and V. Paxson. Difficulties in simulating the internet. IEEE/ACM Transactions on Networking, 9(4), 2001.
6. GNU Binutils. http://www.gnu.org/software/binutils.
7. M. Hall and K. Wiley. Capacity verification for high speed network intrusion detection systems. In Proc. Recent Advances in Intrusion Detection, number 2516 in Lecture Notes in Computer Science. Springer-Verlag, 2002.
8. C. Krügel, F. Valeur, G. Vigna, and R. A. Kemmerer. Stateful intrusion detection for high-speed networks. In Proc. IEEE Symposium on Security and Privacy, 2002.
9. W. Lee, J. B. Cabrera, A. Thomas, N. Balwalli, S. Saluja, and Y. Zhang. Performance adaptation in real-time intrusion detection systems. In Proc. Recent Advances in Intrusion Detection, number 2516 in Lecture Notes in Computer Science. Springer-Verlag, 2002.
10. S. McCanne and V. Jacobson. The BSD packet filter: A new architecture for user-level packet capture. In Proc. Winter 1993 USENIX Conference, 1993.
11. D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, and N. Weaver. Inside the Slammer worm. IEEE Magazine of Security and Privacy, 2003.
12. D. Moore and C. Shannon. The spread of the Witty. http://www.caida.org/ analysis/security/witty,2004.
13. D. Moore, G. M. Voelker, and S. Savage. Inferring Internet denial-of-service activity. In Proc, 10th USENIX Security Symposium, 2001.
14. mpatrol. http://www.cbmamiga.demon.co.uk/mpatrol.
15. V. Paxson. Empirically-derived analytic models of wide-area tcp connections. IEEE/ACM Transactions on Networking, 2(4), 1994.
16. V. Paxson. Bro: A system for detecting network intruders in real-time. Computer Networks, 31(23-24), 1999.
17. T. H. Ptacek and T. N. Newsham. Insertion, evasion, and denial of service: Eluding network intrusion detection. Technical report, Secure Networks, Inc., 1998.
18. M. I. Ranum. Experiences benchmarking intrusion detection systems. Technical report, NFR Security, Inc., http://www.itsecurity.com/papers/nfr2.htm, 2001.
19. M. Roesch. Snort: Lightweight intrusion detection for networks. In Proc. 13th Systems Administration Conference (LISA), pages 229-238, 1999.
20. Configuring SPAN and RSPAN (Cisco Catalyst 6500 Series). http://www.cisoo.com/univercd/cc/td/doc/produot/lan/cat6000/sw_7_5/conf%g_gd/ span.pdf.
21. Snot, http://www.stolenshoes.net/sniph/index.html.
22. R. Sommer and V. Paxson. Enhancing byte-level network intrusion detection signatures with context. In Proc. 10th ACM Conference on Computer and Communications Security, 2003.
23. R. Sommer and V. Paxson. Exploiting independent state for network intrusion detection. Technical report, TU München, 2004.
24. S. Staniford, V. Paxson, and N. Weaver. How to Own the Internet in your spare time. In Proc. 11th USENIX Security Symposium, 2002.
25. Stick. http://packetstormsecurity.nl/distributed/stick.htm.
26. tcpdump. http://www.tcpdump.org.
27. Valgrind.http://developer.kde.org/~sewardj/.
28. W. Willinger, M. S. Taqqu, R. Sherman, and D. V. Wilson. Self-similarity through high-variability: statistical analysis of ethemet lan traffic at the source level. IEEE/ACM Transactions on Networking, 5(1), 1997.