Testing network-based intrusion detection signatures using mutant exploits

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2004, Pages 21-30

  Vigna, Giovanni ^a   Robertson, William ^a   Balzarotti, Davide ^a  

^a UNIVERSITY OF CALIFORNIA   (United States)

Author keywords

Intrusion Detection; Quality Metrics; Security Testing

Indexed keywords

ABSTRACTING; AUTOMATION; COMPUTER CRIME; COMPUTER NETWORKS; ELECTRONIC DOCUMENT IDENTIFICATION SYSTEMS; LARGE SCALE SYSTEMS; MATHEMATICAL MODELS; SENSORS; TELECOMMUNICATION TRAFFIC;

INTRUSION DETECTION; MUTANTS; QUALITY METRICS; SECURITY TESTING;

SECURITY OF DATA;

EID: 14844322335     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1030083.1030088     Document Type: Conference Paper

References (34)

1. Anzen. nidsbench: A Network Intrusion Detection System Test Suite. http://packetstorm.widexs.nl/-UNIX/IDS/nidsbench/, 1999.
2. S. Aubert. Idswakeup. http://www.hsc.fr/-ressources/outils/idswakeup/, 2000.
3. W. Du and A. P. Mathur. Vulnerability Testing of Software System Using Fault Injection. Technical Report, COAST, Purdue University, West Lafayette, IN, US, April 1998.
4. R. Durst, T. Champion, B. Witten, E. Miller, and L. Spagnuolo. Addendum to "Testing and Evaluating Computer Intrusion Detection Systems". CACM, 42(9):15, September 1999.
5. R. Durst, T. Champion, B. Witten, E. Miller, and L. Spagnuolo. Testing and Evaluating Computer Intrusion Detection Systems. CACM, 42(7):53-61, July 1999.
6. J. Arlat, M. Aguera, L. Amat, Y. Crouzet, J. Fabre, J. Laprie, E. Martins, and D. Powell. Fault Injection for Dependability Validation: A Methodology and Some Applications. IEEE Transactions on Software Engineering, 16(2):166-182, 1990.
7. C. Giovanni. Fun with Packets: Designing a Stick. http://www.eurocompton. net/stick/, 2002.
8. J. Haines, D.K. Ryder, L. Tinnel, and S. Taylor. Validation of Sensor Alert Correlators. IEEE Security & Privacy Magazine, 1(1):46-56, January/February 2003.
9. R. Marty. Thor: A Tool to Test Intrusion Detection Systems by Variations of Attacks. ETH Zurich Diploma Thesis, March 2002.
10. K. Ilgun, R.A. Kemmerer, and P.A. Porras. State Transition Analysis: A Rule-Based Intrusion Detection System. IEEE Transactions on Software Engineering, 21(3):181-199, March 1995.
11. ISS. Realsecure 7.0. http://www.iss.net/, 2004.
12. D. Pradhan J. Clark. Fault Injection: A Method For Validating Computer-System Dependability. IEEE Computer, 28(6):47-56, 1995.
13. K2. ADMmutate. http://www.ktwo.ca/security.html, 2004.
14. R. Lippmann, D. Fried, I. Graf, J. Haines, K. Kendall, D. McClung, D. Weber, S. Webster, D. Wyschogrod, R. Cunningham, and M. Zissman. Evaluating Intrusion Detection Systems: The 1998 DARPA Off-line Intrusion Detection Evaluation. In Proceedings of the DARPA Information Survivability Conference and Exposition, Volume 2, Hilton Head, SC, January 2000.
15. J. McHugh. Testing Intrusion Detection Systems: A Critique of the 1998 and 1999 DARPA Intrusion Detection System Evaluations as Performed by Lincoln Laboratory. ACM Transaction on Information and System Security, 3(4), November 2000.
16. Metasploit Project. Metasploit. http://www.metasploit.com/, 2004.
17. D. Mutz, G. Vigna, and R.A. Kemmerer. An Experience Developing an IDS Stimulator for the Black-Box Testing of Network Intrusion Detection Systems. In Proceedings of the 2003 Annual Computer Security Applications Conference, Las Vegas, Nevada, December 2003.
18. Neohapsis OSEC Project. Neohapsis OSEC. http://osec.neohapsis.com/, 2004.
19. Netscape Communications Corporation. SSL 2.0 Protocol Specification. http://wp.netscape.com/eng/security/SSL.2.html, 1995.
20. th Edition), http://www.nss.co.uk/ips, 2004.
21. Network Working Group. Internet Protocol, Version 6 (IPv6) Specification. http://www.faqs.org/rfcs/rfc2460.html, 1998.
22. Network Working Group. Hypertext Transfer Protocol - HTTP/1.1. http://www.w3.org/Protocols/rfc2616/rfc2616.html, 1999.
23. Next Generation Software Security Ltd. NGSS Evaluation, http://www.nextgenss.com/, 2004.
24. T.H. Ptacek and T.N. Newsham. Insertion, Evasion and Denial of Service: Eluding Network Intrusion Detection. Technical Report, Secure Networks, January 1998.
25. R. J. Lipton R. A. DeMillo and F. G. Sayward. Hints on test data selection: Help for the practicing programmer. IEEE Computer, 11(4):34-43, 1978.
26. M. Ranum. Experience Benchmarking Intrusion Detection Systems. NFR Security White Paper, December 2001.
27. R. Graham. SideStep. http://www.robertgraham.com/tmp/sidestep.html, 2004.
28. M. Roesch. Snort - Lightweight Intrusion Detection for Networks. In Proceedings of the USENIX LISA '99 Conference, November 1999.
29. D. Aitel. Sharefuzz. http://www.atstake.com/research/tools/ vulnerability_scanning/, 2004.
30. Sniph. Snot, http://www.sec33.com/sniph/, 2001.
31. D. Aitel. Spike, http://www.immunitysec.com/resources-freesoftware.shtml, 2004.
32. The Apache HTTP Server Project. Apache HTTP Server, http://httpd.apache. org/, 2004.
33. The OpenSSL Project. OpenSSL. http://www.openssl.org/, 2004.
34. J. Voas, G. McGraw, L. Kassab, and L. Voas. A 'Crystal Ball' for Software Liability. IEEE Computer, 30(6):29-36, 1997.