Automatic generation and analysis of NIDS attacks

Proceedings - Annual Computer Security Applications Conference, ACSAC

Volumn , Issue , 2004, Pages 28-38

  Rubin, Shai ^a   Jha, Somesh ^a   Miller, Barton P ^a  

^a University of Wisconsin   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

AUTOMATIC GENERATION; NATURAL-DEDUCTION SYSTEMS; NETWORK INTRUSION DETECTION SYSTEM (NIDS); NIDS SIGNATURES;

DEMODULATION; INFORMATION ANALYSIS; KNOWLEDGE ACQUISITION; PROBLEM SOLVING; TELECOMMUNICATION NETWORKS; WORLD WIDE WEB;

ELECTRONIC DOCUMENT IDENTIFICATION SYSTEMS;

EID: 21644443817     PISSN: 10639527     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CSAC.2004.9     Document Type: Conference Paper

References (50)

1. Digital information society. Available at www.phreak.org.
2. D. Alessandri, editor. Towards a Taxonomy of Intrusion Detection Systems and Attacks. IBM Zurich Research Laboratory, September 2001. Deliverable D3, Project MAFTIA IST-1999-11583, Available at www.maftia.org.
3. B. Caswell, J. Bealeand, J. C. Foster, and J. Faircloth. Snort 2.0 Intrusion Detection, Syngress, Feb. 2003.
4. M. Christodorescu and S. Jha. Static analysis of executables to detect malicious patterns. In USENIX Security Symposium, Washington, DC, August 2003.
5. S. Crosby and D. Wallach. Denial of service via algorithmic complexity attacks. In USENIX Security Symposium, Washington, DC, August 2003.
6. M. Dacier, editor. Design of an Intrusion-Tolerant Intrusion Detection System. IBM Zurich Research Laboratory, August 2002. Deliverable D10, Project MAFTIA IST-1999-11583, Available at www.maftia.org.
7. H. Debar and B. Morin. Evaluation of the diagnostic capabilities of commercial intrusion detection systems. In International Symposium on Recent Advances in Intrusion Detection, Zurich, Switzerland, October 2002.
8. T. Detristan, T. Ulenspiegel, Y. Malcom, and M. S. Underduk. Polymorphic shellcode engine using spectrum analysis. Phrack Online Magazine, 61, August 2003.
9. S. W. Dietrich. Extension tables: Memo relations in logic programming. In The Fifth International Conference and Symposium on Logic Programming, San Francisco, CA, August 1987.
10. R. Fielding, J. Gettys, J. Mogul, H. Frystyk, L. Masinter, P. Leach, and T. Berners-Lee. RFC 2616 - Hypertext Transfer Protocol. The Internet Engineering Task Force, June 1999.
11. C. Giovanni. Fun with packets: Designing a stick, March 2001. Endeavor Systems, INC.
12. M. Handley and V. Paxson. Network intrusion detection: Evasion, traffic normalization, and end-to-end protocol semantics. In USENIX Security Symposium, Washington, DC, August 2001.
13. Internet Security Systems. RealSecure Network 10/100. Available at http://www.iss.net/.
14. C. Kruegel, F. Valeur, G. Vigna, and R. A. Kemmerer. Stateful intrusion detection for high-speed networks. In IEEE Symposium on Security and Privacy, Oakland, CA, May 2002.
15. W. Lee, J. B. D. Cabrera, A. Thomas, N. Balwalli, S. Saluja, and Y. Zhang. Performance adaptation in real-time intrusion detection systems. In International Symposium on Recent Advances in Intrusion Detection, Zurich, Switzerland, October 2002.
16. R. Lippmann, J. W. Haines, D. J. Fried, J. Korba, and K. Das. Analysis and results of the 1999 DARPA off-line intrusion detection evaluation. In International Symposium on Recent Advances in Intrusion Detection, Toulouse, France, October 2000.
17. R. P. Lippmann, D. J. Fried, I. Graf, J. W. Haines, K. R. Kendall, D. McClung, D. Weber, S. E. Webster, D. Wyschogrod, R. K. Cunningham, and M. A. Zissman. Evaluating intrusion detection systems: The 1998 DARPA off-line intrusion detection evaluation. In DARPA Information Survivability Conference and Exposition, Hilton Head, SC, January 2000.
18. R. Marti. THOR: A tool to test intrusion detection systems by variations of attacks. Master's thesis, Swiss Federal Institute of Technology, March 2002.
19. J. McHugh. Testing intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory. ACM Transactions on Information and System Security, 3(4), November 2000.
20. C. Meadows. A model of computation for the NRL protocol analyzer. In IEEE Computer Security Foundations Workshop (CSFW), Franconia, NH, June 1994.
21. MITRE Corporation. CVE: Common Vulnerabilities and Exposures. Available at www.eve.mitre.org.
22. D. Mutz, G. Vigna, and R. Kemmerer. An experience developing an IDS stimulator for the black-box testing of network intrusion detection systems. In Annual Computer Security Applications Conference, Las Vegas, NV, December 2003.
23. G. J. Myers. The Art of Software Testing. John Wiley & Sons, 1 edition, 1979.
24. L. Paulson. Mechanized proofs of security protocols: Needham-Schroeder with public keys. Technical Report 413, University of Cambridge Computer Laboratory, 1997.
25. V. Paxson. Bro: a system for detecting network intruders in real-time. Computer Networks, 31(23/24), December 1999.
26. J. Postel. RFC 793 - Transmission Control Protocol. The Internet Engineering Task Force, Sept. 1981.
27. J. Postel and J. Reynolds. RFC 959 - File Transfer Protocol. The Internet Engineering Task Force, 1985.
28. D. Prawitz. Natural Deduction: a Proof-Theoretical Study. Almquist and Wiskell, 1965.
29. T. H. Ptacek and T. N. Newsham. Custom attack simulation language (CASL). Available at www.sockpuppet.org/tqbf/casl.html.
30. T. H. Ptacek and T. N. Newsham. Insertion, evasion, and denial of service: Eluding network intrusion detection. Technical Report T2R-0Y6, Secure Networks, Inc., Calgary, Alberta, Canada, 1998.
31. Rain Forest Puppy. A look at whisker's anti-IDS tactics - just how bad can we ruin a good thing?, December 1999. Available at www.wiretrip.net/rfp/txt/whiskerids.html.
32. R. Ramakrishnan, D. Srivastava, and S. Sudarshan. Efficient bottom-up evaluation of logic programs. In Computer Systems and Software Engineering: State-Of-The-Art. Kluwer Academic Publishers, June 1992.
33. M. Roesch. Snort: the Open Source Network Intrusion Detection System. Available at www.snort.org.
34. S. Rubin, S. Jha, and B. P. Miller. Attack generation for NIDS testing using natural deduction. Technical Report 1496, University of Wisconsin, Madison, January 2004.
35. M. D. Schiffman. Libnet: A C library for portable packet creation and injection. Available at www.packetfactory.net/libnet.
36. Security Administrator Newsletter. Instant poll: Do you use Snort to implement an intrusion detection system (IDS) on your network?, October 2002. Available at http://www.winnetmag.com/Poll/.
37. U. Shankar and V. Paxson. Active mapping: Resisting NIDS evasion without altering traffic. In IEEE Symposium. on Security and Privacy, Oakland, CA, May 2003.
38. V. Shmatikov and U. Stern. Efficient finite-state analysis for large security protocols. In IEEE Computer Security Foundations Workshop (CSFW), Rockport, MA, June 1998.
39. Sniphs. Snot, January 2003. Available at www.stolenshoes.net/sniph/index.html.
40. R. Sommer and V. Paxson. Enhancing byte-level network intrusion detection signatures with context. In ACM Conference on Computer and Communications Security, Washington, DC, October 2003.
41. D. Song. Fragroute: a TCP/IP fragmenter, April 2002. Available at www.monkey.org/~dugsong/fragroute.
42. L. Sterling and E. Shapiro. The Art of Prolog. The MIT Press, 1994.
43. K. M. C. Tan, K. S. Killourhy, and R. A. Maxion. Undermining an anomaly-based intrusion detection system using common exploits. In International Symposium on Recent Advances in Intrusion Detection, Zurich, Switzerland, October 2002.
44. K. M. C. Tan, J. McHugh, and K. S. Killourhy. Hiding intrusions: From the abnormal to the normal and beyond. In The 5th International Workshop on Information Hiding, Noordwijkerhout, Netherlands, Oct. 2002.
45. The NSS Group. Intrusion detection systems (IDS) group test (Edition 2), December 2001. Available at www.nss.co.uk/ids/edition2/index.htm.
46. The NSS Group. Intrusion detection systems (IDS) group test (Edition 4), 2003. Available at www.nss.co.uk/ids/edition4/index.htm.
47. The Tcpdump Group. TCPDUMP/LIBPCAP. Available at www.tcpdump.org.
48. G. Vigna, W. Robertson, and D. Balzarotti. Testing network-based intrusion detection signatures using mutant exploits. In ACM Conference on Computer and Communications Security, Washington, DC, October 2004.
49. D. Wagner and P. Soto. Mimicry attacks on host-based intrusion detection systems. In ACM Conference on Computer and Communications Security, Washington, DC, November 2002.
50. D. Zimmerman. RFC 1288 - The Finger User Information Protocol. The Internet Engineering Task Force, December 1991.