RACOON: Rapidly generating user command data for anomaly detection from customizable templates

Proceedings - Annual Computer Security Applications Conference, ACSAC

Volumn , Issue , 2004, Pages 189-202

  Chinchani, Ramkumar ^a   Muthukrishnan, Aarthie ^a   Chandrasekaran, Madhusudhanan ^a   Upadhyaya, Shambhu ^a  

^a UNIVERSITY AT BUFFALO   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

DATA AVAILABILITY; NETWORK AUDIT; RACOON; USER COMMAND DATA;

ALGORITHMS; COMPUTER HARDWARE; COMPUTER PROGRAMMING LANGUAGES; COMPUTER SIMULATION; DATA REDUCTION; MATHEMATICAL MODELS; PROBLEM SOLVING; SERVERS; WORLD WIDE WEB;

DATA REDUCTION;

EID: 21644478785     PISSN: 10639527     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (26)

1. E. L. Barse, H. Kvarnström, and E. Jonsson. Synthesizing test data for fraud detection systems. In Proceedings of the 19th Annual Computer Security Applications Conference(ACSAC 2003), 2003.
2. H. Debar, M. Dacier, A. Wespi, and S. Lampart. An experimentation workbench for intrusion detection systems. Technical Report RZ2998, IBM Research Division, Zurich Research Laboratory, Zurich, Switzerland, 1998.
3. M. H. DeGroot and M. J. Schervish. Probability and Statistics (3rd Edition). Pearson Addison Wesley, 2001.
4. S. Forrest, S. A. Hofmeyr, A. Somayaji, and T. A. Longstaff. A Sense of Self for Unix Processes. In Proceedinges of the 1996 IEEE Symposium on Research in Security and Privacy, pages 120-128. IEEE Computer Society Press, 1996.
5. A. Ghosh, A. Schwartzbard, and M. Schatz. Learning program behavior profiles for intrusion detection. In 1st USENIX Workshop on Intrusion Detection and Network Monitoring, Santa Clara, California, April 1999.
6. S. Greenberg. Using Unix: Collected Traces of 168 Users. Technical Report 88/333/45, Department of Computer Science, University of Calgary, Calgary, Canada, 1988.
7. T. Lane. Hidden markov models for human/computer interface modeling. In Proceedings of the IJCAI-99 Workshop on Learning About Users, pages 35-44, 1999.
8. T. Lane. Purdue UNIX User Data. http://www.cs.unm.edu/terran/research/data/Purdue_UNIX_user_data.tar.gz, 1999.
9. T. Lane and C. E. Brodley. An application of machine learning to anomaly detection. In Proceedings of the Twentieth National Information Systems Security Conference, volume 1, pages 366-380, Gaithersburg, MD, 1997. The National Institute of Standards and Technology and the National Computer Security Center, National Institute of Standards and Technology.
10. T. Lane and C. E. Brodley. Sequence matching and learning in anomaly detection for computer security. In Proceedings of AAAI-97 Workshop on AI Approaches to Fraud Detection and Risk Management, pages 43-49, 1997.
11. T. Lane and C. E. Brodley. An empirical study of two approaches to sequence learning for anomaly detection. Machine Learning, 1999. Under review.
12. W. Lee and D. Xiang. Information-theoretic measures for anomaly detection. In IEEE Symposium on Security and Privacy, 2001.
13. R. Lippmann, J. W. Haines, D. J. Fried, J. Korba, and K. Das. The 1999 DARPA Off-line Intrusion Detection Evaluation. Computer Networks: The International Journal of Computer and Telecommunications Networking (Special issue on recent advances in intrusion detection systems), 34(4):579 - 595, October 2000.
14. R. P. Lippmann, I. Graf, D. Wyschogrod, S. E. Webster, D. J. Weber, and S. Gorton. The 1998 DARPA/AFRL Off-Line Intrusion Detection Evaluation. In First International Workshop on Recent Advances in Intrusion Detection (RAID), Louvain-la-Neuve, Belgium, 1998.
15. R. A. Maxion. Masquerade detection using enriched command lines. In International Conference on Dependable Systems and Networks (DSN-03), San Franciso, CA, USA, June 2003.
16. R. A. Maxion and T. N. Townsend. Maquerade detection using truncated command lines. In International Conference on Dependable Systems and Networks (DSN'02), pages 219-228, June 2002.
17. J. McHugh. Testing intrusion detection systems: a critique of the 1998 and 1999 darpa intrusion detection system evaluations as performed by lincoln laboratory. ACM Transactions of Information and System Security (TISSEC), 3(4), November 2000.
18. ns2. The Network Simulator. http://www.isi.edu/nsnam/ns/ns-documentation.html.
19. OPNET. OPNET's Technology Guide for "Optimizing and Deploying Networked Applications, http://www.opnet.com.
20. A. Papoulis and S. U. Pillai. Probability, Random Variables and Stochastic Processes. 2001.
21. P. A. Porras and P. G. Neumann. EMERALD: event monitoring enabling responses to anomalous live disturbances. In 7997 National Information Systems Security Conference, oct 1997.
22. L. M. Rossey, R. K. Cunningham, D. J. Fried, J. C. Rebek, R. P. Lippmann, J. W. Haines, and M. A. Zissman. Lariat: Lincoln adaptable real-time information assurance testbed,. In 2002 IEEE Aerospace Conference, March 2002.
23. M. Schonlau. Masquerading User Data. http://www.schonlau.net/intrusion.html, 1998.
24. M. Schonlau, W. DuMouchel, W.-H. Ju, A. F. Karr, M. Theus, and Y. Vardi. Computer intrusion:detecting masquerades. Statistical Science, 16(1):58-74, 2000.
25. K. Wang and S. J. Stolfo. One class training for masquerade detection. In rd IEEE Conf Data Mining Workshop on Data Mining for Computer Security, 2003.
26. N. A. Weiss. Introductory Statistics 5/e. Pearson Addison Wesley.