Hi-DRA: Intrusion detection for Internet security

Proceedings of the IEEE

Volumn 93, Issue 10, 2005, Pages 1848-1857

  Kemmerer, Richard A ^a,b,c,d,e,f   Vigna, Giovanni ^a,b,c  

^a IEEE   (United States)

^b UNIVERSITY OF CALIFORNIA   (United States)

^c University of California   (United States)

^d ASSOCIATION FOR COMPUTING MACHINERY   (United States)

^e IFIP Working Group 113 on Database Security   (United States)

^f International Association for Cryptologic Research   (United States)

Author keywords

Alert correlation; Anomaly detection; Computer security; Intrusion detection; Misuse detection; Network security; Security

Indexed keywords

ABSTRACTING; COMPUTER NETWORKS; INTERNET; SENSORS; WIDE AREA NETWORKS;

ALERT CORRELATION; ANOMALY DETECTION; INTRUSION DETECTION; MISUSE DETECTION; NETWORK SECURITY; SECURITY;

SECURITY OF DATA;

EID: 26244432358     PISSN: 00189219     EISSN: None     Source Type: Journal    
DOI: 10.1109/JPROC.2005.853547     Document Type: Conference Paper

References (34)

1. G. Vigna, F. Valeur, J. Zhou, and R. Kemmerer, "Composable tools for network discovery and security analysis," in Proc. 18th Annu. Computer Security Applications Conf. (ACSAC '02) pp. 14-24.
2. A. Carzaniga, D. S. Rosenblum, and A. L. Wolf, "Achieving seal-ability and expressiveness in an internet-scale event notification service," in Proc. 19th Annu. ACM Symp. Principles of Distributed Computing 2000, pp. 219-227.
3. NSS Group, "Intrusion detection and vulnerability assessment," NSS, Cambridgeshire, U.K., Tech. Rep., 2000.
4. V. Paxson, "Bro: a system for detecting network intruders in real-time," presented at the 7th USENIX Security Symp., San Antonio, TX, 1998.
5. J. Pouzol and M. Ducassé, "From declarative signatures to misuse IDS," in Proc. RAID Int. Symp. W. Lee, L. Mé, and A. Wespi Eds., 2001, vol. 2212, Lecture Notes in Computer Science, pp. 1-21.
6. S. Eckmann, G. Vigna, and R. Kemmerer, "STATL: an attack language for state-based intrusion detection," presented at the ACM Workshop Intrusion Detection Systems, Athens, Greece, 2000.
7. M. Roesch, "Writing Snort rules: How to write Snort rules and keep your sanity," [Online]. Available: http://www.snort.org
8. C. Kruegel, F. Valeur, G. Vigna, and R. Kemmerer, "Stateful intrusion detection for high-speed networks," in Proc. IEEE Symp. Security and Privacy 2002, pp. 285-293.
9. M. Roesch, "Snort - lightweight intrusion detection for networks," presented at the USENIX LISA '99 Conf., Seattle, WA.
10. P. Neumann and P. Porras, "Experience with EMERALD to date," in Proc. 1st USENIX Workshop Intrusion Detection and Network Monitoring 1999, pp. 73-80.
11. NFR Security, "Overview of NFR Network Intrusion Detection System," Feb. 2001.
12. Realsecure. ISS, 2005 [Online]. Available: http://www.iss.net/
13. K. Ilgun, "USTAT: A real-time intrusion detection system for UNIX," Master's thesis, Comput. Sci. Dept., Univ. California, Santa Barbara, Jul. 1992.
14. _, "USTAT: A real-time intrusion detection system for UNIX," in Proc. IEEE Symp. Security and Privacy 1993, pp. 16-28.
15. P. Porras, "STAT - A state transition analysis tool for intrusion detection," Master's thesis, Comput. Sci. Dept., Univ. California, Santa Barbara, Jun. 1992.
16. G. Vigna, S. Eckmann, and R. Kemmerer, "The STAT tool suite," in Proc. DISCEX 2000 pp. 46-55.
17. K. Ilgun, R. Kemmerer, and P. Porras, "State transition analysis: a rule-based intrusion detection system," IEEE Trans. Softw. Eng., vol. 21, no. 3, pp. 181-199, Mar. 1995.
18. S. Eckmann, G. Vigna, and R. Kemmerer, "STATL: an attack language for state-based intrusion detection," J. Comput. Secur., vol. 10, no. 1/2, pp. 71-104, 2002.
19. Apache 2.0 Documentation. 2002 [Online]. Available: http://www.apache. org/
20. Sun Microsystems, Inc., "Installing, administering, and using the basic security module," Mountain View, CA, Dec. 1991.
21. G. Vigna, F. Valeur, and R. Kemmerer, "Designing and implementing a family of intrusion detection systems," presented at the Eur. Software Engineering Conf. and ACM SIGSOFT Symp. Foundations of Software Engineering (ESEC/FSE 2003), Helsinki, Finland.
22. G. Vigna, R. Kemmerer, and P. Blix, "Designing a web of highly-configurable intrusion detection sensors," in Proc. 4th Int. Symp. Recent Advances in Intrusion Detection (RAID 2001) W. Lee, L. Me, and A. Wespi Eds., vol. 2212, Lecture Notes in Computer Science, pp. 69-84.
23. G. Vigna and R. Kemmerer, "NetSTAT: a network-based intrusion detection approach," presented at the 14th Annu. Computer Security Application Conf., Scottsdale, AZ, 1998.
24. _, "NetSTAT: a network-based intrusion detection system," J. Comput. Secur., vol. 7, no. 1, pp. 37-71, 1999.
25. G. Vigna, B. Cassell, and D. Fayram, "An intrusion detection system for Aglets," in Proc. 6th Int. Conf. Mobile Agents (MA '02) N. Suri Ed., vol. 2535, Lecture Notes in Computer Science, pp. 64-77.
26. G. Vigna, W. Robertson, V. Kher, and R. Kemmerer, "A stateful intrusion detection system for world-wide web servers," in Proc. Annu. Computer Security Applications Conf. (ACSAC 2003) pp. 34-43.
27. S. Soman, C. Krintz, and G. Vigna, "Detecting malicious Java code using virtual machine auditing," in Proc. 12th USENIX Security Symp. V. Paxson Ed., 2003, pp. 153-167.
28. G. Vigna, S. Gwalani, K. Srinivasan, E. Belding-Royer, and R. Kemmerer, "An intrusion detection tool for AODV-based ad hoc wireless networks," in Proc. Annu. Computer Security Applications Conf. (ACSAC) 2004, pp. 16-27.
29. R. Kemmerer and G. Vigna, "Sensor families for intrusion detection infrastructures," in Managing Cyber Threats: Issues, Approaches and Challenges. New York: Springer, 2004.
30. R. Durst, T. Champion, B. Witten, E. Miller, and L. Spagnuolo, "Testing and evaluating computer intrusion detection systems," CACM, vol. 42, no. 7, pp. 53-61, Jul. 1999.
31. _, "Addendum to "testing and evaluating computer intrusion detection systems"," CACM, vol. 42, no. 9, p. 15, Sep. 1999.
32. J. Haines, D. Ryder, L. Tinnel, and S. Taylor, "Validation of sensor alert correlators," IEEE Security Privacy, vol. 1, no. 1, pp. 46-56, Jan./Feb. 2003.
33. F. Valeur, G. Vigna, C. Kruegel, and R. Kemmerer, "A comprehensive approach to intrusion detection alert correlation," IEEE Trans. Depend. Secure Comput., vol. 1, no. 3, pp. 146-169, Jul.-Sep. 2004.
34. P. Porras and P. Neumann, "EMERALD: event monitoring enabling responses to anomalous live disturbances," in Proc. 1997 National Information Systems Security Conf. pp. 353-365.