Improving the efficiency of misuse detection

Lecture Notes in Computer Science

Volumn 3548, Issue Detection of Intrusions and Malware, and Vulnerability Assessment: Second International Conference, DIMVA 2005. Proceedings, 2005, Pages 188-205

  Meier, Michael ^a   Schmerl, Sebastian ^a   Koenig, Hartmut ^a  

^a BRANDENBURG UNIVERSITY OF TECHNOLOGY   (Germany)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER SYSTEMS; ELECTRONIC DOCUMENT IDENTIFICATION SYSTEMS; OPTIMIZATION; SYSTEMS ANALYSIS;

INTRUSION DETECTION SYSTEMS (IDS); MULTI-STEP ATTACKS;

SECURITY SYSTEMS;

EID: 26444432211     PISSN: 03029743     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1007/11506881_12     Document Type: Conference Paper

References (23)

1. M. Roesch: Snort - Lightweight Intrusion Detection for Networks. In: Proc. of the 13th System Administration Conference (LISA 1999), Seattle, WA, USA, pp. 229-238., USENIX Assoc., 1999.
2. Cisco Systems Inc.: NetFlow Services and Applications. White Paper. 15 Jul. 2002, http://www.cisco.com/warp/public/cc/pd/iosw/ioft/neflct/tech/ napps_wp.htm
3. J. McHugh: Set, Bags and Rock and Roll - Analyzing Large Datasets of Network Data. In: P. Samarati; D. Gollmann; R. Molva (eds.): Computer Security - ESORICS 2004, Proc. of the 9th European Symposium on Research in Computer Security, Sophia Antipolis, France, LNCS 3193, pp. 407-422, Springer Verlag, 2004.
4. R. Sommer; A. Feldmann: NetFlow: Information Loss or Win? In Proc. of the 2nd ACM SIG-COMM and USENIX Internet Measurement Workshop (IMW2002), Marseille, France, 2002.
5. C. Kruegel, T. Toth: Using Decision Trees to Improve Signature-based Intrusion Detection In: Proc. of the 6th Symposium on Recent Advances in Intrusion Detection (RAID), Pittsburgh, PA, USA, LNCS 2820, pp. 173-191, Springer Verlag, 2003.
6. K. G. Anagnostakis, E. P. Markatos, S. Antonatos, and M. Polychronakis. E2xB: A domain specific string matching algorithm for intrusion detection. In Proc. of the 18th IFIP International Information Security Conference (SEC2003), pp. 217-228, Kluwer Academic Publishing, 2003.
7. M. Meier: A Model for the Semantics of Attack Signatures in Misuse Detection Systems. In: Proc. of 7th Information Security Conference (ISC 2004), Palo Alto, CA, USA, LNCS 3225, pp. 158-169, Springer, 2004.
8. U. Flegel, M. Meier: Towards a Scalable Approach to Tailoring the Disclosure of Pseudonymous Audit Data to Misuse Detection Signatures. Internal discussion paper, 2002.
9. S. Schmerl: Entwurf und Entwicklung einer effizienten Analyseeinheit für Intrusion-Detection-Systeme (in German). Diploma Thesis, Chair Computer Networks and Communication Systems, Brandenburg University of Technology, Cottbus, Germany, 2004.
10. G. Vigna, S.T. Eckmann, R.A. Kemmerer: The STAT Tool Suite. In: Proc. of DARPA Information Survivability Conference and Exposition (DISCEX) 2000, Vol. 2, pp. 46-55, IEEE Press, Hilton Head, 2000.
11. S. Kumar: Classification and Detection of Computer Intrusions. PhD Thesis, Dept. of Computer Science, Purdue University, West Lafayette, IN, August 1995.
12. S.T. Eckmann, G. Vigna, R.A. Kemmerer: STATL: An Attack Language for State-based Intrusion Detection. In: Journal of Computer Security, vol. 10, no. 1/2, pp. 71-104, IOS Press, Amsterdam, 2002, ISSN 0926-227X.
13. F. Puppe: Einführung in Expertensysteme (in German). Springer-Verlag, Berlin, 1991, ISBN 3-540-54023-7.
14. P. G. Neumann; A. Ph. Porras: Experience with EMERALD to Date. In: Proc. of the First USENIX Workshop on Intrusion Detection and Network Monitoring, Santa Clara, California, USA, pp. 73 - 80, 1999.
15. P. E. Proctor: Audit reduction and misuse detection in heterogeneous environments: Framework and application. In: Proc. of the 10th Annual Computer Security Applications Conference, Orlando, FL, pp. 117 - 125, 1994.
16. M. Sobirey, B. Richter; H. König: The Intrusion Detection System AID. Architecture, and experiences in automated audit analysis. In: Proc. of the IFIP TC6/TC11 Conference on Communications and Multimedia Security, Essen, Germany, pp. 278-290, Chapman & Hall, London, 1996.
17. U. Lindqvist; P. A. Porras: Detecting Computer and Network Misuse Through the Production-Based Expert System Toolset (P-BEST). In: Proc. of the IEEE Symposium on Security and Privacy, Los Alamitos, CA, pp. 146-161, IEEE Press, 1999.
18. G. Riley: CLIPS - A Tool for Building Expert Systems. May 2004, http:// www.ghg.net/clips/CLIPS.html
19. TALARIAN CORPORATION: RTie Inference Engine. In: TALARIAN CORPORATION (eds.): RTworks 3.5. Mountain View, Ca, USA, 1995.
20. R. Krauz: Implementierung eines auf dem Expertensystem-Tool CLIPS basierenden Intrusion Detection Systems (in German). Student Research Thesis, Chair Computer Networks and Communication Systems, Brandenburg University of Technology, Cottbus, Germany, 2004.
21. C. L. Forgy: Rete: A Fast Algorithm for the Many Pattern/Many Object Pattern Match Problem. In: Artificial Intelligence, 19 (1982) 10, pp. 17-37, 1982.
22. A. V. Aho, R. Sethi, J. D. Ullman: Compilers - Principles, Techniques and Tools. Addison-Wesley, 1988.
23. Using RDTSC for benchmarking code on Pentium computers http://www. midnightbeach.com/jon/pubs/rdtsc.htm