A correlative context-based framework for network intrusion detection system

Proceedings - IEEE Symposium on Computers and Communications

Volumn , Issue , 2005, Pages 463-468

  Wang, Ye ^a   Abdel Wahab, Hussein ^a  

^a Old Dominion University   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

INTRUSION DETECTION SYSTEM (IDS); NETWORK CONTEXT AWARENESS (NCA); RESEARCH PROJECTS;

COMPUTER ARCHITECTURE; COMPUTER NETWORKS; CORRELATION METHODS; INFORMATION ANALYSIS; SECURITY OF DATA;

CONTENT BASED RETRIEVAL;

EID: 27544442589     PISSN: 15301346     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ISCC.2005.6     Document Type: Conference Paper

References (24)

1. ANDERSON, J. P. "Computer security threat monitoring and surveillance". Tech. Rep. Anderson Co. Fort Washington, PA. 1980
2. D. Barbara, J. Couto, S. Jajodia, L. Popyack, and N. Wu. "ADAM: Detecting intrusions by data mining". In Proc. of the IEEE Workshop on Information Assurance and Security, Jun. 2001.
3. W. Lee and S. Stolfo. "Data mining approaches for intrusion detection". In Proc. of the 7th USENIX Security Symposium (SECURITY'98), Jan. 1998.
4. SPADE, Silicon Defense, http://www.silicondefense.com/software/spice/
5. JAVITS, H. S. AND VALDES, A. "The NIDES statistical component: Description and justification". Technical Rep. SRI International, Computer Science Laboratory. 1993
6. A. Ghosh and A. Schwartzbard, "A study in using neural networks for anomaly and misuse detection", USENIX Security Symposium, 1999
7. KRUEGEL, C., VALEUR, F., VIGNA, G., AND KEMMERER, R. A. Staterul intrusion detection for high-speed networks. In IEEE Symp. on Security and Privacy Berkeley, CA, May 2002.
8. Peng Ning, Yun Cui, Douglas S. Reeves, "Constructing Attack Scenarios through Correlation of Intrusion Alerts," In Proceedings of the 9th ACM Conference on Computer & Communications Security, pages 245-254, Washington D.C., November 2002.
9. Klaus Julisch and Marc Dacier. "Mining intrusion detection alarms for actionable knowledge". In Proceedings of the 8th ACM International Conference on Knowledge Discovery and Data Mining, pages 366-375, July 2002.
10. A. Valdes and K. Skinner. "Probabilistic alert correlation", In Proc. of the 4th Int'l Symposium on Recent Advances in Intrusion Detection (RAID 2001), pages 54-68, 2001.
11. C. Abad et al. "Log Correlation for Intrusion Detection: A Proof of Concept". Annual Computer Security Applications Conf. (ACSAC), 2003.
12. F. Cuppens, A. Miege. "Alert Correlation in a Cooperative Intrusion Detection Framework", IEEE Symp. On Security and Privacy, 2002.
13. Nmap: http://www.insecure.org/nmap/
14. Nessus: http://www.nessus.org/
15. Ntop: http://www.ntop.org/
16. Snort: http:/www.snort.org/
17. Ptacek, T. H., Newsham, N. N., "Insertion, Evasion and Denial of Service: Eluding Network Intrusion Detection". Secure Networks Inc., January 1998.
18. DARPA dataset: http://www.ll.mit.edu/IST/ideval/data/data_index.html
19. MySQL: http://www.mysql.com/
20. Snort DB: http://www.snort.org/docs/snortdb.png
21. Tcpstat: http://www.frenchfries.net/paul/tcpstat/
22. R. Lippmann, R. K. Cunningham, D. J. Fried, I. Graf, K. R. Kendall, S. E. Webster, and M. A. Zissman. "Results of the 1998 DARPA Offline Intrusion Detection Evaluation", In Proc. Recent Advances in Intrusion Detection, 1999.
23. Tcpdump: http://www.tcpdump.org/
24. Mucus: http://www.cs.ucsb.edu/~rsg/Mucus/