Requirements of information reductions for cooperating intrusion detection agents

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 3995 LNCS, Issue , 2006, Pages 466-480

  Flegel, Ulrich ^a   Biskup, Joachim ^a  

^a TU DORTMUND UNIVERSITY   (Germany)

Author keywords

[No Author keywords available]

Indexed keywords

DATA PRIVACY; DATA TRANSFER; INFORMATION TECHNOLOGY; MATHEMATICAL MODELS; SECURITY OF DATA;

INFORMATION FLOW; INFORMATION REDUCTIONS; INTRUSION DETECTION; INTRUSION DETECTION AGENTS;

SECURITY SYSTEMS;

EID: 33746646762     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/11766155_33     Document Type: Conference Paper

References (32)

1. Ulrich Flegel. Pseudonymizing Audit Data for Privacy Respecting Misuse Detection. PhD thesis, University of Dortmund, Dept. of Computer Science, 2005.
2. Ulrich Flegel. Pseudonymizing Unix log files. In George Davida, Yair Frankel, and Owen Rees, editors, Proceedings of the Infrastructure Security Conference (InfraSec2002), number 2437 in Lecture Notes in Computer Science, pages 162-179, Bristol, United Kingdom, October 2002. Springer.
3. Joachim Biskup and Ulrich Flegel. Threshold-based identity recovery for privacy enhanced applications. In Sushil Jajodia and Pierangela Samarati, editors, Proceedings of the 7th ACM Conference on Computer and Communications Security, pages 71 -79, Athens, Greece, November 2000. ACM SIGSAC, ACM Press.
4. Adi Shamir. How to share a secret. Communications of the ACM, 22:612-613, 1979.
5. Giovanni Vigna, Richard A. Kemmerer, and Per Blix. Designing a web of highly-configurable intrusion detection sensors. In Lee et al. [32], pages 69-84.
6. Peng Ning, Sushil Jajodia, and X. Scan Wang. Intrusion Detection in Distributed Systems. Number 9 in Advances in Information Security. Springer, 2004.
7. Christopher Krgel, Fredrik Valeur, and Giovanni Vigna. Intrusion Detection and Correlation. Number 14 in Advances in Information Security. Springer, 2005.
8. Ming-Yuh Huang, Robert J. Jasper, and Thomas M. Wicks. A large scale distributed intrusion detection framework based on attack strategy analysis. Computer Networks, 31(23-24):2465-2475, 1999.
9. Tim Bass. Intrusion detection systems and multisensor data fusion. Communications of the ACM, 43(4):99-105, 2000.
10. Hervé Debar and Andreas Wespi. Aggregation and correlation of intrusion-detection alerts. In Lee et al. [32], pages 85-103.
11. Alfonso Valdes and Keith Skinner. Probabilistic alert correlation. In Lee et al. [32], pages 54-68.
12. Frédéric Cuppens. Managing alerts in a multi-intrusion detection environment. In Proceedings of the 17th Annual Computer Security Applications Conference (ACSAC 2001), pages 22-31, New Orleans, Louisiana, USA, December 2001. IEEE Computer Society Press.
13. Philip A. Porras, Martin W. Fong, and Alfonso Valdes. A mission-impact-based approach to INFOSEC alarm correlation. In Andreas Wespi, Giovanni Vigna, and Luca Deri, editors, Proceedings of the Fifth International Symposium on Recent Advances in Intrusion Detection (RAID 2002), number 2516 in Lecture Notes in Computer Science, pages 95-114, Zurich, Switzerland, October 2002. Springer.
14. Dingbang Xu and Peng Ning. Alert correlation through triggering events and common resources. In Proceedings of the 20th Annual Computer Security Applications Conference (ACSAC 2004), pages 360-369, Tucson, Arizona, USA, December 2004. IEEE Computer Society Press.
15. Louis Perrochon, Eunhei Jang, and David C. Luckham. Enlisting event patterns for cyber battlefield awareness. In Proceedings of the DARPA Information Survivability Conference and Exposition (DISCEX 2000), pages 1411-1422, Hilton Head, South Carolina, January 2000. DARPA and the IEEE Computer Society, IEEE Press.
16. Nathan Carey, Andrew Clark, and George Mohay. IDS interoperability and correlation using IDMEF and commodity systems. In Proceedings of the Fourth International Conference on Information and Communications Security (JCICS 2002), number 2513 in Lecture Notes in Computer Science, pages 252-264, Singapore, December 2002.
17. Benjamin Morin and Hervé Debar. Correlation of intrusion symptoms: An application of chronicles. In Giovanni Vigna, Erland Jonsson, and Christopher Krgel, editors, Proceedings of the Sixth International Symposium on Recent Advances in Intrusion Detection (RAID 2003), number 2820 in Lecture Notes in Computer Science, pages 94-112, Pittsburgh, Pennsylvania, USA, September 2003. Springer.
18. Oliver M. Dain and Robert K. Cunningham. Applications of Data Mining in Computer Security, chapter Fusing Heterogeneous Alert Streams into Scenarios. Kluwer, Boston, 2002.
19. Steven J. Templeton and Karl Levitt. A requires/provides model for computer attacks. In Proceedings of the New Security Paradigms Workshop, pages 31-38, Cork, Ireland, September 2000. ACM, ACM Press.
20. Frédéric Cuppens and Alexandre Miège. Alert correlation in a cooperative intrusion detection framework. In Proceedings of the IEEE Symposium on Research in Security and Privacy, pages 202-215, Berkeley, California, USA, May 2002. IEEE, IEEE Press.
21. Peng Ning, Yun Cui, Douglas S. Reeves, and Dingbang Xu. Techniques and tools for analyzing intrusion alerts. ACM Transactions on Information and System Security, 7(2):274-318, May 2004.
22. Peng Ning and Dingbang Xu. Learning attack strategies from intrusion alerts. In Sushil Jajodia, Vijay Atluri, and Trent Jaeger, editors, Proceedings of the 10th ACM Conference on Computer and Communications Security, pages 200-209, Washington, D.C., USA, October 2003. ACM SIGSAC, ACM Press.
23. Dorothy E. Denning. Cryptography and Data Security. Addison-Wesley, 1982.
24. Csilla Farkas and Sushil Jajodia. The inference problem: a survey. ACM SIGKDD Explorations Newsletter, 4(2):6-11, 2002.
25. Joachim Biskup and Piero A. Bonatti. Controlled query evaluation for enforcing confidentiality in complete information systems. International Journal of Information Security, 3(1):14-27, 2004.
26. Jun Xu, Jinliang Fan, Mostafa Ammar, and Sue B. Moon. Prefix-preserving IP address anonymization: Measurement-based security evaluation and a new cryptography-based scheme. In Proceedings of the 10th IEEE International Conference on Network Protocols (ICNP), pages 280-289, 2002.
27. Yifan Li, Adam Slagell, Katherine Luo, and William Yurcik. CANINE: A combined converter and anonymizer tool for processing netflows for security. In Proceedings of the international Conference on Telecommunication Systems - Modeling and Analysis (ICTSM 2005), Dallas, Texas, USA, November 2005.
28. Patrick Lincoln, Phillip Porras, and Vitaly Shmatikov. Privacy-preserving sharing and correlation of security alerts. In Proceedings of the 13th USENIX Security Symposium, pages 239-254, San Diego, California, USA, August 2004.
29. Dingbang Xu and Peng Ning. Privacy-preserving alert correlation: A concept hierarchy based approach. In Proceedings of the 21st Annual Computer Security Applications Conference (ACSAC 2005), pages 537-546, Tucson, Arizona, USA, December 2005. IEEE Computer Society Press.
30. Adam Slagell and William Yurcik. Sharing computer network logs for security and privacy: A motivation for new methodologies of anonymization. In Workshop on the Value of Security through Collaboration (SECOVAL), 2005.
31. Ruoming Pang and Vern Paxson. A high-level programming environment for packet trace anonymization and transformation. In Proceedings of the 2003 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (SIGCOMM 2003), pages 339-351, Karlsruhe, Germany, August 2003. ACM, ACM Press.
32. Wenke Lee, Ludovic Me and Andreas Wespi, editors. Proceedings of the Fourth International Symposium on Recent Advances in Intrusion Detection (RAID 2001), number 2212 in Lecture Notes in Computer Science, Davis, California, October 2001. Springer.