Towards an information-theoretic framework for analyzing intrusion detection systems

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 4189 LNCS, Issue , 2006, Pages 527-546

  Gu, Ofei ^a   Fogla, Prahlad ^a   Dagon, David ^a   Lee, Wenke ^a   Skoric, Boris ^b  

^a GEORGIA INSTITUTE OF TECHNOLOGY   (United States)

^b PHILIPS RESEARCH LABORATORIES   (Netherlands)

Author keywords

[No Author keywords available]

Indexed keywords

INFORMATION THEORY; SECURITY OF DATA; SET THEORY; SYSTEMS ANALYSIS;

DYNAMIC FINE TUNING; INTRUSION DETECTION SYSTEMS; MATHEMATICAL THEORY;

CONTROL SYSTEM ANALYSIS;

EID: 33750264822     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/11863908_32     Document Type: Conference Paper

References (31)

1. Kdd cup 1999 data. Available at http://kdd.ics.uci.edu/databases/ kddcup99/, 2006.
2. Nahla Ben Amor, Salem Benferhat, and Zied Elouedi. Naive bayes vs decision trees in intrusion detection systems. In SAC '04, 2004.
3. S. Axelsson. The base-rate fallacy and its implications for the difficulty of intrusion detection. In Proceedings of ACM CCS'1999, November 1999.
4. Stefan Axelsson. A preliminary attempt to apply detection and estimation theory to intrusion detection. Technical Report 00-4, Dept. of Computer Engineering, Chalmers Univerity of Technology, Sweden, March 2000.
5. Alvaro Cardenas, Karl Seamon, and John Baras. A Framework for the Evaluation of Intrusion Detection Systems. In Proceedings of the 2006 IEEE Symposium on Security and Privacy, Oakland, California, May 2006.
6. Thomas Cover and Joy Thomas. Elements of Information Theory. John Wiley, 1991.
7. Giovanni Di Crescenzo, Abhrajit Ghosh, and Rajesh Talpade. Towards a theory of intrusion detection. In ESORICS'05, 2005.
8. Herve' Debar, Marc Dacier, and Andreas Wespi. Towards a taxonomy of intrusion-detection systems. Computer Networks, 31(8):805-822, 1999.
9. D. Denning. An intrusion-detection model. IEEE Transactions on Software Engineering, 13(2), Feb 1987.
10. Guofei Gu, Prahlad Fogla, David Dagon, Wenke Lee, and Boris Skoric. Measuring intrusion detection capability: An information-theoretic approach. In Proceedings of ACM Symposium on InformAction, Computer and Communications Security (ASIACCS'06), March 2006.
11. Mark Handley, Vern Paxson, and Christian Kreibich. Network intrusion detection: Evasion, traffic normalization, and end-to-end protocol semantics. In Proc. USENIX Security Symposium 2001, 2001.
12. P. Helman and G. Liepins. Statistical foundations of audit trail analysis for the detection of computer misuse. IEEE Transactions on Software Engineering, 19(9), September 1993.
13. Wenjie Hu, Yihua Liao, and V. Rao Vemuri. Robust support vector machines for anomaly detection in computer security. In Proc. 2003 International Conference on Machine Learning and Applications (ICMLA'03), 2003.
14. Hyang-Ah Kim and Brad Karp. Autograph: Toward automated, distributed worm signature detection. In USENIX Security Symposium, pages 271-286, 2004.
15. Anukool Lakhina, Mark Crovella, and Christophe Diot. Mining anomalies using traffic feature distributions. In SIGCOMM '05, 2005.
16. W. Lee and D. Xiang. Information-theoretic measures for anomaly detection. In Proceedings of the 2001 IEEE Symposium on Security and Privacy, May 2001.
17. Wenke Lee and Salvatore J. Stolfo. A framework for constructing features and models for intrusion detection systems. ACM Transactions on Information and System Security (TISSEC), 3(4):p.227-261, 2000.
18. Massachusetts Institute of Technology Lincoln Laboratory. 1998 darpa intrusion detection evaluation data set overview. http://www.ll.mit.edu/IST/ ideval/, 2005.
19. Teresa F. Lunt. Panel:foundations for intrusion detection. In Proc. 13th Computer Security Foundations Workshop (CSFW 2000), 2000.
20. John McHugh. Testing intrusion detection systems: A critique of the 1998 and 1999 darpa off-line intrusion detection system evaluation as performed by lincoln laboratory. ACM Transactions on Information and System Security, 3(4), November 2000.
21. Tom Mitchell. Machine Learning. McGraw-Hill, 1997.
22. James Newsome, Brad Karp, and Dawn Song. Polygraph: Automatically generating signatures for polymorphic worms. In IEEE S&P '05, 2005.
23. Vern Paxson. Bro: A system for detecting network intruders in real-time. Computer Networks, 31(23-24):2435-2463, December 1999.
24. T. H. Ptacek and T. N. Newsham. Insertion, evasion, and denial of service: Eluding network intrusion detection. Technical report, Secure Networks Inc., January 1998.
25. Nicholas J. Puketza, Kui Zhang, Mandy Chung, Biswanath Mukherjee, and Ronald A. Olsson. A methodology for testing intrusion detection systems. IEEE Transactions on Software Engineering, 22(10):719-729, 1996.
26. M. Roesch. Snort - lightweight intrusion detection for networks. In Proceedings of USENIX LISA'99, 1999.
27. Robin Sommer and Vern Paxson. Enhancing byte-level network intrusion detection signatures with context. In CCS '03, 2003.
28. Tao Song, Calvin Ko, Jim Alves-Foss, Cui Zhang, and Karl N. Levitt. Formal reasoning about intrusion detection systems. In Proceedings of RAID'2004, September 2004.
29. Sullo. Nikto, 2006. Available at http://www.cirt.net/code/nikto.shtml.
30. V.N. Vapnik. The Nature of Statistical Learning Theory. Springer, 1995.
31. Ke Wang and Salvatore J. Stolfo. Anomalous payload-based network intrusion detection. In Proceedings of RAID'2004, September 2004.