POSEIDON: A 2-tier anomaly-based network intrusion detection system

Proceedings - Fourth IEEE International Workshop on Information Assurance, IWIA 2006

Volumn 2006, Issue , 2006, Pages 144-156

  Bolzoni, Damiano ^a   Etalle, Sandro ^a   Hartel, Pieter ^a   Zambon, Emmanuele ^b  

^a UNIVERSITY OF TWENTE   (Netherlands)

^b CA' FOSCARI UNIVERSITY OF VENICE   (Italy)

Author keywords

[No Author keywords available]

Indexed keywords

BENCHMARKING; COMPUTER ARCHITECTURE; COMPUTER NETWORKS; COMPUTER SYSTEM FIREWALLS; DATA STRUCTURES;

DATA SET; NETWORK INTRUSION DETECTION SYSTEMS;

SECURITY OF DATA;

EID: 33750937412     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/IWIA.2006.18     Document Type: Conference Paper

References (35)

1. J. P. Anderson. Computer Security Threat Monitoring and Surveillance. Technical report, James P Anderson Co. Fort Washington, PA, April 1980.
2. D. Barbará, J. Couto, S. Jajodia, and N. Wu. ADAM: a testbed for exploring the use of data mining in intrusion detection. SIGMOD Record, 30(4):15-24, 2001.
3. D. Barbará, J. Couto, S. Jajodia, and N. Wu. ADAM: Detecting Intrusions by Data Mining. In IAW '01: Proc. 2nd IEEE SMC Information Assurance Workshop, 2001. URL http://www.itoc.usma.edu/Workshop/2001/Authors/ Submitted_Abstracts/paperT1A3(21).pdf.
4. D. Barbará, J. Couto, S. Jajodia, and N. Wu. Detecting Novel Network Intrusions using Bayes Estimators. In SIAM '01: Proc. 1st SIAM International. Conference on Data Mining, 2001. URL http://www.siam.org/ meetings/sdm01/pdf/sdm01_29.pdf.
5. S. D. Bay, D. Kibler, M. Pazzani, and P. Smyth. The UCI KDD archive of large data sets for data mining research and experimentation. SIGKDD Exploration: Newsletter of SIGKDD and Data Mining, 2(2):81-85, 2000.
6. J. D. Cannady. Artificial neural networks for misuse detection. In NISSC' 98: Proc. 21st National Information Systems Security Conference, pages 443-456, 1998.
7. J. D. Cannady. An adaptive neural network approach to intrusion detection and response. PhD thesis, Nova Southeastern University, 2000.
8. J. D. Cannady. Next Generation Intrusion Detection: Autonomous Reinforcement Learning of Network Attacks. In NISSC '00: Proc. 23rd National Information Systems Security Conference, 2000. URL http://csrc.nist.gov/nissc/ 2000/proceedings/papers/033.pdf.
9. M. Costa, J. Crowcroft, M. Castro, A. Rowstron, L. Zhou, L. Zhang, and P. Barham. Vigilante: end-to-end containment of Internet worms. In SOSP '05: Proc. 20th ACM Symposium on Operating Systems Principles, pages 133-147. ACM Press, 2005.
10. M. Damashek. Gauging similarity with n-grams: Language-independent categorization of text. Science, 267(5199):843-848, 1995.
11. D. E. Denning. An Intrusion-Detection Model. IEEE Transactions on Software Engineering, SE-13(2):222-232, February 1987.
12. M. O. Depren, M. Topallar, E. Anarim, and K. Ciliz. Network Based Anomaly Intrusion Detection using Self Organizing Maps (SOMs). In SIU '04: Proc. 12th IEEE National Conference on Signal Processing and Applications, pages 76-79, 2004.
13. A. Hinneburg, C. C. Aggarwal, and D. A. Keim. What Is the Nearest Neighbor in High Dimensional Spaces? In A. E. Abbadi, M. L. Brodie, S. Chakravarthy, U. Dayal, N. Kamel, G. Schlageter, and K. Whang, editors, VLDB '00: Proc. 26th International Conference on Very Large Data Bases, pages 506-515. Morgan Kaufmann, 2000.
14. J. Hoagland. Stealthy Portscan & Intrusion Correlation Engine (SPADE), 2000. URL http://www.silicondefense.com/software/spice/.
15. SANS Institute - Internet Storm Center web site. URL http://isc.sans.org/ index.php?on=toptrends.
16. H. S. Javitz and A. Valdes. The NIDES Statistical Component Description and Justification. Technical Report A010, SRI, 1994.
17. K. Julisch. Data Mining for Intrusion Detection: A Critical Review. Research Report RZ 3398, IBM Zurich Research Laboratory, 8803 Ruschlikon, Switzerland, February 2002.
18. T. Kohonen. Self-Organizing Maps, volume 30 of Springer Series in Information Sciences. Springer. 1995. (Second Extended Edition 1997).
19. C. Kruegel, T. Toth, and E. Kirda. Service specific anomaly detection for network intrusion detection. In SAC '02: Proc. 2002 ACM Symposium on Applied Computing, pages 201-208. ACM Press, 2002.
20. K. Labib and V. R. Vemuri. NSOM: A Tool To Detect Denial Of Service Attacks Using Self-Organizing Maps. Technical report, University of California, Davis, 2002.
21. W. Lee and S. Stolfo. Data mining approaches for intrusion detection. In Proc. 7th USENIX Security Symposium, pages 79-94. USENIX Association, 1998.
22. W. Lee, S. J. Stolfo, and K. W. Mok. A Data Mining Framework for Building Intrusion Detection Models. In S&P '99: Proc. 20th IEEE Symposium on Security and Privacy, pages 120-132, 1999.
23. R. Lippmann, J. W. Haines, D. J. Fried, J. Korba, and K. Das. The 1999 DARPA off-line intrusion detection evaluation. Computer Networks: The International Journal of Computer and Telecommunications Networking, 34(4):579-595, 2000.
24. M. V. Mahoney and P. K. Chan. Learning nonstationary models of normal network traffic for detecting novel attacks. In KDD '02: Proc. 8th ACM SIGKDD International Conference on Knowledge Discovery and Data mining, pages 376-385. ACM Press, 2002.
25. M. V. Mahoney and P. K. Chan. An Analysis of the 1999 DARPA/Lincoln Laboratory Evaluation Data for Network Anomaly Detection. In G. Vigna, C. Kruegel, and E. Jonsson, editors, RAID '03: Proc. 6th Symposium on Recent Advances in Intrusion Detection, volume 2820 of LNCS, pages 220-237. Springer-Verlag, 2003.
26. J. McHugh. Testing Intrusion Detection Systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory. ACM Transactions on Information and System Security (TISSEC), 3(4):262-294, 2000.
27. B. V. Nguyen. Self organizing map (SOM) for Anomaly Detection. Technical report, Ohio University, 2002.
28. M. Ramadas, S. Ostermann, and B. C. Tjaden. Detecting Anomalous Network Traffic with Self-Organizing Maps. In G. Vigna, C. Kruegel, and E. Jonsson, editors, RAID '03: Proc. 6th Symposium on Recent Advances in Intrusion Detection, volume 2820 of LNCS, pages 36-54. Springer-Verlag, 2003.
29. M. Roesch. Snort - Lightweight Intrusion Detection for Networks. In LISA '99: Proc. 13th USENIX Conference on System Administration, pages 229-238. USENIX Association, 1999.
30. Snort Network Intrusion Detection System web site. URL http://www.snort.org.
31. K. W. G. C. S. J. Stolfo. Anomalous Payload-based Worm Detection and Signature Generation. In A. Valdes and D. Zamboni, editors, RAID '05: Proc. 8th International Symposium on Recent Advances in Intrusion Detection, volume 3858 of LNCS, pages 227-246. Springer-Verlag, 2006.
32. K. Wang and S. J. Stolfo. Anomalous Payload-Based Network Intrusion Detection. In E. Jonsson, A. Valdes, and M. Almgren, editors, RAID '04: Proc. 7th Symposium on Recent Advances in Intrusion Detection, volume 3224 of LNCS, pages 203-222. Springer-Verlag, 2004.
33. K. Yamanishi, J. Takeuchi, G. J. Williams, and P. Milne. On-line unsupervised outlier detection using finite mixtures with discounting learning algorithms. In KDD '00: Proc. 6th ACM SIGKDD international conference on Knowledge Discovery and Data Mining, pages 320-324. ACM Press, 2000.
34. S. Zanero. Analyzing TCP Traffic Patterns using Self Organizing Maps. In F. Roli and S. Vitulano, editors, ICIAP '05: Proc. 13th International Conference on Image Analysis and Processing, volume 3617 of LNCS, pages 83-90. Springer-Verlag, 2005.
35. S. Zanero and S. M. Savaresi. Unsupervised learning techniques for an intrusion detection system. In SAC '04: Proc. 19th Annual ACM Symposium on Applied Computing, pages 412-419. ACM Press, 2004.