An intelligent detection and response strategy to false positives and network attacks

Proceedings - Fourth IEEE International Workshop on Information Assurance, IWIA 2006

Volumn 2006, Issue , 2006, Pages 12-31

  Hooper, Emmanuel ^a  

^a UNIVERSITY OF LONDON   (United Kingdom)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER CRIME; FEEDBACK; INTELLIGENT AGENTS; PACKET NETWORKS; SECURITY OF DATA; STRATEGIC PLANNING;

INTELLIGENT DETECTION; INTRUSION DETECTION SYSTEMS (IDS); NETWORK ATTACKS; NETWORK QUARANTINE CHANNELS (NQC);

COMPUTER NETWORKS;

EID: 33750959951     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/IWIA.2006.4     Document Type: Conference Paper

References (31)

1. E. Amoroso. A policy model for denial of service. In Proceedings of the Computer Security Foundations Workshop III, pages 110-997, Franconia, NH USA, June 1990. IEEE Computer Society Press.
2. E. Balas and C. Viecco. Towards a third generation data capture architecture for honeynets. In Proceedings of the 2005 IEEE Workshop on Information Assurance and Security, pages 110-997, United States Military Academy, West Point, NY, USA, June 15-17 2005. IEEE Computer Society Press.
3. T. Bowen, D. Chee, and M. Segal. Building survivable systems: An integrated approach based on intrusion detection and damage containment. In IEEE Proceedings of the DARPA Information Survivability Conference and Exposition, volume II of II, pages 84-999, 2000.
4. Cisco Systems Inc. Cisco PIX firewall 525 and Software, version 6.0, 2005. San Jose, California, USA.
5. J. Crampton and G. Loizou. Administrative scope: A foundation for role-based administrative models. ACM Transactions on Information and System Security, 6(2):201-231, July 2003.
6. F. Cuppens. Managing alerts in multi-intrusion detection environment. In Proceedings 17th Annual Computer Security Applications Conference, pages 22-31, New Orleans, 2001.
7. O. Dain and R. Cunningham. Fusing a heterogeneous alert stream into scenarios. In Proceedings of the 2001 ACM Workshop on Data Mining for Security Application, pages 1-13, Philadelphia, PA, 2001.
8. H. Debar and A. Wespi. Aggregation and correlation of intrusion-detection alerts. In Recent Advances in Intrusion Detection(RAID2001), volume 2212 of Lecture Notes in Computer Science, pages 85-103. Springer-Verlag, 2001.
9. J. B. Grizzard, C. R. Simpson, Jr., S. Krasser, H. L. Owen, and G. F. Riley. Flow based observations from NETI@home and Honeynet data. In Proceedings of the 2005 IEEE Workshop on Information Assurance and Security, United States Military Academy, West Point, NY, USA, June 15-17 2005. IEEE Computer Society Press.
10. G. Helmer, J. Wong, V. Honavar, and L. Miller. Intelligent agents for intrusion detection. In Proceedings of the 2003 IEEE Information Technology Conference, pages 121-124. IEEE Computer Society Press, 1998.
11. T. Holz and F. Raynal. Detecting honeypots and other suspicious environments. In Proceedings of the 2005 IEEE Workshop on Information Assurance and Security, United States Military Academy, West Point, NY, USA, June 15-17 2005. IEEE Computer Society Press.
12. IANA Network Working Group. RFC1918: Address Allocation for Private Internets, 1996. Assigned Numbers Authority Network Working Group, http://www.rfc-editor.org/rfc/rfcl918.
13. A. Juels and J. Brainard. Client puzzles: A cryptographic countermeasure against connection depletion attacks. In Proceedings of 1999 Network and Distributed Systems Security Symposium NDSS, pages 151-165, San Diego, CA, February 1999. Internet Society.
14. K. Julisch. Using Root Cause Analysis to Handle Intrusion Detection Alarms. PhD thesis, University of Dortmund, 2003.
15. J. Levine, R. La Bella, H. Owen, D. Contis, and B. Culver. The use of honeypots to detect exploited systems across large enterprise networks. In Proceedings of the 2003 IEEE Workshop on Information Assurance. IEEE Computer Society Press, 2003.
16. R. Lippmann, S. Webster, and D. Stetson. The effect of identifying vulnerabilities and patching software on the utility of network intrusion detection. Computer Networks: The International Journal of Computer and Telecommunications Networking, Volume 2516 of Lecture Notes in Computer Science: 307-326, 2002.
17. M. Mahoney and P. Chan. An analysis of the 1999 DARPA Lincoln Laboratory evaluation data for network anomaly detection. In Recent Advances in Intrusion Detection (RAID2003), volume 2820 of Lecture Notes in Computer Science, pages 220-237. Springer-Verlag, 2003.
18. S. Manganaris, M. Christensen, D. Zerkle, and K. Hermiz. A data mining analysis of RTID alarms. Computer Networks: The International. Journal of Computer and Telecommunications Networking, 34:571-577, 2000.
19. J. K. Millen. A resource allocation model for denial of service. In Proceedings of 1992 IEEE Computer Society Symposium on Security and Privacy, pages 151-165, Oakland, CA USA, May 1992. IEEE Computer Society Press.
20. B. Morin, L. Me, H. Debar, and M. Ducasse. M2D2: A formal data model for IDS alert correlation. In Recent Advances in Intrusion Detection (RAID2002), volume 2515 of Lecture Notes in Computer Science, pages 115-137. Springer-Verlag, 2002.
21. Network Associates. NAI Intruvert IDS: 1200, 2600 and 4000 Series, 2004. Santa Clara, CA, USA.
22. V. Paxson. Bro: A system for detecting network intruders in real-time. In Computer Networks, volume 31, pages 2435-2463, 1999.
23. L. Portnoy, E. Eskin, and S. Solfo. Intrusion detection with unlabelled data using clustering. In Proceedings of ACM CSS Workshop on Data Mining Applied to Security (DMSA2001), pages 76-105, 2001.
24. T. Ptacek and T. Newsham. Insertion, evasion and denial of service: Eluding network intrusion detection. Technical Report, Secure Networks (McAfee) Inc., Santa Clara, California, USA, January 1998. http://citeseer.ist.psu.edu/ ptacek98insertion.html.
25. C. L. Schuba, I. V. Krusl, M. G. Kuhn, E. H. Spaffold, A. Sundaram, and D. Zamboni. Analysis of a denial of service attack on TCP. In Proceedings of 1997 IEEE Symposium on Security and Privacy, pages 208-223, Oakland, CA USA, May 1997. IEEE Computer Society Press.
26. R. Shai, S. Jha, and B. P. Miller. Automatic Generation and Analysis of NIDS Attacks. Full Technical Report, Computer Sciences Department, University of Wisconsin, Madison, 2004.
27. S. Sidiroglou and A. Keronytis. A network worm vaccine architecture. In Proceedings of the IEEE Workshop on Enterprise Technologies: Infrastructure for Collaborative Enterprise (WETICE), pages 220-225, June 2003.
28. A. Valdes and K. Skinner. Probabilistic alert correlation, in: Recent advances in intrusion detection. In Recent Advances in Intrusion Detection (RAID2002), volume 2212 of Lecture Notes in Computer Science, pages 54-68. Springer-Verlag, 2001.
29. J. Wang and I. Lee. Measuring false-positive by automated real-time correlated hacking behavior analysis. In Information Security 4th International Conference, volume 2200 of Lecture Notes in Computer Science, pages 512-. SpringerVerlag, 2001.
30. W. Weiss and A. Baur. Analysis of audit and protocol data using methods from artificial intelligence. In Proceedings of the 13th National Computer Security Conference, pages 109-114, October 1990.
31. C.-F. Yu and V. D. Gligor. A formal specification and verification method for the prevention of denial of service. In Proceedings of 1988 IEEE Symposium on Security and Privacy, pages 187-202, Oakland, CA USA, April 1988. IEEE Computer Society Press.