Network intrusion detection: Automated and manual methods prone to attack and evasion

IEEE Security and Privacy

Volumn 4, Issue 6, 2006, Pages 36-43

  Chaboya, David J ^a   Raines, Richard A ^a   Baldwin, Rusty O ^a   Mullins, Barry E ^a  

^a AIR FORCE INSTITUTE OF TECHNOLOGY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER CRIME; RISK ASSESSMENT; SECURITY OF DATA; TELECOMMUNICATION TRAFFIC;

NETWORK INTRUSION DETECTION SYSTEM (NIDS); SECURITY VIOLATION;

SECURITY SYSTEMS;

EID: 33845524232     PISSN: 15407993     EISSN: None     Source Type: Journal    
DOI: 10.1109/MSP.2006.159     Document Type: Article

References (16)

1. P. Ning and S. Jajodia, "Intrusion Detection Techniques," The Internet Encyclopedia, H. Bidgoli, ed., Wiley & Sons, 2003, pp. 2-6.
2. J. Allen et al., State of the Practice of Intrusion Detection Technologies, tech. report CMU/SEI-99-TR-028, Carnegie Mellon Univ. Software Eng. Inst., 2000, pp. 37-60; www.sei.cmu.edu/pub/documents/99.reports/pdf/ 99tr028.pdf.
3. R. Sommer and V. Paxon, "Enhancing Byte-Level Network Intrusion Detection Signatures with Context," Proc. 10th ACM Corf. Computer and Communications Security (CCS 03), ACM Press, 2003, pp. 5-6.
4. V. Paxson, "Bro: A System for Detecting Network Intruders in Real-Time," Proc. 7th Ann. Usenix Security Symp. (Security 98), Usenix Assoc., 1998, pp. 12-15.
5. C. Kruegel and W. Robertson, "Alert Verification: Determining the Success of Intrusion Attempts," Proc. 1st Workshop on the Detection of Intrusions and Malwave & Vulnerability Assessment (DIMVA 04), 2004, pp. 1-14.
6. J. Goodall, W. Lutters, and A. Komlodi, 'The Work of Intrusion Detection: Rethinking the Role of Security Analysts," Proc. 10th Americas Conf. Information Systems (AMCIS 04), Nicolas C. Romano, ed., Assoc. for Information Systems, 2004, pp. 1421-1427.
7. T. Ptacek and T. Newsham, Insertion, Evasion, and Denial-of-Service: Eluding Network Intrusion Detection, Secure Networks, Jan. 1998, pp. 11-14.
8. D. Mute, G. Vigna, and R. Kemmerer, "An Experience Developing an IDS Stimulator for the Black-Box Testing of Network Intrusion Detection Systems," Proc. 19th Ann. Computer Security Applications Conf. (ACSAC 03), IEEE CS Press, 2003, pp. 2-7.
9. K. Tan, J. McHugh, and K. Killourhy, "Hiding Intrusions: From the Abnormal to the Normal and Beyond," Proc. 5th Int'l Workshop on Information Hiding, LNCS 2578, Springer-Verlag, 2002, pp. 10-16.
10. D. Wagner and D. Dean, "Intrusion Detection via Static Analysis," Proc. 2001 IEEE Symp. Security & Privacy (SP 01), IEEE CS Press, 2001, pp. 9-11.
11. D. Wagner and P. Soto, "Mimicry Attacks on Host-Based Intrusion Detection Systems," Proc. 9th ACM Conf Computer Security (CCS 02), ACM Press, 2002, pp.1-4.
12. M. Miller, "Understanding Windows Shellcode," nologin.org, Dec. 2003; www.hick.org/code/skape/papers/win32-shellcode.pdf.
13. ADMmutate Documentation, 2001; www.ktwo.ca/readme.html.
14. T. Detristan et al., "Polymorphic Shellcode Engine Using Spectrum Analysis," Phrack, vol. 11, no. 61, Aug. 2003; www.trust-us.ch/phrack/show. php.
15. R. Kuster, "Three Ways to Inject Your Code into Another Process," July 2003; www.codeproject.com/threads/winspy.asp.
16. S.K. Chong, "History and Advances in Windows Shell code," Phrack, vol. 11, no. 62, July 2004; www.trust-us.ch/phrack/show.php.