Hiding intrusions: From the abnormal to the normal and beyond

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 2578, Issue , 2003, Pages 1-17

  Tan, Kymie ^a   McHugh, John ^b   Killourhy, Kevin ^a  

^a Carnegie Mellon University   (United States)

^b CARNEGIE MELLON UNIVERSITY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ARTIFICIAL INTELLIGENCE; COMPUTERS;

ANOMALY BASED IDS; ANOMALY DETECTOR; ANOMALY-BASED INTRUSION DETECTION; DIFFERENT ATTACKS; GENERAL INFORMATION; INFORMATION HIDING; NORMAL BEHAVIOR; SYSTEM CALLS;

INTRUSION DETECTION;

EID: 35248821244     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/3-540-36415-3_1     Document Type: Article

References (18)

1. Denning, D. E.: An intrusion detection model. IEEE Transactions on Software Engineering SE-13 (1987) 222-232
2. Tan, K. M. C., Maxion, R. A.: "Why 6?" Defining the operational limits of stide, an anomaly-based intrusion detector. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy, Oakland, CA (2002)
3. Forrest, S., Hofmeyr, S. A., Somayaji, A., Longstaff, T. A.: A sense of self for unix processes. In: Proceedings 1996 IEEE Symposium on Security and Privacy, Los Alamitos, CA, IEEE Computer Society Press (1996)
4. Provos, N.: Steganography press information. On line report of work performed at the University of Michigan Center for Information Technology Integration (2002) Observed at http://www.citi.umich.edu/projects/steganography/ faq.html as of 4 february 2002
5. Provos, N., Honeyman, P.: Detecting steganographic content on the internet. In: ISOC NDSS'02, San Diego, CA (2002)
6. Anderson, J. P.: Computer security threat monitoring and surveillance. Technical report, James P. Anderson Co., Fort Washington, PA (1980) Available online at http://seclab.cs.ucdavis.edu/projects/history/CD/ande80.pdf
7. Warrender, C., Forrest, S., Pearlmutter, B.: Detecting intrusions using system calls: Alternative data models. In: Proceedings of the 1999 IEEE Symposium on Security and Privacy, Oakland, CA (1999) 133-145
8. Maxion, R. A., Tan, K. M. C.: Anomaly detection in embedded systems. IEEE Transactions on Computers 51 (2002) 108-120
9. Pop, S., Card, R.: Restore(8) system manager's manual. Included in dump version 0.4b13 software package (2000)
10. fish stiqz: Redhat linux restore insecure environment variable vulnerability. Internet - http://www.securityfocus.com/bid/1914 (2000) bugtraq id 1914
11. Troan, E., Brows, P.: Tmpwatch(8). Included in tmpwatch version 2.2 software package (2000)
12. Yurchenko, A. Y.: Tmpwatch arbitrary command execution vulnerability. Internet - http://www.securityfocus.com/bid/1785 (2000) bugtraq id 1785
13. Jaconson, V.: Traceroute(8). Included in traceroute version 1.4a5 software package (1997)
14. Anonymous: Linux ptrace/execve race condition vulnerability. Internet - http://www.securityfocus.com/bid/2529 (2001) bugtraq id 2529
15. Kaempf, M.: Lbnl traceroute heap corruption vulnerability (2000) bugtraq id 1739
16. Wagner, D., Soto, P.: Mimicry attacks on host-based intrusion detection systems. In: 9th ACM Conference on Computer and Communications Security. (2002) To Appear
17. Tan, K. M., Killourhy, K. S., Maxion, R. A.: Undermining an anomaly-based intrusion detection system using common exploits. In Wespi, A., Vigna, G., Deri, L., eds.: 5th International Symposium, RAID 2002. Number 2516 in LNCS, Zurich, Switzerland, Springer (2002) 54-73
18. Lee, W., Xiang, D.: Information-theoretic measures for anomaly detection'. In: Proceedings of the 2001 IEEE Symposium on Security and Privacy, Oakland, CA, IEEE Computer Society Press, Los Alamitos, CA (2001) 130-143