Effective event description using trend template language and efficient intrusion detection

Conference Proceedings - IEEE International Conference on Systems, Man and Cybernetics

Volumn , Issue , 2007, Pages 326-331

  Habib, Md Ahsan ^a   Dung, Phan Minh ^a  

^a ASIAN INSTITUTE OF TECHNOLOGY   (Thailand)

Author keywords

Intrusion Detection System (IDS); Network based IDS (NIDS); Snort; Trend detector; Trend Template Language (TTL); Trend Templates (TT)

Indexed keywords

ACCESS CONTROL; COMPUTATIONAL LINGUISTICS; COMPUTER PROGRAMMING LANGUAGES;

TREND DETECTORS; TREND TEMPLATE LANGUAGE;

INTRUSION DETECTION;

EID: 40949111927     PISSN: 1062922X     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ICSMC.2007.4413743     Document Type: Conference Paper

References (13)

1. Aleph1 (1996). Smashing the Stack for Fun and Profit. Phrack# 49. Available: http://www.phrack.com
2. nd IEEE-SMC Information Assurance Workshop (2001). 17-33
3. I. J. Haimowitz., "Knowledge-Based Trend Detection and Diagnosis," PhD dissertation, Dept. of Elect. Eng. and CS, MIT, May 12, 1994.
4. (Snort documentation page) S. Sturges. (2006-12-08). Available: http://www.snort.org/docs/snort_htmanuals/htmanual_261/node227.html
5. K. Kendall, "A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems," M.S. Thesis, MIT, 1999.
6. G. Vigna, S. Eckmann, and R. Kemmerer, "Attack Languages," in Proc. of the IEEE Information Survivability Workshop, 2000.
7. S. Eckmann, G. Vigna, and R. Kemmerer. "STATL: An attack language for state-based intrusion detection," Dept. of Computer Science, University of California, Santa Barbara, 2000
8. R. Feiertag, C. Kahn, P. Porras, S. Schnackenberg, D. Staniford-Chen, and B. Tung, "A common intrusion specification language (CISL)," Tech. Rep., 2000, Available: www.gidos.org
9. J. Doyle, "Some representational limitations of the common intrusion specification language," Tech. Rep., Laboratory for Computer Science, MIT, October 1999, Available: http://www.medg.lcs.mit.edu/projects/maita/documents/ cc2/cisl/revised.txt
10. P. Szolovits, "Detectors should be characterized by likelihood ratios, not posterior probabilities," Tech. Rep., Laboratory for Computer Science, MIT, June 1999, Revised February 1, 2000, Available: http://www.medg.lcs.mit.edu/projects/maita/documents/likelihood/ detector-likelihoods.pdf
11. I. S. Kohane, "Temporal reasoning in medical expert systems," TR 389, MIT, Laboratory for Computer Science, 545 Technology Square, Cambridge, MA, 02139, Apr. 1987.
12. I. S. Kohane, "Temporal reasoning in medical expert systems," in MEDINFO 86: Proceedings of the Fifth Conference on Medical Informatics, R. Salamon, B. Blum, and M. Jorgensen, Eds., Washington, Oct. 1986, pp. 170-174, North-Holland.
13. S. T. Brugger and J. Chow, "An Assessment of the DARPA IDS Evaluation Dataset Using Snort", UCDAVIS department of Computer Science, 2007, Available: http://www.cs.ucdavis.edu/research/tech-reports/2007/CSE-2007- 1.pdf