A defense-centric taxonomy based on attack manifestations

Proceedings of the International Conference on Dependable Systems and Networks

Volumn , Issue , 2004, Pages 102-111

  Killourhy, Kevin S ^a   Maxion, Roy A ^a   Tan, Kymie M C ^a  

^a Carnegie Mellon University   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

CLASSIFICATION (OF INFORMATION); COMPUTER CRIME; DATA PRIVACY; DATA REDUCTION; SENSOR DATA FUSION;

COMPUTER ATTACKS; DEFENSE-CENTRIC TAXONOMY; INTRUSION-DETECTION SYSTEMS;

SECURITY OF DATA;

EID: 4544276923     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/dsn.2004.1311881     Document Type: Conference Paper

References (30)

1. O. Alvarez and S. Petrovic. A new taxonomy of web attacks suitable for efficient encoding. Computers and Security, 22(5):435-449, July 2003.
2. T. Aslam. A taxonomy of security faults in the Unix operating system. Master's thesis, Purdue University, 1995.
3. M. Bishop. A taxonomy of Unix and network security vulnerabilities. Technical report, Department of Computer Science, University of California at Davis, May 1995.
4. H. Debar, M. Dacier, and A. Wespi. A revised taxonomy for intrusion-detection systems. Annals of Telecommunications, 55(7-6):361-378, July-August 2000.
5. S. Forrest, S. A. Hofmeyr, A. Somayaji, and T. A. Longstaff. A sense of self for Unix processes. In IEEE Symposium on Security and Privacy, pages 120-128, Los Alamitos, CA, 1996. IEEE Computer Society Press, 6-8 May, Oakland, California.
6. S. Forrest, A. S. Perelson, L. Allen, and R. Cherukuri. Self-nonself discrimination in a computer. In IEEE Symposium on Security and Privacy, pages 202-212, Los Alamitos, California, 1994. IEEE Computer Society Press. 16-18 May, Oakland, California.
7. S. A. Hofmeyr, S. Forrest, and A. Somayaji. Intrusion detection using sequences of system calls. Journal of Computer Security, 6(3): 151-180, 1998.
8. J. D. Howard. An analysis of security incidents on the Internet, 1989-1995. PhD thesis, Carnegie Mellon University, Department of Engineering and Public Policy, April 1997.
9. J. D. Howard and T. A. Longstaff. A common language for computer security incidents. Technical Report SAND98-8667, Sandia National Laboratories, Albuquerque, New Mexico and Livermore, California, October 1998.
10. I. V. Krsul. Software Vulnerability Analysis. PhD thesis, Comp. Sci. Dept., Purdue University, May 1998.
11. S. Kumar. Classification and Detection of Computer Intrusions. PhD thesis, Purdue University, August 1995.
12. C. E. Landwehr, A. R. Bull, J. P. McDermott, and W. S. Choi. A taxonomy of computer program security flaws, with examples. ACM Computing Surveys, 26(3):211-254, September 1994.
13. W. Lee and D. Xiang. Information-theoretic measures for anomaly detection. In IEEE Symposium on Security and Privacy, pages 130-143, Los Alamitos, California, 2001. IEEE Computer Society Press. 14-16 May, Oakland, California.
14. U. Lindqvist and E. Jonsson. How to systematically classify computer security intrusions. In IEEE Symposium on Security and Privacy, pages 154-163, Los Alamitos, CA, 1997. IEEE Computer Society Press. 4-7 May, Oakland, California.
15. R. Lippmann, J. W. Haines, D. J. Fried, J. Korba, and K. Das. Analysis and results of the 1999 DARPA off-line intrusion detection evaluation. In Proceedings of the Third International Workshop on Recent Advances in Intrusion Detection, pages 162-182, 2-4 October 2000, Toulouse, France, 2000. Springer-Verlag, Heidelberg, Germany.
16. R. P. Lippmann, D. J. Fried, I. Graf, J. W. Haines, K. R. Kendall, D. J. McClung, D. J. Webber, S. E. Webster, D. Wyschogrod, R. K. Cunningham, and M. A. Zissman. Evaluating intrusion detection systems: The 1998 DARPA off-line intrusion detection evaluation. In First International Workshop on Recent Advances in Intrusion Detection, 14-16 September 1998, Louvain-la-Neuve, Belgium, 2000.
17. D. L. Lough. A Taxonomy of Computer Attacks with Applications to Wireless Networks. PhD thesis, Virginia Polytechnic Institute and State University, Blacksburg, Virginia, April 2001.
18. R. A. Maxion and K. M. C. Tan. Anomaly detection in embedded systems. IEEE Transactions on Computers, 51(2): 108-120, February 2002.
19. N. J. Puketza, K. Zhang, M. Chung, B. Mukherjee, and R. A. Olsson. A methodology for testing intrusion detection systems. IEEE Transactions on Software Engineering, 22(10):719-729, October 1996.
20. M. J. Ranum. A taxonomy of Internet attacks. Slide Presentation, available on the Internet at http://pubweb.nfr.net/~mjr/pubs/pdf/internet- attacks.pdf, 1997.
21. SecurityFocus vulnerability archive. http://www.securityfocus.com/bid, May 2003.
22. G. G. Simpson. Principles of Animal Taxonomy. Columbia University Press, New York, 1961, Fourth printing 1969.
23. P. H. A. Sneath and R. A. Sokal. Numerical Taxonomy. W. H. Freeman and Company, San Francisco, 1973.
24. A. Somayaji and G. Hunsicker. IMMSEC kernel-level system call tracing for Linux 2.2, version 991117. Obtained through private communication. Previous version available on the Internet: http://www.cs.unm.edu/~immsec/software, March 2002.
25. Strace(1) general command manual. Included in the strace version 4.2 software package, distributed on the RedHat 6.2 Linux installation CD (disc 1), 1999.
26. K. M. C. Tan, K. S. Killourhy, and R. A. Maxion. Undermining an anomaly-based intrusion detection system using common exploits. In A. Wespi, G. Vigna, and L. Den, editors, Fifth International Symposium on Recent Advances in Intrusion Detection (RAID-2002), pages 54-73, 16-18 October 2002, Zurich, Switzerland, 2002. Lecture Notes in Computer Science #2516, Springer-Verlag, Berlin, 2002.
27. K. M. C. Tan and R. A. Maxion. "Why 6?" Defining the operational limits of stide, an anomaly-based intrusion detector. In IEEE Symposium on Security and Privacy, pages 188-201, Los Alamitos, CA, 2002. IEEE Computer Society Press. 12-15 May, Berkeley, California.
28. K. M. C. Tan and R. A. Maxion. Determining the operational limits of an anomaly-based intrusion detector. IEEE Journal on Selected Areas in Communications, 21(1):96-110, January 2003.
29. K. M. C. Tan, J. McHugh, and K. Killourhy. Hiding intrusions: From the abnormal to the normal and beyond. In Information Hiding: 5th International Workshop, IH 2002, pages 1-17, Heidelberg, Germany, 2003. Springer-Verlag. 7-9 October 2002, Noordwijkerhout, The Netherlands.
30. D. J. Weber. A taxonomy of computer intrusions. Master's thesis, Department of Electrical Engineering and Computer Science, Massachusetts Institute of Technology, June 1998.