Metadata for anomaly-based security protocol attack deduction

IEEE Transactions on Knowledge and Data Engineering

Volumn 16, Issue 9, 2004, Pages 1157-1168

  Leckie, Tysen ^a   Yasinsac, Alec ^b  

^a NORTHROP GRUMMAN CORPORATION   (United States)

^b Florida State University   (United States)

Author keywords

Anomaly detection; Behavioral analysis; Security protocols; User profile

Indexed keywords

ANOMALY DETECTION; BEHAVIORAL ANALYSIS; SECURITY PROTOCOLS; USER PROFILE;

CRYPTOGRAPHY; DEMODULATION; INFORMATION ANALYSIS; KNOWLEDGE ENGINEERING; METADATA; SECURITY OF DATA; USER INTERFACES;

NETWORK PROTOCOLS;

EID: 4544324490     PISSN: 10414347     EISSN: None     Source Type: Journal    
DOI: 10.1109/TKDE.2004.43     Document Type: Review

References (31)

1. Presidential Commission on Critical Infrastructure Protection, "Critical Foundations: Protecting America's Infrastructures," commision report, Oct. 1997, http://www.pccip.gov/report_Jndex. html.
2. General Accounting Office, "Information Security: Computer Attacks at Department of Defense Pose Increasing Risks," GAO/ AIMD-96-84, May 1996.
3. A. Yasinsac, "An Environment for Security Protocol Intrusion Detection," J. Computer Security, vol. 10, nos. 1-2, pp. 177-188, Jan. 2002.
4. S. Goregaoker, "A Method for Detecting Intrusions on Encrypted Traffic," Technical Report TR-010703, Computer Science Dept., Florida State Univ., 2001.
5. A. Melendez, "The Monitor and Principals," Technical Report TR-010701, Computer Science Dept., Florida State Univ., 2001.
6. N. Patel, "Knowledge Base for Intrusion Detection System," Technical Report TR-011203, Computer Science Dept., Florida State Univ., 2001.
7. A. Jones and S. Li, "Temporal Signatures for Intrusion Detection," Proc. 17th Ann. Computer Security Applications Conf., pp. 252-261, Dec. 2001.
8. D. Denning, "An Intrusion-Detection Model," Proc IEEE CS Symp. Research in Security and Privacy, pp. 118-132, Apr. 1986.
9. A.K. Ghosh, J. Wanken, and F. Charron, "Detecting Anomalous and Unknown Intrusions Against Programs," Proc. 1998 Computer Security Applications Conf., pp. 259-267, 1998.
10. D. Barbara, J. Couto, S. Jajodia, L. Popyack, and N. Wu, "ADAM: Detecting Intrusions by Data Mining," Proc. 2001 IEEE Workshop Information Assurance and Security, pp. 11-16, June 2001.
11. D. Anderson, T. Frivold, and A. Valdes, "Next-Generation Intrusion Detection Expert System (NIDES) A Summary," http://www.sdl.sri.com/papers/ 4/s/4sri/4sri.pdf, Computer Science Labpratory, SRI Int'l, May 1995.
12. L. Kohout, A. Yasinsac, and E. McDuffie, "Activity Profiles for Intrusion Detection," Proc. North Am. Fuzzy Information Processing Society-Fuzzy Logic and the Internet (NAFIPS-FLINT 2002), June 2002.
13. T. Lunt and R. Jagannathan, "A Prototype Real-Time Intrusion-Detection Expert System," Proc. IEEE Symp. Security and Privacy, pp. 59-66, Apr. 1988.
14. P.A. Porras and P.G. Neumann, "EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances," Proc. Nat'l Information Systems Security Conf., pp. 353-365, Oct. 1997.
15. U. Lindqvist and P.A. Porras, "Detecting Computer and Network Misuse Through the Production-Based Expert System Toolset (P-BEST)," Proc. 1999 IEEE Symp. Security and Privacy, pp. 146-161, May 1999.
16. V. Hallivuori and M. Kousa, "Denial of Service Attack against SSH Key Exchange," Telecomm. Software and Multimedia Laboratory, Helsinki Univ. of Technology, Nov 2001.
17. G. Lowe, "Some New Attacks upon Security Protocols," Proc. Ninth IEEE Computer Security Foundations Workshop, pp. 162-169, Mar. 1996.
18. P. Syverson, "A Taxonomy of Replay Attacks," Proc Seventh Computer Security Foundations Workshop, pp. 131-136, June 1994.
19. D. Wagner and B. Schneier, "Analysis of SSL 3.0 Protocol," Proc. Second USENIX Workshop Electronic Commerce, pp. 29-40, Nov. 1996.
20. T.Y.C. Woo and S.S. Lam, "Authentication for Distributed Systems," Computer, vol. 25, no. 1, pp. 39-52, Jan. 1992.
21. M. Abadi and R. Needham, "Prudent Engineering Practice for Cryptographic Protocols," Proc. 1994 IEEE CS Symp. Research in Security and Privacy, pp. 122-136, 1994.
22. W. Lee and S.J. Stolfo, "Data Mining Approaches for Intrusion Detection," Proc. Seventh USENIX Security Symp., pp. 26-29, Jan. 1998.
23. W. Lee and S.J. Stolfo, "A Framework for Constructing Features and Models for Intrusion Detection Systems," Proc. ACM Trans. Information and System Security, pp. 227-261, Nov. 2000.
24. N. Ye and Q. Chen, "An Anomaly Detection Technique Based on a Chi-Square Statistic for Detecting Intrusions into Information Systems," Proc. Quality and Reliability Eng. Int'l, vol. 17, no. 2, pp. 105-112, 2001.
25. T. Daniels and E.H. Spafford, "Identification of Host Audit Data to Detect Attacks on Low-level IP," J. Computer Security, vol. 7, no. 1, 1999.
26. U. Lindqvist and P.A. Porras, "Detecting Computer and Network Misuse Through the Production-Based Expert System Toolset (P-BEST)," Proc. 1999 IEEE CS Symp. Security and Privacy, pp. 146-61, 1999.
27. S. Hofmeyr, S. Forrest, and A. Somayaji, "Intrusion Detection Using Sequences of System Calls," J. Computer Security, no. 6, pp. 151-180, 1998.
28. S. Kumar and E.H. Spafford, "An Application of Pattern Matching in Intrusion Detection," Technical Report CSD-TR-94-013, Dept. Computer Sciences, Purdue Univ., 1994.
29. R.A. Wagner and M.J. Fischer, "The String-to-String Correction Problem," J. ACM, vol. 21, pp. 168-178, Jan. 1974.
30. R.A. Baeza-Yates and G.H. Gonnet, "A New Approach to Text Searching," Proc. 12th Ann. ACM-SIGIR Cmf. Information Retrieval, pp. 168-175, June 1989.
31. S. Wu and U. Manber, "Fast Text Searching With Errors," Technical Report TR. 91-11, Dept. of Computer Science, Univ. of Arizona, 1991.