Operator-centric and adaptive intrusion detection

Proceedings - The 4th International Symposium on Information Assurance and Security, IAS 2008

Volumn , Issue , 2008, Pages 161-166

  Larson, Ulf R ^a   Lindskog, Stefan ^b   Nilsson, Dennis K ^a   Jonsson, Erland ^a  

^a CHALMERS UNIVERSITY OF TECHNOLOGY   (Sweden)

^b NORWEGIAN UNIVERSITY OF SCIENCE AND TECHNOLOGY   (Norway)

Author keywords

Adaptation; Intrusion detection; Operator centric; Sensor reconfiguration; System architecture

Indexed keywords

ALGORITHMS; ARCHITECTURAL DESIGN; ARCHITECTURE; COMPUTER CRIME; SENSORS; SIGNAL DETECTION;

ADAPTATION; BASE-LINES; COST MONITORING; DEGREE OF FLEXIBILITIES; DETECTION ALGORITHMS; DYNAMIC SELECTIONS; INPUT DATUMS; INTRUSION DETECTION ALGORITHMS; INTRUSION DETECTION SYSTEMS; MODULAR DESIGNS; OPERATOR-CENTRIC; RECONFIGURATION MECHANISMS; RESOURCE CONSUMPTIONS; SYSTEM ARCHITECTURE; WEB SERVERS;

INTRUSION DETECTION;

EID: 55349141431     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/IAS.2008.42     Document Type: Conference Paper

References (22)

1. E. Lundin Barse and E. Jonsson, "Extracting attack manifestations to determine log data requirements for intrusion detection", in Proceedings of the 20th Annual ComputerSecurity Applications Conference (ACSAC 2004), Tucson, AZ, USA, December 6-10, 2004, pp.158-167.
2. B. A. Kuperman, A Categorization of Computer Security Monitoring Systems and the Impact on the Design of Audit Sources, Ph.D. thesis, Purdue University, West Lafayette, IN, USA, August 2004.
3. K. S. Killourhy, Roy A. Maxion, and Kymie M. C. Tan, "A defence-centric taxonomy based on attack manifestations, in Proceedings of the International Conference onDependable Systems and Networks (DSN 2004), Florence, Italy, June 2004.
4. T. F. Lunt, "A survey of intrusion detection techniques, Computers & Security, vol. 12, no. 4, pp. 405-418, June, 1993.
5. K. E. Price, "Host-based misuse detection and conventional operating systems' audit data collection, M.S. thesis, Purdue University, West Lafayette, IN, USA, 1997.
6. "Apache module mod_log_config", http://httpd.apache.org/docs/2. 2/mod/mod_log_config.html, Visited April, 2008.
7. Sun Microsystems Inc., SunSHIELD Basic Security Module Guide, 2550 Garcia Avenue, Mountain View, CA, USA, 1995.
8. S. Staniford-Chen, S. Cheung, R. Crawford, M. Dilger, J. Frank, J. Hoagland, K. Levitt, C. Wee, R. Yip, and D. Zerkle, "GrIDS - A graph-based intrusion detection system for large networks", in Proceedings of the 19th National Information Systems Security Conference, Baltimore, MD, USA, October 22-25, 1996.
9. P. A. Porras and P. G. Neumann, "EMERALD: Event monitoring enabling responsesto anomalous live disturbances", in Proceedings of the 20th NIST-NCSC National Information Systems Security Conference, Washington D.C., USA, September 7-11, 1997, pp. 353-365.
10. E. H. Spafford and D. Zamboni, "Intrusion detection using autonomous agents", Computer Networks, vol. 26, pp. 547-570, September, 2000.
11. R. J. Feiertag, S. Staniford-Chen, K. N. Levitt, M. Heckman, D. Peticolas, R. Crawford, L. Benzinger, S. Rho, and S. Wu, "Intrusion detection inter-component adaptive negotiation", in Proceedings of the Second International Workshop on Recent Advances in Intrusion Detection (RAID 1999), West Lafayette, IN, USA, September 7-9, 1999.
12. G. Vigna, R. A. Kemmerer, and P. Blix, "Designing a web of highly-configurable intrusion detection sensors", in Proceedings of the Fourth International Symposium on Recent Advances in Intrusion Detection (RAID 2001), Davis, CA, USA, October 10-12, 2001, pp. 69-84.
13. D. Ragsdale, C. Carver, J. Humphries, and U. Pooch, "Adaptation techniques for intrusion detection and intrusion response system", in Proceedings of the 2000 IEEE International Conference on Systems, Man, and Cybernetics, Nashville, TN, USA, October 8-11, 2000, IEEE, vol. 4, pp. 2344-2349.
14. C. Cowan, C. Pu, D. Maìer, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, Q. Zhang, and H. Hinton, "StackGuard: Automatic adaptive detection and prevention ofbuffer-overflow attacks", in Proceedings of the 7th USENIX Security Symposium, SanAntonio, TX, USA, January 26-28, 1998, pp. 63-78.
15. H. M. Hinton, C. Cowan, L. M. L. Delcambre, and S. Bowers, "SAM: Security adaptation manager", in Proceedings of the 15th Annual Computer Security Applications Conference (ACSAC), Scottsdale, AZ, USA, December 6-10, 1999, IEEE Computer Society.
16. B. Meyer, Object Oriented Software Construction, Prentice Hall, Upper Saddle River, NJ, USA, 2nd edition, 1997.
17. K. Ilgun, R. A. Kemmerer, and P. A. Porras, "State transition analysis: A rule-based intrusion detection approach", Transactions on Software Engineering, vol. 21, no. 3, pp. 181-199, 1995.
18. S. Forrest, S. A. Hofmeyr, A. Somayaji, and T. A. Longstaff, "A sense of self for Unix processes", in Proceedings of the 1996 IEEE Symposium on Research in Securityand Privacy, Oakland, CA, USA, May 6-8, 1996, pp. 120-128, IEEE Computer Society Press.
19. M. Roesch, "Snort", http://www.snort.org, 2007, Visited June, 2007.
20. T. L. Saaty and M. S. Ozdemir, "Why the magic number seven plus or minus two", Mathematical and Computer Modelling, vol. 38, no. 3, pp. 233-244, August 2003.
21. M. Almgren and E. Jonsson, "Tuning an IDS - Learning the user's preferences", in Proceedings of the 11th Nordic Workshop on Secure IT-systems (NordSec 2006), Linköping, Sweden, October 2006.
22. B. M. Cantrill, M. W. Shapiro, and A. H. Leventhal, "Dynamic instrumentation of production systems", in Proceedings of the 6th Symposium on Operating SystemsDesign and Implementation (OSDI'04), San Fransisco, CA, USA, December 6-8, 2004.