Incorporation of application layer protocol syntax into anomaly detection

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 5352 LNCS, Issue , 2008, Pages 188-202

  Düssel, Patrick ^a   Gehl, Christian ^a   Laskov, Pavel ^a,b   Rieck, Konrad ^a  

^a FRAUNHOFER FIRST   (Germany)

^b UNIVERSITY OF TÜBINGEN   (Germany)

Author keywords

Anomaly Detection; Protocol Analysis; Web Security

Indexed keywords

APPLICATIONS; CODES (SYMBOLS); INFORMATION SYSTEMS; INTERNET; INTERNET PROTOCOLS; SECURITY OF DATA; SYNTACTICS;

ANOMALY DETECTION; APPLICATION (APP) LAYER; APPLICATION LAYER PROTOCOLS; BUFFER OVERFLOW ATTACKS; DETECTION ACCURACY; MISUSE DETECTION; NETWORK INTRUSION DETECTION; PROTOCOL ANALYSIS; VALUABLE INFORMATIONS; WEB ATTACKS; WEB SECURITY;

INTRUSION DETECTION;

EID: 58449089032     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-540-89862-7_17     Document Type: Conference Paper

References (23)

1. Borisov, N., Brumley, D., Wang, H., Dunagan, J., Joshi, P., Guo, C: Generic application-level protocol analyzer and its language. In: Proc. of Network and Distributed System Security Symposium (NDSS) (2007)
2. Cretu, G., Stavrou, A., Locasto, M., Stolfo, S., Keromytis, A.: Casting out demons: Sanitizing training data for anomaly sensors. In: ieeesp (to appear, 2008)
3. Forrest, S., Hofmeyr, S., Somayaji, A., Longstaff, T.: A sense of self for unix processes. In: Proc. of IEEE Symposium on Security and Privacy, Oakland, CA, USA, pp. 120-128 (1996)
4. Gao, D., Reiter, M., Song, D.: Behavioral distance measurement using hidden markov models. In: Zamboni, D., Krügel, C. (eds.) RAID 2006. LNGS, vol. 4219, pp. 19-40. Springer, Heidelberg (2006)
5. Ingham, K.L., Inoue, H.: Comparing anomaly detection techniques for http. In: Kruegel, C, Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol. 4637, pp. 42-62. Springer, Heidelberg (2007)
6. Ingham, K.L., Somayaji, A. Burge, J., Forrest. S.: Learning dfa representations of http for protecting web applications. Computer Networks 51(5), 1239-1255 (2007)
7. Kruegel, C, Toth, T., Kirda, E.: Service specific anomaly detection for network intrusion detection. In: Proc. of ACM Symposium on Applied Computing, pp. 201-208 (2002)
8. Kruegel, C, Vigna, G.: Anomaly detection of web-based attacks. In: Proc. of 10th ACM Conf. on Computer and Communications Security, pp. 251-261 (2003)
9. Lee, W., Stolfo, S.: A framework for constructing features and models for intrusion detection systems. ACM Transactions on Information Systems Security 3, 227-261 (2000)
10. Leslie, C, Eskin, E., Noble, W.: The spectrum kernel: A string kernel for SVM protein classification. In: Proc. Pacific Symp. Biocomputing, pp. 564-575 (2002)
11. Mahoney, M., Chan, P.: PHAD: Packet header anomaly detection for identifying hostile network traffic. Technical Report CS-2001-2, Florida Institute of Technol- ogy (2001)
12. Mahoney, M, Chan, P.: Learning nonstationary models of normal network traffic for detecting novel attacks. In: Proc. of ACM S1GKDD International Conference on Knowledge Discovery and Data Mining (KDD), pp. 376-385 (2002)
13. Müller, K.-R., Mika, S., R.atsch, G., Tsuda, K., Scholkopf, B.: An introduction to kernel-based learning algorithms. IEEE Neural Networks 12(2), 181-201 (2001)
14. Pang, R, Paxson, V., Sommer, R., Peterson, L.: binpae: a, yacc for writing application protocol parsers. In: Proc. of ACM Internet Measurement Conference, pp. 289-300 (2006)
15. Paxson, V.: Bro: a system for detecting network intruders in real-time. In: Proc. of USEN1X Security Symposium, pp. 31-51 (1998)
16. Rieck, K., Laskov, P.: Detecting unknown network attacks using language models. In: Büchkes, R., Laskov, P. (eds.) D1MVA 2006. LNCS, vol. 4064, pp. 74-90. Springer, Heidelberg (2006)
17. Rieck, K., Laskov, P.: Language models for detection of unknown attacks in network traffic. Journal in Computer Virology 2(4), 243-256 (2007)
18. Rieck, K., Laskov, P.: Linear-time computation of similarity measures for sequential data. Journal of Machine Learning Research 9, 23-48 (2008)
19. Roesch, M.: Snort: Lightweight intrusion detection for networks. In: Proc. of USEN1X Large Installation System Administration Conference LISA, pp. 229-238 (1999)
20. Shawe-Taylor, J., Cristianini, N.: Kernel methods for pattern analysis. Cambridge University Press, Cambridge (2004)
21. Tax, D., Duin, R,.: Data domain description by support vectors. In: Verleysen, M. (ed.) Proc. ESANN, Brussels, pp. 251-256. D. Facto Press (1999)
22. Wang, K., Parekh, J., Stolfo, S.: Anagram: A content anomaly detector resistant to mimicry attack. In: Zamboni, D., Krügel, C. (eds.) RAID 2006. LNCS, vol. 4219, pp. 226-248. Springer, Heidelberg (2006)
23. Wang, K., Stolfo, S.: Anomalous payload-based network intrusion detection. In: Jonsson, E., Valdes, A., Almgren, M. (eds.) RAID 2004. LNCS, vol. 3224, pp. 203-222. Springer, Heidelberg (2004)