A stateful intrusion detection system for World-Wide Web servers

Proceedings - Annual Computer Security Applications Conference, ACSAC

Volumn 2003-January, Issue , 2003, Pages 34-43

  Vigna, Giovanni ^a   Robertson, William ^a   Kher, Vishal ^a   Kemmerer, Richard A ^a  

^a University of California   (United States)

Author keywords

Intrusion Detection; Security; World Wide Web

Indexed keywords

COMPLEX NETWORKS; COMPUTATIONAL LINGUISTICS; COMPUTER CRIME; DAMAGE DETECTION; MERCURY (METAL); PERSONAL COMPUTING; SECURITY OF DATA; SECURITY SYSTEMS; WEB SERVICES; WEBSITES; WORLD WIDE WEB;

INTEGRATED ANALYSIS; INTRUSION DETECTION SYSTEMS; MALICIOUS ACTIVITIES; MALICIOUS BEHAVIOR; SECURITY; STATES AND TRANSITIONS; SYSTEM ADMINISTRATORS; WEB-BASED APPLICATIONS;

INTRUSION DETECTION;

EID: 62349108537     PISSN: 10639527     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CSAC.2003.1254308     Document Type: Conference Paper

References (25)

1. M. Almgren, H. Debar, and M. Dacier. A lightweight tool for detecting web server attacks. In Proceedings of the ISOC Symposium on Network and Distributed Systems Security, San Diego, CA, February 2000.
2. M. Almgren and U. Lindqvist. Application-Integrated Data Collection for Security Monitoring. In Proceedings of Recent Advances in Intrusion Detection (RAID), LNCS, pages 22-36, Davis, CA, October 2001. Springer.
3. CERT/CC. "Code Red Worm" Exploiting Buffer Overflow In IIS Indexing Service DLL. Advisory CA- 2001-19, July 2001.
4. CERT/CC. Apache/mod ssl Worm. Advisory CA- 2002-27, October 2002.
5. D. Curry and H. Debar. Intrusion Detection Message Exchange Format: Extensible Markup Language (XML) Document Type Definition. draft-ietf-idwg-idmef-xml-07.txt, June 2002.
6. S.T. Eckmann, G. Vigna, and R.A. Kemmerer. STATL: An Attack Language for State-based Intrusion Detection. Journal of Computer Security, 10(1/2):71-104, 2002.
7. R. Fielding. wwwstat: HTTPd Logfile Analysis Software. http://ftp.ics.uci.edu/pub/websoft/wwwstat/, November 1996.
8. Paul Helman and Gunar Liepins. Statistical Foundations of Audit Trail Analysis for the Detection of Computer Misuse. In IEEE Transactions on Software Engineering, volume Vol 19, No. 9, pages 886-901, 1993.
9. K. Ilgun, R.A. Kemmerer, and P.A. Porras. State Transition Analysis: A Rule-Based Intrusion Detection System. IEEE Transactions on Software Engineering, 21(3):181-199, March 1995.
10. H. S. Javitz and A. Valdes. The NIDES Statistical Component Description and Justification. Technical report, SRI International, Menlo Park, CA, March 1994.
11. D. Klein. Defending Against the Wily Surfer: Webbased Attacks and Defenses. In Proceedings of the USENIX Workshop on Intrusion Detection and Network Monitoring, Santa Clara, CA, April 1999.
12. C. Ko, M. Ruschitzka, and K. Levitt. Execution Monitoring of Security-Critical Programs in Distributed Systems: A Specification-based Approach. In Proceedings of the 1997 IEEE Symposium on Security and Privacy, pages 175-187, May 1997.
13. M. Koster. A Method for Web Robots Control. Internet Draft, draft-koster-robots-00.txt, December 1996.
14. U. Lindqvist and P.A. Porras. Detecting Computer and Network Misuse with the Production-Based Expert System Toolset (P-BEST). In IEEE Symposium on Security and Privacy, pages 146-161, Oakland, California, May 1999.
15. T.H. Ptacek and T.N. Newsham. Insertion, Evasion and Denial of Service: Eluding Network Intrusion Detection. Technical report, Secure Networks, January 1998.
16. M. Roesch. Snort - Lightweight Intrusion Detection for Networks. In Proceedings of the USENIX LISA '99 Conference, November 1999.
17. Sun Microsystems, Inc. Installing, Administering, and Using the Basic Security Module. 2550 Garcia Ave., Mountain View, CA 94043, December 1991.
18. Tcpdump and Libpcap Documentation. http://www.tcpdump.org/, June 2002.
19. Security Tracker. Vulnerability statistics april 2001-march 2002. http://www.securitytracker.com/learn/statistics.html, April 2002.
20. A. Valdes and K. Skinner. An Approach to Sensor Correlation. In Proceedings of RAID 2000, Tolouse, France, October 2000.
21. G. Vigna, S. Eckmann, and R. Kemmerer. The STAT Tool Suite. In Proceedings of DISCEX 2000, Hilton Head, South Carolina, January 2000. IEEE Computer Society Press.
22. th International Symposiun on Recent Advances in Intrusion Detection (RAID 2001), volume 2212 of LNCS, pages 69-84, Davis, CA, October 2001. Springer-Verlag.
23. th European Software Engineering Conference, Helsinki, Finland, September 2003.
24. D. Wagner and D. Dean. Intrusion Detection via Static Analysis. In Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, May 2001. IEEE Press.
25. C. Warrender, S. Forrest, and B.A. Pearlmutter. Detecting intrusions using system calls: Alternative data models. In IEEE Symposium on Security and Privacy, pages 133-145, 1999.