Towards early warning systems - Challenges, technologies and architecture

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 6027 LNCS, Issue , 2010, Pages 151-164

  Apel, Martin ^a   Biskup, Joachim ^a   Flegel, Ulrich ^b   Meier, Michael ^a  

^a TU DORTMUND UNIVERSITY   (Germany)

^b SAP RESEARCH   (Germany)

Author keywords

automated process chain; clustering; confidentiality; early warning; intrusion detection; signature learning

Indexed keywords

ANALYSIS SYSTEM; AUTOMATED PROCESS; CLUSTERING; COGNITIVE ABILITY; DEPLOYMENT SCENARIOS; DETECTION SYSTEM; EARLY WARNING; EARLY WARNING SYSTEM; EARLY WARNING SYSTEMS; INFORMATION AND COMMUNICATION TECHNOLOGIES; INTEGRATED PROCESS CHAIN; MALWARES; SECURITY INCIDENT; SECURITY THREATS; SIGNATURE GENERATION; TECHNICAL DETAILS;

ALARM SYSTEMS; AUTOMATION; COMPUTER CRIME;

INTRUSION DETECTION;

EID: 77955040319     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-642-14379-3_13     Document Type: Conference Paper

References (32)

1. Grobauer, B., Mehlau, J., Sander, J.: Carmentis: A co-operative approach towards situation awareness and early warning for the internet. In: Proc. of IMF 2006. LNI, vol.97, pp. 55-66. GI (2006)
2. DShield: DShield website (2008), http://www.dshield.org
3. Network, T.E.C.: The European CSIRT Network Website (2008), http://www.ecsirt.net/
4. Engelberth, M., Freiling, F., Göbel, J., Gorecki, C., Holz, T., Trinius, P., Willems, C.: Frühe Warnung durch Beobachten und Verfolgen von bösartiger Software im Deutschen Internet: Das Internet-Malware-Analyse- System (IAS) (in German). In: Sichere Wege in der vernetzten Welt - Tagungsband zum 11. Deutscher IT-Sicherheitskongress (in German), pp. 353-367. SecuMedia Verlag (2009)
5. Bsufka, K., Kroll-Peters, O., Albayrak, S.: Intelligent network-based early warning systems. In: López, J. (ed.) CRITIS 2006. LNCS, vol.4347, pp. 103-111. Springer, Heidelberg (2006)
6. Gattiker, U.: The Information Security Dictionary. Kluwer, Dordrecht (2004)
7. Biskup, J., Hämmerli, B.M., Meier, M., Schmerl, S., Tölle, J., Vogel, M.: 08102 working group - early warning systems. In: Perspectives Workshop: Network Attack Detection and Defense. Dagstuhl Seminar Proceedings, vol.08102 (2008)
8. Baecher, P., Koetter, M., Holz, T., Dornseif, M., Freiling, F.: The Nepenthes platform: An efficient approach to collect malware. In: Zamboni, D., Krügel, C. (eds.) RAID 2006. LNCS, vol.4219, pp. 165-184. Springer, Heidelberg (2006)
9. Amun: Python Honeypot, http://amunhoney.sourceforge.net/
10. Aycock, J.: Computer Viruses and Malware. Springer, Heidelberg (2006)
11. Dullien, T., Rolles, R.: Graph-based comparison of executable objects. In: Proc. of SSTIC 2005 (2005)
12. Rieck, K., Holz, T., Willems, C., Düssel, P., Laskov, P.: Learning and classification of malware behavior. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol.5137, pp. 108-125. Springer, Heidelberg (2008)
13. Willems, C., Holz, T., Freiling, F.: Toward automated dynamic malware analysis using CWSandbox. IEEE Security & Privacy 5(2), 32-39 (2007)
14. Lance, G.N., Williams, W.T.: A general theory of classificatory sorting strategies: II. Clustering systems. The Computer Journal 10(3), 271-277 (1967)
15. Frigui, H., Krishnapuram, R.: A robust clustering algorithm based on competitive agglomeration and soft rejection of outliers. In: Proc. of Computer Vision and Pattern Recognition, vol.550. IEEE, Los Alamitos (1996)
16. Lee, T., Mody, J.: Behavioral classification. In: Proc. of EICAR 2006 (2006)
17. Cilibrasi, R., Vitanyi, P.: Clustering by compression. IEEE Trans. on Information Theory 51, 1523-1545 (2005)
18. Bailey, M., Oberheide, J., Andersen, J., Mao, Z., Jahanian, F., Nazario, J.: Automated classification and analysis of internet malware. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol.4637, pp. 178-197. Springer, Heidelberg (2007)
19. Cebrian, M., Alfonseca, M., Ortega, A.: Common pitfalls using the normalized compression distance. Comm. in Information and Systems 5(4), 367-384 (2005)
20. Rieck, K., Laskov, P.: Linear-time computation of similarity measures for sequential data. Journal of Machine Learning Research 9, 23-48 (2008)
21. Apel, M., Bockermann, C., Meier, M.: Measuring similarity of malware behavior. In: Proc. of 34th LCN 2009. IEEE Computer Society Press, Los Alamitos (2009)
22. Ukkonen, E.: On-line construction of suffix trees. Algorithmica 14(3), 249-260 (1995)
23. Meier, M., Schmerl, S., Koenig, H.: Improving the Efficiency of Misuse Detection. In: Julisch, K., Krügel, C. (eds.) DIMVA 2005. LNCS, vol.3548, pp. 188-205. Springer, Heidelberg (2005)
24. Flegel, U., Biskup, J.: Requirements of information reductions for cooperating intrusion detection agents. In: Müller, G. (ed.) ETRICS 2006. LNCS, vol.3995, pp. 466-480. Springer, Heidelberg (2006)
25. Flegel, U.: Privacy-Respecting Intrusion Detection. Springer, Heidelberg (2007)
26. MyNetWatchman: MyNetWatchman website (2008), http://www.mynetwatchman.com
27. Bailey, M., Cooke, E., Jahanian, F., Nazario, J., Watson, D.: The internet motion sensor - a distributed blackhole monitoring system. In: Proc. of NDSS 2005, The Internet Society, pp. 167-179 (2005)
28. SURFids: SURFids Development Homepage (2008), http://ids.surfnet.nl
29. Zou, C., Gao, L., Gong, W., Towsley, D.: Monitoring and early warning for internet worms. In: Proc. of ACM CCS 2003, pp. 190-199 (2003)
30. Waibel, F.: Das Internet-Analyse-System (IAS) als Komponente einer IT-Sicherheitsarchitektur (in German). In: Sichere Wege in der vernetzten Welt - Tagungsband zum 11. Deutscher IT-Sicherheitskongress (in German), pp. 281-296. SecuMedia Verlag (2009)
31. Elovici, Y., Shabtai, A., Moskovitch, R., Tahan, G., Glezer, C.: Applying machine learning techniques for detection of malicious code in network traffic. In: Hertzberg, J., Beetz, M., Englert, R. (eds.) KI 2007. LNCS (LNAI), vol.4667, pp. 44-50. Springer, Heidelberg (2007)
32. Burbeck, K., Nadjm-Therani, S.: Adwice - anomaly detection with real-time incremental clustering. In: Park, C.-s., Chee, S. (eds.) ICISC 2004. LNCS, vol.3506, pp. 407-424. Springer, Heidelberg (2005)