Enhancing intrusion detection system with proximity information

International Journal of Security and Networks

Volumn 5, Issue 4, 2010, Pages 207-219

  Zhuang, Zhenyun ^a   Li, Ying ^a   Chen, Zesheng ^b  

^a Georgia Institute of Technology   (United States)

^b INDIANA UNIVERSITY PURDUE UNIVERSITY FORT WAYNE   (United States)

Author keywords

IDSes; Intrusion detection system; Security; Worm

Indexed keywords

ANOMALY DETECTION; COMPUTER CRIME;

FALSE POSITIVE RATES; HIGH DETECTION RATE; IDSES; INTRUSION DETECTION SYSTEM (IDSES); INTRUSION DETECTION SYSTEMS; SECURITY; WIDE SPREADS; WORM;

INTRUSION DETECTION;

EID: 78650662129     PISSN: 17478405     EISSN: 17478413     Source Type: Journal    
DOI: 10.1504/IJSN.2010.037660     Document Type: Article

References (39)

1. Bhatkar, S., Chaturvedi, A. and Sekar, R. (2006) 'Dataflow anomaly detection', SP '06: Proceedings of the 2006 IEEE Symposium on Security and Privacy, IEEE Computer Society, Washington DC, USA, pp.48-62.
2. Bos, H. and Huang, K. (2005) 'Towards software-based signature detection for intrusion prevention on the network card', Proceedings of RAID, ACM, Seattle, WA, USA.
3. Cathey, R., Ma, L., Goharian, N. and Grossman, D. (2003) 'Misuse detection for information retrieval systems', CIKM '03: Proceedings of the Twelfth International Conference on Information and Knowledge Management, New Orleans, LA, USA, pp.183-190.
4. Chen, Z. and Ji, C. (2007) 'Measuring network-aware worm spreading ability', Proceedings of IEEE INFOCOM, Anchorage, AK, USA, pp.116-124.
5. Chen, Z., Ji, C. and Paul, B. (2008) 'Spatial-temporal characteristics of internet malicious sources', Proceedings of IEEE INFOCOM (Mini-Conference), Phoenix, AZ, USA.
6. Chung, C.Y., Gertz, M. and Levitt, K. (1999) 'Demids: a misuse detection system for database systems', Proceedings of the Third International IFIP TC-11 WG11.5 Working Conference on Integrity and Internal Control in Information Systems, Kluwer Academic Publishers, Amsterdam, The Netherlands, pp.159-178.
7. Cova, M., Balzarotti, D., Felmetsger, V. and Vigna, G. (2007) 'Swaddler: an approach for the anomaly-based detection of state violations in web applications', Proceedings of RAID, 5-7 September, Queensland, Australia, pp.63-86.
8. Debar, H., Dacier, M. and Wespi, A. (1999) A Revised Taxonomy for Intrusion Detection Systems, Technical report, IBM Research, October.
9. Denning, D.E. (1987) 'An intrusion-detection model', IEEE Trans. Softw. Eng., Vol. 13, No. 2, pp.222-232.
10. Dreger, H., Feldmann, A., Mai, M., Paxson, V. and Sommer, R. (2006) 'Dynamic application-layer protocol analysis for network intrusion detection', Proceeding of USENIX-SS'06, USENIX Association, Berkeley, CA, USA.
11. Fogla, P. and Lee, W. (2006) 'Evading network anomaly detection systems: formal reasoning and practical techniques', CCS '06: Proceedings of the 13th ACM Conference on Computer and Communications Security, ACM, New York, NY, USA, pp.59-68.
12. Giffin, J.T., Dagon, D., Jha, S., Lee, W. and Miller, B.P. (2005) 'Environment-sensitive intrusion detection', Proceedings of RAID, pp.185-206.
13. González, J.M. and Paxson, V. (2006) 'Enhancing network intrusion detection with integrated sampling and filtering', Proceedings of RAID, pp.272-289.
14. Gopalakrishna, R., Spafford, E.H. and Vitek, J. (2005) 'Efficient intrusion detection using automaton inlining', SP '05: Proceedings of the 2005 IEEE Symposium on Security and Privacy, IEEE Computer Society, Washington DC, USA, pp.18-31.
15. Gosh, A.K., Wanken, J. and Charron, F. (1998) 'Detecting anomalous and unknown intrusions against programs', ACSAC '98: Proceedings of the 14th Annual Computer Security Applications Conference, IEEE Computer Society, Washington DC, USA, p.259.
16. Krügel, C. and Toth, T. (2003) 'Using decision trees to improve signature-based intrusion detection', Proceedings of RAID, pp.173-191.
17. Lane, T. and Brodley, C.E. (1999) 'Temporal sequence learning and data reduction for anomaly detection', ACM Trans. Inf. Syst. Secur., Vol. 2, No. 3, pp.295-331.
18. Lindqvist, U. and Porras, P.A. (1999) 'Detecting computer and network misuse through the production-based expert system toolset (p-BEST)', IEEE Symposium on Security and Privacy, pp.146-161.
19. Muelder, C., Ma, K-L. and Bartoletti, T. (2005) 'Interactive visualization for network and port scan detection', Proceedings of RAID, pp.265-283.
20. Mutz, D., Robertson, W.K., Vigna, G. and Kemmerer, R.A. (2007) 'Exploiting execution context for the detection of anomalous system calls', Proceedings of RAID, pp.1-20.
21. Padmanabhan, V.N. and Subramanian, L. (2001) 'An investigation of geographic mapping techniques for internet hosts', SIGCOMM '01, ACM, New York, NY, USA, pp.173-185. (Pubitemid 32981963)
22. Polychronakis, M., Anagnostakis, K.G. and Markatos, E.P. (2007) 'Emulation-based detection of non-self-contained polymorphic shellcode', Proceedings of RAID, Springer, Vol. 4637, pp.87-106.
23. Rajab, M.A., Monrose, F. and Terzis, A. (2005) 'On the effectiveness of distributed worm monitoring', SSYM'05: Proceedings of the 14th Conference on USENIX Security Symposium, USENIX Association, Baltimore, MD, USA, pp.15-15.
24. Rubin, S., Jha, S. and Miller, B.P. (2005) 'Language-based generation and evaluation of nids signatures', SP '05: Proceedings of the 2005 IEEE Symposium on Security and Privacy, IEEE Computer Society, Washington DC, USA, pp.3-17.
25. Sharif, M.I., Singh, K., Giffin, J.T. and Lee, W. (2007) 'Understanding precision in host based intrusion detection', Proceedings of RAID, pp.21-41.
26. Sinha, S., Jahanian, F. and Patel, J.M. (2006) 'Wind: workload-aware intrusion detection', Proceedings of RAID, pp.290-310.
27. Soule, A., Salamatian, K. and Taft, N. (2005) 'Combining filtering and statistical methods for anomaly detection', IMC'05: Proceedings of the Internet Measurement Conference 2005 on Internet Measurement Conference, USENIX Association, Berkeley, CA, USA, pp.31-31.
28. Staniford, S., Moore, D., Paxson, V. and Weaver, N. (2004) 'The top speed of flash worms', WORM '04: Proceedings of the 2004 ACM Workshop on Rapid Malcode, ACM, New York, NY, USA, pp.33-42.
29. Staniford, S., Paxson, V. and Weaver, N. (2002) 'How to own the internet in your spare time', Proceedings of the 11th USENIX Security, San Francisco, CA, USA.
30. Sufatrio and Yap, R.H.C. (2005) 'Improving host-based ids with argument abstraction to prevent mimicry attacks', Proceedings of RAID, pp.146-164.
31. Vallentin, M., Sommer, R., Lee, J., Leres, C., Paxson, V. and Tierney, B. (2007) 'The nids cluster: Scalable, stateful network intrusion detection on commodity hardware', Proceedings of RAID, pp.107-126.
32. Vasiliadis, G., Antonatos, S., Polychronakis, M., Markatos, E.P. and Ioannidis, S. (2008) 'Gnort: high performance network intrusion detection using graphics processors)', in Lippmann, R., Kirda, E. and Trachtenberg, A. (Eds.): Proceedings of RAID, Volume 5230 of Lecture Notes in Computer Science, Springer, Cambridge, MA, USA, pp.116-134.
33. Wang, K., Cretu, G.F. and Stolfo, S.J. (2005) 'Anomalous payload-based worm detection and signature generation', Proceedings of RAID, Seattle, Washington, USA, pp.227-246.
34. Wang, K., Parekh, J.J. and Stolfo, S.J. (2006) 'Anagram: a content anomaly detector resistant to mimicry attack', Proceedings of RAID, Hamburg, Germany, pp.226-248.
35. Zou, C.C., Towsley, D. and Gong, W. (2006) 'On the performance of internet worm scanning strategies', Perform. Eval., Vol. 63, No. 7, pp.700-723.
36. Hostip, IP Address lookup, http://www.hostip.info/dl/ index.html
37. IP2Location, Geolocation IP address to Country City Region
38. Latitude Longitude, http://www.ip2location.com/
39. Libpcap, The Libpcap Project, http://sourceforge.net/projects/ libpcap/