Approaches in anomaly-based network intrusion detection systems

Advances in Information Security

Volumn 38, Issue , 2008, Pages 1-16

  Bolzoni, Damiano ^a   Etalle, Sandro ^a  

^a UNIVERSITY OF TWENTE   (Netherlands)

Author keywords

[No Author keywords available]

Indexed keywords

EID: 84855688895     PISSN: 15682633     EISSN: None     Source Type: Book Series    
DOI: 10.1007/978-0-387-77265-3_1     Document Type: Article

References (29)

1. Bace, R.: Intrusion detection. Macmillan Publishing Co., Inc. (2000)
2. Debar, H., Dacier, M., Wespi, A.: A Revised Taxonomy of Intrusion-Detection Systems. Annales des T́eĺecommunications 55(7-8) (2000) 361-378
3. Allen, J., Christie, A., Fithen, W., McHugh, J., Pickel, J., Stoner, E.: State of the practice of intrusion detection technologies. Technical Report CMU/SEI-99TR-028, Carnegie-Mellon University - Software Engineering Institute (2000)
4. th USENIX Conference on System Administration, USENIX Association (1999) 229-238
5. Sourcefire: Snort Network Intrusion Detection System web site (1999) URL http://www.snort.org.
6. Wang, K., Stolfo, S.J.: Anomalous Payload-Based Network Intrusion Detection. In Jonsson, E., Valdes, A., Almgren, M., eds.: RAID '04: Proc. 7th Symposium on Recent Advances in Intrusion Detection. Volume 3224 of LNCS., Springer-Verlag (2004) 203-222
7. Bolzoni, D., Zambon, E., et-alle, S., Hartel, P.: POSEIDON: a 2-tier Anomaly-based Network Intrusion Detection System. In: IWIA '06: Proc. 4th IEEE International Workshop on Information Assurance, IEEE Computer Society Press (2006) 144-156
8. Debar, H., Dacier, M.,Wespi, A.: Towards a Taxonomy of Intrusion-Detection Systems. Computer Networks 31(8) (1999) 805-822
9. Lippmann, R.P., Cunningham, R.K., Fried, D.J., Garfinkel, S.L., Gorton, A.S., Graf, I., Kendall, K.R., McClung, D.J., Weber, D.J., Webster, S.E., D. Wyschogrod, M.A.Z.: The 1998 DARPA/AFRL off-line intrusion detection evaluation. In: RAID '98: Proc. 1st International Workshop on the Recent Advances in Intrusion Detection. (1998)
10. Lippmann, R., Haines, J.W., Fried, D.J., Korba, J., Das, K.: The 1999 DARPA off-line intrusion detection evaluation. Computer Networks: The International Journal of Computer and Telecommunications Networking 34(4) (2000) 579-595
11. Bay, S.D., Kibler, D., Pazzani, M., Smyth, P.: The UCI KDD archive of large data sets for data mining research and experimentation. SIGKDD Exploration: Newsletter of SIGKDD and Data Mining 2(2) (2000) 81-85
12. Nguyen, B.V.: Self organizing map (SOM) for Anomaly Detection. Technical report, Ohio University (2002)
13. Kohonen, T.: Self-Organizing Maps. Volume 30 of Springer Series in Information Sciences. Springer (1995) (Second Extended Edition 1997).
14. Mahoney, M.V., Chan, P.K.: Learning nonstationary models of normal network traffic for detecting novel attacks. In: KDD '02: Proc. 8th ACM SIGKDD International Conference on Knowledge Discovery and Data mining, ACM Press (2002) 376-385
15. Lee, W., Stolfo, S.J.: A Framework for Constructing Features andModels for Intrusion Detection Systems. ACM Transactions on Information and System Security 3(4) (2000) 227-261
16. Kruegel, C., Toth, T., Kirda, E.: Service specific anomaly detection for network intrusion detection. In: SAC '02: Proc. 2002 ACM Symposium on Applied Computing, ACM Press (2002) 201-208
17. CERT: Ip Denial of Service Attacks. Technical report, CERT Coordination Center (1997) http://www.cert.org/advisories/CA-1997-28.html.
18. Web Application Security Consortium: Web Security Threat Classification (2005) URL http://www.webappsec.org/projects/threat/.
19. The OpenWeb Application Security Project: OWASP Top TenMost CriticalWeb Application Security Vulnerabilities (2006) URL http://www.owasp.org/documentation/topten.html.
20. Security Reason: PostNuke Input Validation Error (2005) URL http://securitytracker.com/alerts/2005/May/1014066.html.
21. PostNuke: PostNuke Content Managament System (2006) URL http://www.postnuke.com/.
22. CERT: Vulnerability in NCSA/Apache CGI example code. Technical report, CERT Coordination Center (1996) URL http://www.cert.org/advisories/CA-1996-06.html.
23. th ACM Conference on Computer Security (CCS' 01), ACM Press (2002) xx-yy
24. Denning, D.E.: An Intrusion-Detection Model. IEEE Transactions on Software Engineering SE-13(2) (1987) 222-232
25. Javitz, H.S., Valdes, A.: The NIDES Statistical Component Description and Justification. Technical Report A010, SRI (1994)
26. Lee, W., Stolfo, S.: Data mining approaches for intrusion detection. In: Proc. 7th USENIX Security Symposium, USENIX Association (1998) 79-94
27. Bolzoni, D., Crispo, B., et-alEtal/et-alle, S.: ATLANTIDES: An architecture for alert verification in network intrusion detection systems. In: LISA '07: Proc. 21st Large Installation System Administration Conference, USENIX Association (2007)
28. Damashek, M.: Gauging similarity with n-grams: Language-independent categorization of text. Science 267(5199) (1995) 843-848
29. Mahoney, M.V., Chan, P.K.: An Analysis of the 1999 DARPA/Lincoln Laboratory Evaluation Data for Network Anomaly Detection. In Vigna, G., Kruegel, C., Jonsson, E., eds.: RAID '03: Proc. 6th Symposium on Recent Advances in Intrusion Detection. Volume 2820 of LNCS., Springer-Verlag (2003) 220-237