ALERT-ID: Analyze logs of the network element in real time for intrusion detection

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 7462 LNCS, Issue , 2012, Pages 294-313

  Chu, Jie ^a   Ge, Zihui ^b   Huber, Richard ^c   Ji, Ping ^a   Yates, Jennifer ^b   Yu, Yung Chao ^c  

^a CITY UNIVERSITY OF NEW YORK   (United States)

^b AT AND T LABS RESEARCH   (United States)

^c AT AND T LABS RESEARCH   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ACCESS CONTROL LISTS; ALARM RATE; AUTHENTICATION , AUTHORIZATION AND ACCOUNTINGS; CONFIGURATION AND CONTROL; DEVICE ACCESS; EDGE ROUTERS; INTRUSION DETECTION SYSTEMS; MANAGEMENT ACTIVITIES; NETWORK DEVICES; NETWORK ELEMENT; NETWORKING INFRASTRUCTURE; NORMAL BEHAVIOR; OPERATIONAL ACTIVITY; REAL TIME; SECURITY MEASURE; TACACS;

AUTHENTICATION; COMPUTER CRIME; INTERNET SERVICE PROVIDERS; NETWORK MANAGEMENT; WEBSITES;

INTRUSION DETECTION;

EID: 84867873989     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-642-33338-5_15     Document Type: Conference Paper

References (18)

1. Anderson, J.P.: Computer security threat monitoring and surveillance. Technical Report James P Anderson Co Fort Washington Pa, p. 56 (1980)
2. Carrel, D., Grant, L.: The TACACS+ protocol (January 1997)
3. Dreger, H., Feldmann, A.,Mai, M., Paxson, V., Sommer, R.: Dynamic application-layer protocol analysis for network intrusion detection. In: Proceedings of the 15th conference on USENIX Security Symposium, vol. 15. USENIX Association, Berkeley (2006)
4. Iglesias, J.A., Ledezma, A., Sanchis, A.: Creating User Profiles from a Command-Line Interface: A Statistical Approach. In: Houben, G.-J., McCalla, G., Pianesi, F., Zancanaro, M. (eds.) UMAP 2009. LNCS, vol. 5535, pp. 90-101. Springer, Heidelberg (2009)
5. Krishnamurthy, B., Sen, S., Zhang, Y., Chen, Y.: Sketch-based change detection: methods, evaluation, and applications. In: Proceedings of the 3rd ACM SIGCOMM Conference on Internet Measurement, IMC 2003, pp. 234-247. ACM, New York (2003)
6. Li, Z., Xia, G., Gao, H., Tang, Y., Chen, Y., Liu, B., Jiang, J., Lv, Y.: Netshield: massive semantics-based vulnerability signature matching for high-speed networks. In: Proceedings of the ACM SIGCOMM 2010 Conference on SIGCOMM, SIGCOMM 2010, pp. 279-290. ACM, New York (2010)
7. Lunt, T.F., Jagannathan, R., Lee, R., Listgarten, S., Edwards, D.L., Neumann, P.G., Javitz, H.S., Valdes, A., Lunt, T.F., Jagannathan, R., Lee, R., Listgarten, S., Edwards, D.L., Neumann, P.G., Javitz, H.S., Valdes, A.: Ides: The enhanced prototype - a real-time intrusiondetection expert system. Tech. rep., SRI International, 333 Ravenswood Avenue, Menlo Park (1988)
8. Maggi, F., Matteucci, M., Zanero, S.: Detecting intrusions through system call sequence and argument analysis. IEEE Transactions on Dependable and Secure Computing 7, 381-395 (2010)
9. Maronna, R., Martin, R., Yohai, V.: Robust statistics: theory and methods. Wiley series in probability and statistics. J. Wiley (2006)
10. Maxion, R.: Masquerade detection using enriched command lines. In: Proc. of 2003 International Conference on Dependable Systems and Networks, pp. 5-14 (June 2003)
11. Paxson, V.: Bro: a system for detecting network intruders in real-time. Comput. Netw. 31, 2435-2463 (1999)
12. Rigney, C.,Willens, S., Rubens, A., Simpson,W.: Remote authentication dial in user service, radius (2000)
13. Robertson, W., Maggi, F., Kruegel, C., Vigna, G.: Effective Anomaly Detection with Scarce Training Data. In: Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA (February 2010)
14. Roesch, M.: Snort - lightweight intrusion detection for networks. In: Proceedings of the 13th USENIX Conference on System Administration, LISA 1999, pp. 229-238. USENIX Association, Berkeley (1999)
15. Salem, M.B., Stolfo, S.J.: A comparison of one-class bag-of-words user behavior modeling techniques for masquerade detection. Security and Communication Networks (2011)
16. Song, Y., Keromytis, A.D., Stolfo, S.J.: Spectrogram: A mixture-of-markov-chains model for anomaly detection in web traffic. In: NDSS. The Internet Society (2009)
17. Stefan, A.: Intrusion detection systems: A survey and taxonomy. Technical Report 99(Technical report 99-15), 1-15 (2000)
18. Suo, X., Zhu, Y., Owen, G.S.: Graphical passwords: A survey. In: Proceedings of the 21st Annual Computer Security Applications Conference, pp. 463-472. IEEE Computer Society, Washington, DC (2005)