An experience developing an IDS stimulator for the black-box testing of network intrusion detection systems

Proceedings - Annual Computer Security Applications Conference, ACSAC

Volumn 2003-January, Issue , 2003, Pages 374-383

  Mutz, Darren ^a   Vigna, Giovanni ^a   Kemmerer, Richard ^a  

^a University of California   (United States)

Author keywords

Evasion Attacks; Intrusion Detection; Software Testing; Traffic Generation

Indexed keywords

BLACK-BOX TESTING; COMPUTER CRIME; MERCURY (METAL); NETWORK SECURITY; OPEN SOURCE SOFTWARE; SECURITY OF DATA; SECURITY SYSTEMS; SOFTWARE TESTING;

ATTACK SIGNATURE; EVASION ATTACKS; INTRUSION DETECTION SYSTEMS; MALICIOUS BEHAVIOR; NETWORK BASED INTRUSION DETECTION SYSTEMS; NETWORK INTRUSION DETECTION SYSTEMS; SYNTHETIC EVENTS; TRAFFIC GENERATION;

INTRUSION DETECTION;

EID: 84903593793     PISSN: 10639527     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CSAC.2003.1254342     Document Type: Conference Paper

References (26)

1. Anzen. nidsbench:a network intrusion detection system test suite. http://packetstorm.widexs. nl/UNIX/IDS/nidsbench/, 1999.
2. S. Aubert. Idswakeup. http://www.hsc.fr/ressources/outils/idswakeup/, 2000.
3. S. Axelsson. The Base-Rate Fallacy and its Implications for the Difficulty of Intrusion Detection. In Proceedings of the 6th ACMConference on Computer and Communications Security, 1999.
4. R. Durst, T. Champion, B. Witten, E. Miller, and L. Spagnuolo. Addendum to "Testing and Evaluating Computer Intrusion Detection Systems". CACM, 42(9):15, September 1999.
5. R. Durst, T. Champion, B. Witten, E. Miller, and L. Spagnuolo. Testing and Evaluating Computer Intrusion Detection Systems. CACM, 42(7):53-61, July 1999.
6. S. Eckmann. Translating Snort Rules to STATL Scenarios. In Recent Advances in Intrusion Detection, Davis, CA, October 2001. Short paper presentation.
7. S.T. Eckmann. The STATL Attack Detection Language. PhD thesis, Department of Computer Science, UCSB, Santa Barbara, CA, June 2002.
8. S.T. Eckmann, G. Vigna, and R.A. Kemmerer. STATL: An Attack Language for State-based Intrusion Detection. In Proceedings of the ACM Workshop on Intrusion Detection Systems, Athens, Greece, November 2000.
9. C. Giovanni. Fun with Packets: Designing a Stick. http://www.eurocompton.net/stick/, 2002.
10. Paul Helman and Gunar Liepins. Statistical Foundations of Audit Trail Analysis for the Detection of Computer Misuse. In IEEE Transactions on Software Engineering, volume Vol 19, No. 9, pages 886-901, 1993.
11. K. Ilgun, R.A. Kemmerer, and P.A. Porras. State Transition Analysis: A Rule-Based Intrusion Detection System. IEEE Transactions on Software Engineering, 21(3):181-199, March 1995.
12. H. S. Javitz and A. Valdes. The NIDES Statistical Component Description and Justification. Technical report, SRI International, Menlo Park, CA, March 1994.
13. K. Julisch. Mining alarm clusters to improve alarm handling efficiency. In Proceedings of the 17th Annual Computer Security Applications Conference, Orlando, FL, 2001.
14. C. Ko, M. Ruschitzka, and K. Levitt. Execution Monitoring of Security-Critical Programs in Distributed Systems: A Specification-based Approach. In Proceedings of the 1997 IEEE Symposium on Security and Privacy, pages 175-187, May 1997.
15. U. Lindqvist and P.A. Porras. Detecting Computer and Network Misuse with the Production-Based Expert System Toolset (P-BEST). In IEEE Symposium on Security and Privacy, pages 146-161, Oakland, California, May 1999.
16. R. Lippmann, D. Fried, I. Graf, J. Haines, K. Kendall, D. McClung, D. Weber, S. Webster, D. Wyschogrod, R. Cunningham, and M. Zissman. Evaluating Intrustion Detection Systems: The 1998 DARPA Offline Intrusion Detection Evaluation. In Proceedings of the DARPA Information Survivability Conference and Exposition, Volume 2, Hilton Head, SC, January 2000.
17. J. McHugh. Testing Intrusion Detection Systems: A Critique of the 1998 and 1999 DARPA Intrusion Detection System Evalautions as Performed by Lincoln Laboratory. ACM Transaction on Information and System Security, 3(4), November 2000.
18. T. Parr. Antlr - documentation. http://www.antlr.org/.
19. S. Patton, W. Yurcik, and D. Doss. An Achilles' Heel in Signature-Based IDS: Squealing False Positives in SNORT. In Proceedings of RAID 2001, Davis, CA, October 2001.
20. T.H. Ptacek and T.N. Newsham. Insertion, Evasion and Denial of Service: Eluding Network Intrusion Detection. Technical report, Secure Networks, January 1998.
21. M. Ranum. Experience Benchmarking Intrusion Detection Systems. NFR Security White Paper, December 2001.
22. M. Roesch. Snort - Lightweight Intrusion Detection for Networks. In Proceedings of the USENIX LISA '99 Conference, November 1999.
23. Mike Schiffman. libnet. http://packetfactory.net/libnet/, 2002.
24. Sniph. Snot. http://www.sec33.com/sniph/, 2001.
25. D. Wagner and D. Dean. Intrusion Detection via Static Analysis. In Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, May 2001. IEEE Press.
26. C. Warrender, S. Forrest, and B.A. Pearlmutter. Detecting intrusions using system calls: Alternative data models. In IEEE Symposium on Security and Privacy, pages 133-145, 1999.