Detecting computer and network misuse through the production-based expert system toolset (P-BEST)

Proceedings - IEEE Symposium on Security and Privacy

Volumn 1999-January, Issue , 1999, Pages 146-161

  Lindqvist, Ulf ^a   Porras, Phillip A ^b  

^a CHALMERS UNIVERSITY OF TECHNOLOGY   (Sweden)

^b SRI INTERNATIONAL   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

C (PROGRAMMING LANGUAGE); COMPUTATIONAL LINGUISTICS; COMPUTER NETWORKS; DENIAL-OF-SERVICE ATTACK; EXPERT SYSTEMS; MERCURY (METAL); REAL TIME SYSTEMS;

CLOSE INTEGRATION; COMPUTER AND NETWORKS; COMPUTING ENVIRONMENTS; EXPERT SYSTEM DEVELOPMENT; GENERIC SIGNATURE; INTRUSION DETECTION SYSTEMS; MISUSE DETECTION; PERFORMANCE MEASUREMENTS;

INTRUSION DETECTION;

EID: 84940110274     PISSN: 10816011     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/SECPRI.1999.766911     Document Type: Conference Paper

References (20)

1. D. Anderson, T. Frivold, and A. Valdes. Next-generation intrusion-detection expert system (NIDES). Technical Report SRI-CSL-95-07, Computer Science Laboratory, SRI International, Menlo Park, CA 94025-3493, USA, May 1995
2. S. Axelsson, U. Lindqvist, U. Gustafson, and E. Jonsson. An approach to UNIX security logging. In Proceedings of the 21st National Information Systems Security Conference, pages 62-75, Arlington, Virginia, Oct. 5-8, 1998. National Institute of Standards and Technology/National Computer Security Center
3. D. Bruschi, E. Rosti, and R. Banfi. A tool for pro-Active defense against the buffer overrun attack. In J.-J. Quisquater et al., editors, Computer Security-Proceedings of ESORICS 98, volume 1485 of LNCS, pages 17-31, Louvainla-Neuve, Belgium, Sept. 16-18, 1998. Springer-Verlag
4. H. Debar, M. Becker, and D. Siboni. A neural network component for an intrusion detection system. In Proceedings of the 1992 IEEE Symposium on Security and Privacy, pages 240-250, Oakland, California, May 4-6, 1992. IEEE Computer Society Press
5. D. E. Denning. An intrusion-detection model. IEEE Transactions on Software Engineering, SE-13(2):222-232, Feb. 1987
6. D. E. Denning and P. G. Neumann. Requirements and model for IDES-A real-Time intrusion detection expert system. Technical report, Computer Science Laboratory, SRI International, Menlo Park, CA 94025-3493, USA, 1985
7. S. Forrest, S. A. Hofmeyr, A. Somayaji, and T. A. Longstaff. A sense of self for Unix processes. In Proceedings of the 1996 IEEE Symposium on Security and Privacy, pages 120-128, Oakland, California, May 6-8, 1996. IEEE Computer Society Press
8. T. D. Garvey and T. F. Lunt. Model-based intrusion detection. In Proceedings of the 14th National Computer Security Conference, pages 372-385, Washington, D.C., Oct. 1-4, 1991. National Institute of Standards and Technology/National Computer Security Center
9. J. Habra, B. Le Charlier, A. Mounji, and I. Mathieu. ASAX: Software architecture and rule-based language for universal audit trail analysis. In Y. Deswarte et al., editors, Computer Security-Proceedings of ESORICS 92, volume 648 of LNCS, pages 435-450, Toulouse, France, Nov. 23-25, 1992. Springer-Verlag
10. K. Ilgun, R. A. Kemmerer, and P. A. Porras. State transition analysis: A rule-based intrusion detection approach. IEEE Transactions on Software Engineering, 21(3):181-199, Mar. 1995
11. K. A. Jackson, D. H. DuBois, and C. A. Stallings. An expert system application for network intrusion detection. In Proceedings of the 14th National Computer Security Conference, pages 215-225, Washington, D.C., Oct. 1-4, 1991. National Institute of Standards and Technology/National Computer Security Center
12. H. S. Javitz and A. Valdes. The SRI IDES statistical anomaly detector. In Proceedings of the 1991 IEEE Symposium on Security and Privacy, pages 316-326, Oakland, California, May 20-22, 1991. IEEE Computer Society Press
13. S. Kumar. Classification and Detection of Computer Intrusions. PhD thesis, Purdue University, West Lafayette, Indiana, Aug. 1995
14. T. F. Lunt, R. Jagannathan, R. Lee, A. Whitehurst, and S. Listgarten. Knowledge-based intrusion detection. In Proceedings of the Annual AI Systems in Government Conference, pages 102-107, Washington, D.C., Mar. 27-31, 1989. IEEE Computer Society Press
15. P. A. Porras and R. A. Kemmerer. Penetration state transition analysis: A rule-based intrusion detection approach. In Proceedings of the Eighth Annual Computer Security Applications Conference, pages 220-229, San Antonio, Texas, Nov. 30-Dec. 4, 1992. IEEE Computer Society Press
16. P. A. Porras and P. G. Neumann. EMERALD: Event monitoring enabling responses to anomalous live disturbances. In Proceedings of the 20th National Information Systems Security Conference, pages 353-365, Baltimore, Maryland, Oct. 7-10 1997. National Institute of Standards and Technology/National Computer Security Center
17. C. L. Schuba, I. V. Krsul, M. G. Kuhn, E. H. Spafford, A. Sundaram, and D. Zamboni. Analysis of a denial of service attack on TCP. In Proceedings of the 1997 IEEE Symposium on Security and Privacy, pages 208-223, Oakland, California, May 4-7, 1997. IEEE Computer Society Press
18. M. M. Sebring, E. Shellhouse, M. E. Hanna, and R. A. Whitehurst. Expert systems in intrusion detection: A case study. In Proceedings of the 11th National Computer Security Conference, pages 74-81, Baltimore, Maryland, Oct. 17-20, 1988. National Institute of Standards and Technology/National Computer Security Center
19. Sun Microsystems, Inc., 2550 Garcia Avenue, Mountain View, CA 94043-1100, USA. SunSHIELD Basic Security Module Guide, Nov. 1995
20. H. S. Vaccaro and G. E. Liepins. Detection of anomalous computer session activity. In Proceedings of the 1989 IEEE Symposium on Security and Privacy, pages 280-289, Oakland, California, May 1-3, 1989. IEEE Computer Society Press