The effect of identifying vulnerabilities and patching software on the utility of network intrusion detection

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 2516, Issue , 2002, Pages 307-326

  Lippmann, Richard ^a   Webster, Seth ^a   Stetson, Douglas ^a  

^a MIT LINCOLN LABORATORY   (United States)

Author keywords

Attack; DoS; Exploit; False alarm; Internet; Intrusion detection; Network; Patch; Probe; Scan; Signature; Vulnerability; Worm

Indexed keywords

COMPUTER CRIME; DOS; INTERNET; MERCURY (METAL); NETWORK SECURITY; NETWORKS (CIRCUITS); PROBES;

ATTACK; EXPLOIT; FALSE ALARMS; PATCH; SCAN; SIGNATURE; VULNERABILITY; WORM;

INTRUSION DETECTION;

EID: 84958970105     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/3-540-36084-0_17     Document Type: Conference Paper

References (25)

1. Arbaugh, W.A., W.L. Fithen, and J. McHugh, Windows of Vulnerability: A Case Study Analysis, IEEE Computer, 2000. 33,(12), 52-59, http://www.cs.umd.edu/~waa/pubs/Windows_of_Vulnerability.pdf.
2. CAIDA, Code-Red Worms: A Global Threat, Cooperative Association for Internet Data Analysis (CAIDA), 28 November 2001, http://www.caida.org/analysis/security/code-red/.
3. Chien, E., W32.Nimda.A@mm Worm, Symantec Corporation, 18 September 2001, http://www.symantec.com/avcenter/venc/data/w32.nimda.a@mm.html.
4. CVE, Common Vulnerabilities and Exposures, The MITRE Corporation, 2002, http://www.cve.mitre.org/.
5. Dayioglu, B. and A. Ozgit, Use of Passive Network Mapping to Enhance Signature Quality of Misuse Network Intrusion Detection Systems, in Proceedings of the Sixteenth International Symposium on Computer and Information Sciences, 2001, http://www.dayioglu.net/publications/iscis2001.pdf.
6. Dittrich, D., Distributed Denial of Service (DDoS) Attacks/tools, University of Washington, Seattle, 2001, http://staff.washington.edu/dittrich/misc/ddos/.
7. Dougherty, C., S. Hernan, J. Havrilla, J. Carpenter, A. Manion, I. Finlay, and J. Shaffer, CERT Advisory CA-2001-11 sadmind/IIS Worm, CERT Coordination Center, 8 May 2001, http://www.cert.org/advisories/CA-2001-11.html.
8. Fearnow, M. and W. Stearns, Lion Worm, SANS Institute, 29 March 2001, http://www.incidents.org/react/lion.php.
9. Forristal, J. and G. Shipley, Vulnerability Assessment Scanners, Network Computing, 8 January 2001, http://www.networkcomputing.com/1201/1201f1b1.html.
10. Hassell, R., R. Permeh, and M. Maiffret, UPNP - Multiple Remote Windows XP/ME/98 Vulnerabilities, eEye Digital Security, 20 December 2001, http://www.eeye.com/html/Research/Advisories/AD20011220.html.
11. Internet Software Consortium, ISC Berkeley Internet Name Domain (BIND) Domain Name System (DNS), January 2002, http://www.isc.org/products/BIND/.
12. Lestat, M., The Ramen Worm and its use of rpc.statd, wu-ftpd and LPRng Vulnerabilities in Red Hat Linux, SANS Institute, 7 February 2001, http://rr.sans.org/malicious/ramen.php.
13. Lippmann, R.P., J.W. Haines, D.J. Fried, J. Korba, and K. Das, The 1999 DARPA offline intrusion detection evaluation. Computer Networks, 2000. 32: pp. 579-595.
14. Mell, P. and T. Grance, The ICAT Metabase CVE Vulnerability Search Engine, National Institute of Standards and Technology, January 2002, http://icat.nist.gov.
15. Mueller, P. and G. Shipley, To Catch a Thief, Network Computing, 2001, http://www.networkcomputing.com/1217/1217f1.html.
16. Netcraft Web Server Survey, Netcraft Ltd., Bath England, October 2001, http://www.netcraft.com/survey/index-200110.html.
17. Nessus, The Nessus Security Scanner, 2002, http://www.nessus.org.
18. NSS Group, Intrusion Detection Systems Group Test (Edition 2), Oakwood House, Wennington, Cambridgeshire, England, December 2001, http://www.nss.co.uk/ids/.
19. Power, R., 2001 CSI/FBI Computer Crime and Security Survey, Computer Security Institute, Spring 2000, http://www.gocsi.com/forms/fbi/pdf.html.
20. Ptacek, T.H. and T.N. Newsham, Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection. Secure Networks, Inc., 1998, http://secinf.net/info/ids/idspaper/idspaper.html.
21. Roesch, M. Snort - Lightweight Intrusion Detection for Networks, in USENIX 13th Systems Administration Conference - LISA '99. Seattle, Washington, 1999, http://www.snort.org.
22. SANS, The Twenty Most Critical Internet Security Vulnerabilities (Updated). Bethesda, MD, System Administration, Networking, and Security (SANS) Institute, 2001, http://www.sans.org/top20.htm.
23. SANS, NIMDA Worm/Virus Report – Final, System Administration, Networking, and Security (SANS) Institute, October 2001, http://www.incidents.org/react/nimda.pdf.
24. Spitzner, L., Know Your Enemy: Passive Fingerprinting, Honeynet Project, January 2002, http://project.honeynet.org/papers/finger/.
25. Yocom, B., K. Brown, and D.V. DerVeer, Review: Intrusion-Detection Products Grow Up, Network World Fusion, 2001, http://www.nwfusion.com/reviews/2001/1008rev.html.