Anomaly-based self protection against network attacks

Autonomic Computing: Concepts, Infrastructure, and Applications

Volumn , Issue , 2006, Pages 493-522

  Qu, Guangzhi ^a   Hariri, Salim ^a  

^a University of Arizona   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

EID: 84962702813     PISSN: None     EISSN: None     Source Type: Book    
DOI: None     Document Type: Chapter

References (69)

1. R. Albert, H. Jeong., and A-L. Barabási, “The Internet’s Achilles’ heel: error and attack tolerance of complex networks,” Nature 406 378, 2000.
2. D. Anderson, T. Frivold, and A. Valdes, “Next-generation intrusion detection expert system (NIDES): A summary,” Technical Report SRI-CSL-95-07, Computer Science Laboratory, SRI International, Menlo Park, California, May 1995.
3. B.G. Batchelor, “Pattern Recognition: Ideas in Practice,” New York: Plenum Press, pp. 71–72, 1978.
4. S.M. Bellovin, “ICMP Traceback Message,” Internet Draft: draft-bellovin-itrace- 00.txt, March 2000.
5. M. Blanc, L. Oudot, and V. Glaume, “Global Intrusion Detection: Prelude Hybrid IDS,” Technical Report, 2003.
6. Botha, M. et al., “The utilization of artificial intelligence in a hybrid intrusion detection system,” South African Institute for Computer Scientists and Information Technologists, pp. 149–155, 2002.
7. CERT, “CERT Advisory CA-2003-04 MS-SQL Serve Worm,” http://www.cert.org/advisories/CA-2003-04.html, January 2003.
8. Cisco netflow, http://www.cisco.com/en/u/products/ps6601/products_ios_protocol_group_home.html.
9. CNN. “Cyber-attacks batter web heavyweights,” http://archives.cnn.com/2000/TECH/computing/02/09/cyber.attacks.01/, February 2000.
10. CNN. “Immense network assault takes down yahoo,” http://archives.cnn.com/2000/TECH/computing/02/08/yahoo.assault.idg/, February 2000.
11. CNN. “Denial-of-service attacks on the rise?” http://archives.cnn.com/2002/TECH/internet/04/09/dos.threat.idg/, April 2002.
12. S. Cowley and M. Williams, “Slammer slugs Internet, down but not out.” Retrieved on April 20, 2003, from http://www.infoworld.com/article/03/01/25/030125hnsqlnetupd_1.html.
13. M. Crosbie, B. Dole, T. Ellis, I. Krsul, and E. Spafford, IDIOT — Users Guide, Technical Report TR-96-050, Purdue University, COAST Laboratory, September 1996.
14. DARPA KDD99, http://kdd.ics.uci.edu/databases/kddcup/task.html, 2005.
15. D.E. Denning, “An Intrusion Detection Model,” IEEE Transactions on Software Engineering, SE-13: 222–232, 1987.
16. E. Diday, “Recent Progress in Distance and Similarity Measures in Pattern Recognition.” Second International Joint Conference on Pattern Recognition, pp. 534–539, 1974.
17. D. Dittrich, “Distributed Denial of Service (DDoS) Attacks/Tools Page,” from http://staff.washington.edu/dittrich/ddos/.
18. P. Ferguson and D. Senie, “Network Ingress Filtering: Defeating Denial of Service Attacks Which Employ IP Source Address Spoofing,” RFC 2267, January 1998.
19. S. Gaudin, “2003 Worst Year Ever for Viruses, Worms,” http://www.internetnews.com/infra/article.php/3292461, 2003.
20. S. Gibson. “Distributed Reflection Denial of Service,” retrieved from http://grc.com/dos/drdos.htm, February2002.
21. T.M. Gil and M. Poleto, “MULTOPS: a data-structure for denial-of-service attack detection,” In Proceedings of 10th USENIX Security Symposium, August 2001.
22. S. Hariri, G. Qu, T. Dharmagadda, and R. Modukuri, “Impact Analysis of Faults and Attacks in Large-Scale Networks,” IEEE Security and Privacy, September/October 2003 Vol. 1, No. 5.
23. J. Hochberg, et al., Nadir: An automated system for detecting network intrusion and misuse. Computers & Security, 12(23.3):235-248, 1993.
24. Y. T. Hou, Y. Dong and Z. Zhang, “Network Performance Measurement and Analysis Part 1: A Server-Based Measurement Infrastructure.” Retrieved on April 20, 2003 from http://citeseer.nj.nec.com/249251.html.
25. K. Ilgun, A. R. Kemmerer, A. P. Porras, “State Transition Analysis: A Rule- Based Intrusion Detection Approach,” IEEE Transactions on Software Engineering, 21(23.3), 1995.
26. J. Ioannidis and S.M. Bellovin, “Implementing Pushback: Router-Based Defense Against DDoS Attacks,” Proceedings of NDSS’2002, San Diego, CA, February 2002.
27. J. Jin and J. Shi, “Automatic feature extraction of waveform signals for in-process diagnostic performance improvement,” Journal of Intelligent Manufacturing 12, 257–268, 2001.
28. R. Kemmerer and G. Vigna. “Intrusion Detection: A Brief History and Overview,” IEEE Computer 27–30, 2002.
29. K. Kendall, “A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems,” Master’s Thesis, Massachusetts Institute of Technology, 1998.
30. A.D. Keromytis, V. Misra, and D. Rubenstein. “SOS: Secure Overlay Services.” In Proceedings of ACM SIGCOMM 2002, August 2002.
31. T. Killalea, “Recommended Internet Service Provider Security Services and Procedures,” RFC 3013, November 2000.
32. J. Lo, “Denial of Service or NUKE Attacks,” http://www.irchelp.org/irchelp/nuke/index.html March 2005.
33. T. Lunt, A. Tamaru, F. Gilham, R. Jagannathan, C. Jalali, P. G. Neumann, H. S. Javitz, A. Valdes, T.D. Garvey, A real time Intrusion Detection Expert System (IDES) — Final Report, SRI International, Menlo Park, CA, February 1992.
34. R. Manajan et al., “Controlling High Bandwidth Aggregates in the Network,” ICSI Technical Report, July 2001.
35. Matrix, “Slammer worm.” Retrieved April 20, 2003, from http://www.matrixnetsystems.com/ea/2003/20030130.jsp.
36. R.S. Michalski, R. E. Stepp, and E. Diday, “A Recent Advance in Data Analysis: Clustering Objects into Classes Characterized by Conjunctive Concepts,” Progress in Pattern Recognition, Vol. 1, Laveen N. Kanal and Azriel Rosenfeld (Eds.). New York: North-Holland, pp. 33–56, 1981.
37. J. Mirkovic, G. Prier, and P. Reiher, “Attacking DDoS at the Source,” Proceedings of 10th IEEE International Conference on Network Protocol (ICNP2002), 312–321, Paris, France, 2002.
38. D.C. Montgomery, Design and Analysis of Experiments, 5th Edition, New York: John Wiley & Sons, 2000.
39. D. Moore, G. Voelker and S. Savage, “Inferring Internet Denial of Service Activity,” Proceedings of USENIX Security Symposium, 2001, August 2001.
40. M. Nadler and E. P. Smith, “Pattern Recognition Engineering.” New York: John Wiley & Sons, pp. 293–294, 1993.
41. National Research Council, “Committee on the Internet under Crisis Conditions: Learning from the Impact of September 11,” The National Academies Press, 2003. Retrieved from http://www.nap.edu/books/0309087023/html/.
42. C. Papadopoulos, R. Lindell, J. Mehringer, A. Hussain, and R. Govindan, “COSSACK: Coordinated Suppression of Simultaneous Attacks,” Proceedings of DARPA Information Survivability Conference and Exposition, Washington, D.C., 2003.
43. B. Page, “A Report on Internet Worm,” http://www.ee.ryerson.ca/∼elf/hack/iworm.html.
44. K. Park and H. Lee. “On the Effectiveness of Route-Based Packet Filtering for DDoS Attack Prevention in Power-Low Internets.” In Proceedings of the ACM SIGCOMM, pages 15–26, San Diego, CA, August 2001. ACM.
45. M. Parashar, “Interpretive Performance Prediction for High Performance Computing.” PhD thesis, Department of Computer Engineering, Syracuse University, 1994.
46. V. Paxson. “An analysis of using reflectors for distributed denial-of-service attacks,” Computer Communication Review 31(23.3), July 2001.
47. V. Paxson, “End-to-End Internet Packet Dynamics,” Proc., SIGCOMM’97, September 1997.
48. P.A. Porras and P.G. Neumann, “EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances,” Proceedings of National Information Systems Security Conference, 1997.
49. G. Qu, S. Hariri, et al., “Using Abnormality Metrics to Detect and Protect Against Network Attacks,” in the Proceedings of IEEE/ACS International Conference on Pervasive Services (ICPS 2004), Beirut, Lebanon.
50. G. Qu, S. Hariri, et al., “Online Monitoring and Analysis for Self Protection against Network attacks,” International Conference on Autonomic Computing (ICAC 2004), New York, NY.
51. G. Qu, S. Hariri, X. Zhu, J. Jin, and Y. Mazin, “Multivariate Statistical Online Analysis for Self Protection against Network Attacks,” AICSSA’05.
52. G. Qu, S. Hariri, and Y. Mazin, “A New Dependency and Correlation Analysis for Features,” IEEE Transactions on Knowledge and Data Engineering, Special Issue on Intelligent Data Preparation, September, 2005.
53. Threat and Vulnerability Model for Information Security. Report to the President’s Commission on Critical Infrastructure Protection 1997.
54. S.E. Smaha and J. Winslow, “Misuse detection tools,” Computer Security Journal 10, 1, Spring, 1994, pp. 39–49.
55. S. Savage, D. Wetherall, A. Karlin, T. Anderson, “Practical Network Support for IP Traceback,” In Proceedings of ACM SIGCOMM’2000, August, 2000.
56. S. Smash, “Haystack: An Intrusion Detection System,” Proceedings of the IEEE 4th Aerospace computer security Application conference, Orlando, FL. pp. 37–44, December 1988.
57. A.C. Snoren, C. Partridge, L.A. Sanchez, C.E. Jones, F. Tchakountio, S.T. Kent and W.T. Strayer, “Hash-Based IP Traceback,” Proceedings of ACM SIGCOMM’ 2001, March 2001.
58. D. Song and A. Perrig, “Advanced and Authenticated Marking Schemes for IP Traceback,” In Proceedings of ACM SIGCOMM’2001, March 2001.
59. E. H. Spafford, “The Internet Worm Program: An Analysis,” Purdue Technical Report CSDTR-823, 1998.
60. W. Stallings, “Network Security Essentials” 2nd edition, Upper Saddle River: Prentice-Hall, 2003.
61. R. Stone, “CenterTrack: An IP Overlay Network for Tracking DoS Floods,” Proceedings of 9th USENIX Security Symposium, Denver, Colorado, August 2000.
62. L.P. Swiler, C. Phillips, and T. Gaylor, (1998), “A Graph-Based Network- Vulnerability Analysis System.” Sandia National Laboratories. F. Tsung and J. Shi, (1999), “Integration of Run-to-Run PID Controller and SPC for Process Disturbance Rejection,” IIE Transactions, Vol. 31, pp. 517–527.
63. B. Tjaden, et al, (2004) INBOUNDS: The Integrated Network-Based Ohio University Network Detective Service, retrieved from http://www.mts.jhu.edu/∼marchette/ID04/Papers/SCI2000.pdf
64. “DoS Attack,” Retrieved on April, 2004 from http://www.webopedia.com/TERM/D/DoS_attack.html.
65. D. Yau, J. Liu, and F. Liang, “Defending Against Distributed Denial-of-Service Attacks with Max-min Fair Server-centric Router Throttles,” Proceedings of IWQoS’2002, Miami Beach, FL, May 2002.
66. N. Ye et al., “Hotelling’s T2 Multivariate Profiling for Anomaly Detection,” Proceedings of the 2000 IEEE Workshop on Information Assurance and Security, West Point, NY, June 2000.
67. N. Ye and Q. Chen, “An Anomaly Detection Technique Based on a Chi-Square Statistic for Detecting Intrusions into Information Systems,” Quality and Reliability Engineering Journal, vol. 17, p. 105–112, 2001.
68. K. Zaraska, “IDS Active Response Mechanisms: Countermeasure Subsystem for Prelude IDS,” Technical Report, 2002.
69. K. Zaraska, “Prelude IDS: Current State and Development Perspective,” Technical Report, 2003. (http://www.seclib.com/seclib/index.jsp?page=ids.general).