1.
Ptacek, T.H., Newsham, T.N.: Insertion, evasion, and denial of service: Eluding network intrusion detection. Technical report, Secure Networks Inc. (1998)
2.
Handley, M., Paxson, V., Kreibich, C.: Network intrusion detection: Evasion, traffic normalization, and end-to-end protocol semantics. In: USENIX-Sec 2001, Washington, D.C., USA (2001)
3.
Stuart Staniford, V.P., Weaver, N.: How to 0wn the internet in your spare time. In: Proc. of the 11th USENIX Security Symposium (2002)
4.
James Newsome, B.K., Song, D.: Polygraph: Automatically generating signatures for polymorphic worms. In: Proc. of the IEEE Symposium on Security and Privacy (2005)
5.
Singh, S., Estan, C., Varghese, G., Savage, S.: Automated worm fingerprinting. In: Proc. of the 6th USENIX Symposium on Operating Systems Design and Implementation (OSDI), pp. 45–60 (2004)
6.
Ioannidis, S., Keromytis, A.D., Bellovin, S.M., Smith, J.M.: Implementing a distributed firewall. In: CCS 2000: Proceedings of the 7th ACM conference on Computer and communications security, pp. 190–199. ACM Press, New York (2000)
CrossRef7.
Bos, H., Huang, K.: Towards software-based signature detection for intrusion prevention on the network card. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol. 3858, pp. 102–123. Springer, Heidelberg (2006)
CrossRef8.
Portokalidis, G., Slowinska, A., Bos, H.: Argos: an emulator for fingerprinting zero-day attacks. In: Proc. ACM SIGOPS EUROSYS 2006, Leuven, Belgium (2006)
9.
Roesch, M.: Snort - lightweight intrusion detection for networks. In: Proc. of LISA 1999: 13th Systems Administration Conference (1999)
10.
Cowan, C., Pu, C., Maier, D., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., Zhang, Q.: StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In: Proc. of the 7th USENIX Security Symposium (1998)
11.
Bhatkar, S., Du Varney, D.C., Sekar, R.: Address obfuscation: an efficient approach to combat a broad range of memory error exploits. In: Proc. of the 12th USENIX Security Symposium, pp. 105–120 (2003)
12.
Barrantes, E.G., Ackley, D.H., Forrest, S., Palmer, T.S., Stefanovix, D., Zovi, D.D.: Randomized instruction set emulation to disrupt code injection attacks. In: Proc. of the 10th ACM Conference on Computer and Communications Security (CCS), pp. 281–289 (2003)
13.
Costa, M., Crowcroft, J., Castro, M., Rowstron, A., Zhou, L., Zhang, L., Barham, P.: Vigilante: End-to-end containment of internet worms. In: Proc. of the 20th ACM Symposium on Operating Systems Principles (SOSP), Brighton, UK (2005)
14.
Clark, C., Lee, W., Schimmel, D., Contis, D., Koné, M., Thomas, A.: A hardware platform for network intrusion detection and prevention. In: Third Workshop on Network Processors and Applications, Madrid, Spain (2004)
15.
Williamson, M.M.: Throttling Viruses: Restricting Propagation to Defeat Malicious Mobile Code. In: Proc. of ACSAC Security Conference, Las Vegas, Nevada (2002)
16.
Robertson, W., Vigna, G., Kruegel, C., Kemmerer, R.: Using generalization and characterization techniques in the anomaly-based detection of web attacks. In: NDSS 2005 (2005)
17.
Cowan, C., Beattie, S., Johansen, J., Wagle, P.: PointGuard: Protecting pointers from buffer overflow vulnerabilities. In: Proc. of the 12th USENIX Security Symposium, pp. 91–104 (2003)
18.
Cowan, C., Barringer, M., Beattie, S., Kroah-Hartman, G.: FormatGuard: Automatic protection from printf format string vulnerabilities. In: Proc. of the 10th Usenix Security Symposium (2001)
19.
Provos, N.: Improving host security with system call policies. In: Proc. of the 12th USENIX Security Symposium (2003)
20.
Shankar, U., Talwar, K., Foster, J.S., Wagner, D.: Detecting format string vulnerabilities with type qualifiers. In: Proc. of the 10th USENIX Security Symposium, pp. 201–216 (2001)
21.
Necula, G.C., McPeak, S., Weimer, W.: CCured: Type-safe retrofitting of legacy code. In: Proc. of the Principles of Programming Languages (PoPL) (2002)
22.
bulba and Kil3r: Bypassing Stackguard and Stackshield. Phrack Magazine 10(56) (2000)
23.
gera, riq: Advances in format string exploitation. Phrack Magazine 11(59) (2002)
24.
Liang, Z., Sekar, R.: Fast and automated generation of attack signatures: A basis for building self-protecting servers. In: Proc. ACM CCS, Alexandria, VA, USA, pp. 213–223 (2005)
25.
Krügel, C., Kirda, E., Mutz, D., Robertson, W., Vigna, G.: Polymorphic worm detection using structural information of executables. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol. 3858, pp. 207–226. Springer, Heidelberg (2006)
CrossRef26.
Kerschbaum, F., Spafford, E.H., Zamboni, D.: Using embedded sensors for detecting network attack. Technical report, Purdue University (2000)
27.
Paxson, V.: Bro: A system for detecting network intruders in real-time. Computer Networks 31(23-24), 2435–2463 (1999)
CrossRef28.
Bos, H., de Bruijn, W., Cristea, M., Nguyen, T., Portokalidis, G.: FFPF: Fairly Fast Packet Filters. In: Proceedings of OSDI 2004, San Francisco, CA (2004)
29.
Cristea, M.-L., de Bruijn, W., Bos, H.: FPL-3: Towards language support for distributed packet processing. In: Boutaba, R., Almeroth, K.C., Puigjaner, R., Shen, S., Black, J.P. (eds.) NETWORKING 2005. LNCS, vol. 3462, pp. 743–755. Springer, Heidelberg (2005)
CrossRef30.
Malan, R., Watson, D., Jahanian, F., Howell, P.: Transport and application protocol scrubbing. In: Infocom 2000, Tel-Aviv, Israel (2000)
31.
Laurikari, V.: NFAs with tagged transitions, their conversion to deterministic automata and application to regular expressions. In: SPIRE, pp. 181–187 (2000)
32.
Aho, A.V., Ullman, J.D.: Foundations of Computer Science. Computer Science Press (1992)
33.
Gill, A.: Introduction to the Theory of Finite-state Machines. McGraw-Hill, New York (1962)
MATH34.
Newsome, J., Song, D.: Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In: Proc. of the 12th Annual Network and Distributed System Security Symposium (NDSS) (2005)
35.
SecurityFocus: Can-2003-0245 apache apr-psprintf memory corruption vulnerability (2003),
http://www.securityfocus.com/bid/7723/discussion/
36.
Nguyen, T., Cristea, M., de Bruijn, W., Box, H.: Scalable network monitors for high-speed links: a bottom-up approach. In: Proceedings of IPOM 2004 (2004)