Skip to main content
SpringerLink
Log in
Book cover

Managing Cyber Threats pp 19–78Cite as

Intrusion Detection: A Survey

  • Chapter

Part of the Massive Computing book series (MACO,volume 5)

Abstract

This chapter provides the overview of the state of the art in intrusion detection research. Intrusion detection systems are software and/or hardware components that monitor computer systems and analyze events occurring in them for signs of intrusions. Due to widespread diversity and complexity of computer infrastructures, it is difficult to provide a completely secure computer system. Therefore, there are numerous security systems and intrusion detection systems that address different aspects of computer security. This chapter first provides taxonomy of computer intrusions, along with brief descriptions of major computer attack categories. Second, a common architecture of intrusion detection systems and their basic characteristics are presented. Third, taxonomy of intrusion detection systems based on five criteria (information source, analysis strategy, time aspects, architecture, response) is given. Finally, intrusion detection systems are classified according to each of these categories and the most representative research prototypes are briefly described.

Keywords

  • intrusion detection
  • taxonomy
  • intrusion detection systems
  • data mining

This is a preview of subscription content, access via your institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   129.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. T. Abraham, IDDM: Intrusion Detection Using Data Mining Techniques, DSTO Electronics and Surveillance Research Laboratory, Department of Defense, Australia Technical Report DSTO-GD-0286, 2001.

    Google Scholar 

  2. C.C. Aggarwal and P. Yu, Outlier Detection for High Dimensional Data, In Proceedings of the ACM SIGMOD International Conference on Management of Data, Santa BArbara, CA, May 2001.

    Google Scholar 

  3. A. AirDefense, http://www.airdefense.net/products/index.html, 2004.

    Google Scholar 

  4. J. Allen, A. Christie, W. Fithen, J. McHugh, J. Pickel, E. Stoner, J. Ellis, E. Hayes, J. Marella and B. Willke, State of the Practice of Intrusion Detection Technologies., Carnegie Mellon University, Pittsburgh, PA Technical Report CMU/SEI-99-TR-028, 1999.

    Google Scholar 

  5. E. Amoroso, Fundamentals of Computer Security Technology, Prentice-Hall PTR, 1994.

    Google Scholar 

  6. D. Anderson, T. Lunt, H. Javitz, A. Tamaru and A. Valdes, Detecting Unusual Program Behavior Using the Statistical Component of the Next-Generation Intrusion Detection Expert System (NIDES), Computer Science Laboratory, SRI International, Menlo Park, CA Technical Report SRI-CSL-95-06.

    Google Scholar 

  7. J.P. Anderson, Computer Security Threat Monitoring and Surveillance, James P. Anderson Co., Box 42, Fort Washington, PA 19034 Technical Report Contract 79F296400, April 1980.

    Google Scholar 

  8. Arbor Networks, Intelligent Network Management with Peakflow Traffic, http://www.arbornetworks.com/products_sp.php, 2003.

    Google Scholar 

  9. ArcSight, Enterprise Security Management Software, http://www.arcsight.com/.

    Google Scholar 

  10. M. Asaka, S. Okazawa, A. Taguchi and S. Goto, A Method of Tracing Intruders by Use of Mobile Agents, In Proceedings of the 9th Annual Conference of the Internet Society (INET’99), San Jose, CA, June 1999.

    Google Scholar 

  11. T. Aslam, A Taxonomy of Security Faults in the UNIX Operating System, Purdue University Master’s thesis, August 1995.

    Google Scholar 

  12. C.R. Attanasio, P.W. Markstein and R.J. Phillips, Penetrating an Operating System: A Study of VM/370 Integrity, IBM System Journal, vol. 15,1, pp. 102–116, 1976.

    CrossRef  Google Scholar 

  13. S. Axelsson, Intrusion Detection Systems: A Survey and Taxonomy, Dept. of Computer Engineering, Chalmers University Technical Report 99–15, March 2000.

    Google Scholar 

  14. AXENT Technologies, Inc, NetProwler-Advanced Network Intrusion Detection, available online at:, http.//www.axent.com/iti/netprowler/idtk_ds_word_l.html, 1999.

    Google Scholar 

  15. R. Bace and P. Mell, NIST Special Publication on Intrusion Detection Systems, 2001.

    Google Scholar 

  16. D. Barbara, N. Wu and S. Jajodia, Detecting Novel Network Intrusions Using Bayes Estimators, In Proceedings of the First SIAM Conference on Data Mining, Chicago, IL, April 2001.

    Google Scholar 

  17. V. Barnett and T. Lewis, Outliers in Statistical Data. New York, NY, John Wiley and Sons, 1994.

    MATH  Google Scholar 

  18. J. Barrus and N. Rowe, A Distributed Autonomous-Agent Network-Intrusion Detection And Response System, In Proceedings of the Command and Control Research and Technology Symposium, Monterey, CA, 577–586, June 1998.

    Google Scholar 

  19. D.S. Bauer and M.E. Koblentz, NIDX-An Expert System For Real-Time, Computer Networking Symposium, 1988.

    Google Scholar 

  20. T. Baving, Network vs. Application-Based Intrusion Detection, Network and Internet Network Security, Computer Science Honours, 2003.

    Google Scholar 

  21. S.M. Bellovin and W.R. Cheswick, Network Firewalls., IEEE Communications Magazine, vol. 32,9, pp. 50–57, September 1994.

    CrossRef  Google Scholar 

  22. M. Bhattacharyya, M. Schultz, E. Eskin, S. Hershkop and S. Stolfo, MET: An Experimental System for Malicious Email Tracking, In Proceedings of the New Security Paradigms Workshop (NSPW), Hampton, VA, September 2002.

    Google Scholar 

  23. M. Bishop, How Attackers Break Programs, and How To Write Programs More Securely, In Proceedings of the 8th USENIX Security Symposium, University of California, Davis, August 1999.

    Google Scholar 

  24. E. Bloedorn, A. Christiansen, W. Hill, C. Skorupka, L. Talbot and J. Tivel, Data Mining for Network Intrusion Detection: How to Get Started, MITRE Technical Report, http://www.mitre.org/work/tech_papers/tech_papers_01/bloedorndatamining, August 2001.

    Google Scholar 

  25. M.M. Breunig, H.P. Kriegel, R.T. Ng and J. Sander, LOF: Identifying Density Based Local Outliers, ACM SIGMOD Conference, vol. Dallas, TX, May 2000.

    Google Scholar 

  26. S. Bridges and R. Vaughn, Fuzzy Data Mining and Genetic Algorithms Applied to Intrusion Detection, In Proceedings of the Twenty-third National Information Systems Security Conference, Baltimore, MD, October 2000.

    Google Scholar 

  27. H. Burch and B. Cheswick, Tracing Anonymous Packets to Their Approximate Source, In Proceedings of the USENIX Large Installation Systems Administration Conference, New Orleans, LA, 319–327, December 2000.

    Google Scholar 

  28. D. Burroughs, L. Wilson and G. Cybenko, Analysis of Distributed Intrusion Detection Systems Using Bayesian Methods, www.ists.dartmouth.edu/IRIA/projects/ipccc.final.pdf, 2002.

    Google Scholar 

  29. J. Cabrera, B. Ravichandran and R. Mehra, Statistical Traffic Modeling For Network Intrusion Detection, In Proceedings of the 8th International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems, San Francisco, CA, August 2000.

    Google Scholar 

  30. J. Cannady, Artificial Neural Networks For Misuse Detection, In Proceedings of the National Information Systems Security Conference (NISSC’98), Arlington, VA, 443–456, October, 1998.

    Google Scholar 

  31. J. Cannady and J. Harrell, A Comparative Analysis of Current Intrusion Detection Technologies, In Proceedings of the Fourth Technology for Information Security Conference’96 (TIS’96), Houston, TX, May 1996.

    Google Scholar 

  32. CERIAS Intrusion Detection Resources, http://www.cerias.purdue.edu/coast/ids/ids-body.html, 2004.

    Google Scholar 

  33. CERT® Advisory CA-1995-13 Syslog Vulnerability-A Workaround for Sendmail, http://www.cert.org/advisories/CA-1995-13.html, September, 1997.

    Google Scholar 

  34. CERT® Advisory CA-1999-04 Melissa Worm and Macro Virus, http://www.cert.org/advisories/CA-1999-04.html, March 1999.

    Google Scholar 

  35. CERT® Advisory CA-2000-14 Microsoft Outlook and Outlook Express Cache Bypass Vulnerability, http://www.cert.org/advisories/CA-2000-14.html, July 2000.

    Google Scholar 

  36. CERT® Advisory CA-2001-26 Nimda Worm, http://www.cert.org/advisories/CA-2001-26.html, September 2001.

    Google Scholar 

  37. CERT® Advisory CA-2003-04 MS-SQL Server Worm, http://www.cert.org/advisories/CA-2003-04.html, 2003.

    Google Scholar 

  38. CERT® Advisory CA-2003-25 Buffer Overflow in Sendmail, http://www.cert.org/advisories/CA-2003-25.html, September, 2003.

    Google Scholar 

  39. P.C. Chan and V.K. Wei, Preemptive Distributed Intrusion Detection Using Mobile Agents, In Proceedings of the Eleventh IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE 2002), Pittsburgh, PA, June 2002.

    Google Scholar 

  40. N. Chawla, A. Lazarevic, L. Hall and K. Bowyer, SMOTEBoost: Improving the Prediction of Minority Class in Boosting, In Proceedings of the Principles of Knowledge Discovery in Databases, PKDD-2003, Cavtat, Croatia, September 2003.

    Google Scholar 

  41. C. Cheng, H.T. Kung and K. Tan, Use of Spectral Analysis in Defense Against DoS Attacks, In Proceedings of the IEEE GLOBECOM, Taipei, Taiwan, 2002.

    Google Scholar 

  42. W.R. Cheswick and S.M. Bellovin, Firewalls and Internet Security-Repelling the Wily Hacker, Addison-Wesley, ISBN 0-201-63357-4, 1994.

    Google Scholar 

  43. R. Chinchani, S. Upadhyaya and K. Kwiat, A Tamper-Resistant Framework for Unambiguous Detection of Attacks in User Space Using Process Monitors, In Proceedings of the IEEE International Workshop on Information Assurance, Darmstadt, Germany, March 2003.

    Google Scholar 

  44. R. Chinchani, S. Upadhyaya and K. Kwiat, Towards the Scalable Implementation of a User Level Anomaly Detection System, In Proceedings of the IEEE Conference on Military Communications Conference (MILCOM), Anaheim, CA, October 2002.

    Google Scholar 

  45. J. Christy, Cyber Threat & Legal Issues, In Proceedings of the ShadowCon’99, Dahlgren, VA, October 26, 1999.

    Google Scholar 

  46. Cisco Intrusion Detection, www.cisco.com/warp/public/cc/pd/sqsw/sqidsz, May 2004.

    Google Scholar 

  47. Cisco Systems, Inc., NetRanger-Enterprise-scale, Real-time, Network Intrusion Detection System, http://www.cisco.com/univercd/cc/td/doc/product/iaabu/netrangr/, 1998.

    Google Scholar 

  48. cknow.com Virus Tutorial, http://www.cknow.com/vtutor/vtmap.htm, 2001.

    Google Scholar 

  49. C. Cowan, C. Pu, D. Maier, H. Hinton, J. Walpole, P. Bakke, S. Beattie, A. Grier and P. Zhang, StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks, In Proceedings of the 7th USENIX Security Symposium, San Antonio, TX, 63–77.

    Google Scholar 

  50. O. Dain and R. Cunningham, Fusing a Heterogeneous Alert Stream Into Scenarios, In Proceedings of the ACM Workshops on Data Mining for Security Applications, Philadelphia, PA, November 2001.

    Google Scholar 

  51. V. Dao and R. Vemuri, Computer Network Intrusion Detection: A Comparison of Neural Networks Methods, Differential Equations and Dynamical Systems, Special Issue on Neural Networks, 2002.

    Google Scholar 

  52. DARPA, DARPA Intrusion Detection Evaluation, http://www.ll.mit.edu/IST/ideval/pubs/pubsindex.html, 2004.

    Google Scholar 

  53. J. De Queiroz and Carmo L., MICHAEL: An Autonomous Mobile Agent System to Protect New Generation Networked Applications, In Proceedings of the 2nd Annual Workshop n Recent Advances in Intrusion Detection, Rio de Janeiro, Brasil, 1999.

    Google Scholar 

  54. H. Debar, M. Becker and D. Siboni, A Neural Network Component for an Intrusion-Detection System, In Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy, Oakland, CA, 240–250, May 1992.

    Google Scholar 

  55. H. Debar, M. Dacier and A. Wespi, Towards a Taxonomy of Intrusion Detection Systems, Computer Networks, vol. 31,8, pp. 805–822, 1999.

    CrossRef  Google Scholar 

  56. D. Denning, An Intrusion-Detection Model, IEEE Transactions on Software Engineering, vol. 13,2, pp. 222–232, 1987.

    Google Scholar 

  57. dmoz Open Security Project, Intrusion Detection Systems, http://dmoz.org/Computers/Security/Intrusion_Detection_Systems/

    Google Scholar 

  58. C. Dowell and P. Ramstedt, The Computerwatch Data Reduction Tool, In Proceedings of the 13th National Computer Security Conference, Washington, DC, 1990.

    Google Scholar 

  59. N. Einwechter, An Introduction To Distributed Intrusion Detection Systems, Security Focus, January 2002.

    Google Scholar 

  60. D. Engelhardt, Directions for Intrusion Detection and Response: A survey, DSTO Electronics and Surveillance Research Laboratory, Department of Defense, Australia Technical Report DSTO-GD-0155, 1997.

    Google Scholar 

  61. L Ertoz, E. Eilertson, A. Lazarevic, P. Tan, J. Srivastava, V. Kumar and P. Dokas, The MINDS-Minnesota Intrusion Detection System, in Data Mining: Next Generation Challenges and Future Directions, A. Joshi H. Kargupta, K. Sivakumar, and Y. Yesha, Ed., 2004.

    Google Scholar 

  62. L. Ertoz, E. Eilertson, P. Dokas, V. Kumar and K. Long, Scan Detection-Revisited, Army High Performance Computing Research Center Technical Report, 2004.

    Google Scholar 

  63. S. Eschrich, Real-Time User Identification Employing Standard Unix Accounting, Florida State University PhD Thesis, Fall 1995.

    Google Scholar 

  64. E. Eskin, Anomaly Detection over Noisy Data using Learned Probability Distributions, In Proceedings of the International Conference on Machine Learning, Stanford University, CA, June 2000.

    Google Scholar 

  65. E. Eskin, A. Arnold, M. Prerau, L. Portnoy and S. Stolfo, A Geometric Framework for Unsupervised Anomaly Detection: Detecting Intrusions in Unlabeled Data, in Applications of Data Mining in Computer Security, Advances In Information Security, S. Jajodia D. Barbara, Ed. Boston: Kluwer Academic Publishers, 2002.

    Google Scholar 

  66. M. Esmaili, B. Balachandran, R. Safavi-Naini and J. Pieprzyk, Case-Based Reasoning For Intrusion Detection, In Proceedings of the 12th Annual Computer Security Applications Conference, San Diego, CA, December 1996.

    Google Scholar 

  67. M. Esmaili, R. Safavi-Naini and B.M. Balachandran, Autoguard: A Continuous Case-Based Intrusion Detection System, In Proceedings of the Australian Computer Science Conference, Australian Computer Science Communications, Sydney, Australia, 392–401, February 1997.

    Google Scholar 

  68. W. Fan, W. Lee, M. Miller, S.J. Stolfo and P.K. Chan, Using Artificial Anomalies to Detect Unknown and Known Network Intrusions, In Proceedings of the First IEEE International conference on Data Mining, vol. San Jose, CA, December 2001.

    Google Scholar 

  69. D. Farmer, Cops Overview, http://www.trouble.org/cops/overview.html, May 1993.

    Google Scholar 

  70. D. Farmer and W. Venema, Improving The Security Of Your Site By Breaking Into It, http://www.trouble.org/security/admin-guide-to-cracking.html

    Google Scholar 

  71. H. Feng, O. Kolesnikov, P. Fogla, W. Lee and W. Gong, Anomaly Detection Using Call Stack Information, In Proceedings of the IEEE Symposium Security and Privacy, Oakland, CA, May 2003.

    Google Scholar 

  72. G. Florez, S. Bridges and R. Vaughn, An Improved Algorithm for Fuzzy Data Mining for Intrusion Detection, In Proceedings of the North American Fuzzy Information Processing Society Conference (NAFIPS 2002), New Orleans, LA, June, 2002.

    Google Scholar 

  73. S. Forrest, S. Hofmeyr, A. Somayaji and T. Longstaff, A Sense of Self for Unix Processes, In Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, 120–128, May 1996.

    Google Scholar 

  74. A. Ghosh and A. Schwartzbard, A Study in Using Neural Networks for Anomaly and Misuse Detection, In Proceedings of the Eighth USENIX Security Symposium, Washington, D.C., 141–151, August, 1999.

    Google Scholar 

  75. T.M Gil and M. Poletto, MULTOPS: A Data-Structure for Bandwidth Attack Detection, In Proceedings of the USENIX Security Symposium, Washington, D.C., 23–28, July 2001.

    Google Scholar 

  76. Google directory, http://directory.google.com/Top/Computers/Security/Intrusion_Detection_Systems

    Google Scholar 

  77. N. Habra, B. LeCharlier, A. Mounji and I. Mathieu, ASAX: Software Architecture and Rule-Based Language for Universal Audit Trail Analysis, In Proceedings of the Second European Symposium on Research in Computer Security (ESORICS), Vol. 648, Lecture Notes in Computer Science, Springer-Verlag, Toulouse, France, November 1992.

    Google Scholar 

  78. S.E. Hansen and E.T. Atkins, Automated System Monitoring and Notification With Swatch., In Proceedings of the Seventh Systems Administration Conference (LISA’ 93), Monterey, CA, November 1993.

    Google Scholar 

  79. S. Hawkins, H. He, G. Williams and R. Baxter, Outlier Detection Using Replicator Neural Networks, In Proceedings of the 4th International Conference on Data Warehousing and Knowledge Discovery (DaWaK02), Lecture Notes in Computer Science 2454, Aix-en-Provence, France, 170–180, September 2002.

    Google Scholar 

  80. Haystack Labs, Inc., Stalker, http://www.haystack.com/stalk.htm, 1997.

    Google Scholar 

  81. L.T. Heberlein, G.V. Dias, K.N. Levitt, B. Mukherjee, J. Wood and D. Wolber, A Network Security Monitor, In Proceedings of the IEEE Symposium on Research in Security and Privacy, Oakland, CA, 296–304, May 1990.

    Google Scholar 

  82. G. Helmer, J.S.K Wong, V. Honavar and L. Miller, Intelligent Agents for Intrusion Detection, In Proceedings of the IEEE Information Technology Conference, Syracuse, NY, 121–124, September 1998.

    Google Scholar 

  83. K. Houle, G. Weaver, N. Long and R. Thomas, Trends in Denial of Service Attack Technology, CERT® Coordination Center, Pittsburgh, PA October 2001.

    Google Scholar 

  84. J.D. Howard, An Analysis of Security Incidents on the Internet, Carnegie Mellon University, Pittsburgh, PA 15213 Ph.D. dissertation, April 1997.

    Google Scholar 

  85. D. Hughes, TkLogger, ftp://coast.cs.purdue.edU/pub/tools/unix/tklogger.tar.Z

    Google Scholar 

  86. K. Ilgun, USTAT A Real-time Intrusion Detection System for UNIX, University of California Santa Barbara Master Thesis, 1992.

    Google Scholar 

  87. Internet Guide, Computer Viruses / Virus Guide, http://www.internet-guide.co.uk/viruses.html, 2002.

    Google Scholar 

  88. Internet Security Systems Wireless Products, Active Wireless Protection, An X-Force’s white paper, available at: documents.iss.net/whitepapers/ActiveWirelessProtection.pdf, September 2002.

    Google Scholar 

  89. Internet Security Systems, Inc., RealSecure, http://www.iss.net/prod/rsds.html, 1997.

    Google Scholar 

  90. Intrusion.com, Intrusion SecureHost, white paper available at: www.intrusion.com/products/hids.asp, 2003.

    Google Scholar 

  91. J. loannidis and S. Bellovin, Implementing Pushback: Router-Based Defense Against DDoS Attacks, In Proceedings of the Network and Distributed System Security Symposium, San Diego, CA, February 2002.

    Google Scholar 

  92. K. Jackson, Intrusion Detection System Product Survey, Los Alamos National Laboratory Research Report, LA-UR-99-3883, June 1999.

    Google Scholar 

  93. R. Jagannathan, T. Lunt, D. Anderson, C. Dodd, F. Gilham, C. Jalali, H. Javitz, P. Neumann, A. Tamaru and A. Valdes, System Design Document: Next-Generation Intrusion Detection Expert System (NIDES). SRI International Technical Report A007/A008/A009/A011/A012/A014, March 1993.

    Google Scholar 

  94. W. Jansen and P. Mell, Mobile Agents in Intrusion Detection and Response, In Proceedings of the 12th Annual Canadian Information Technology Security Symposium, Ottawa, Canada, 2000.

    Google Scholar 

  95. H.S. Javitz and A. Valdes, The SRI IDES Statistical Anomaly Detector, In Proceedings of the IEEE Symposium on Research in Security and Privacy, Oakland, CA, 1991.

    Google Scholar 

  96. N.D. Jayaram and P.L.R. Morse, Network Security-A Taxonomic View, In Proceedings of the European Conference on Security and Detection, School of Computer Science, University of Westminster, UK, Publication No. 437, 28–30, April 1997.

    Google Scholar 

  97. A. Jones and R. Sielken, Computer System Intrusion Detection, University of Virginia Technical Report, 1999.

    Google Scholar 

  98. M. Joshi, R. Agarwal and V. Kumar, PNrule, Mining Needles in a Haystack: Classifying Rare Classes via Two-Phase Rule Induction, In Proceedings of the ACM SIGMOD Conference on Management of Data, Santa Barbara, CA, May 2001.

    Google Scholar 

  99. M. Joshi, R. Agarwal and V. Kumar, Predicting Rare Classes: Can Boosting Make Any Weak Learner Strong?, In Proceedings of the Eight ACM Conference ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, Edmonton, Canada, July 2002.

    Google Scholar 

  100. Y.F. Jou, F. Gong, C. Sargor, S.F. Wu and W.R. Cleaveland, Architecture Design of a Scalable Intrusion Detection System For The Emerging Network Infrastructure, MCNC Information Technologies Division, Research Triangle Park, NC 27709 Technical Report CDRL A005, April 1997.

    Google Scholar 

  101. K. Julisch, Mining Alarm Clusters to Improve Alarm Handling Efficiency, In Proceedings of the 17th Annual Conference on Computer Security Applications, New Orleans, LA, December 2001.

    Google Scholar 

  102. J. Jung, V. Paxson, A. W. Berger and H. Balakrishnan, Fast Portscan Detection Using Sequential Hypothesis Testing, In Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, May, 2004.

    Google Scholar 

  103. K. Kendall, A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems, Massachusetts Institute of Technology Master’s Thesis, 1998.

    Google Scholar 

  104. A.D. Keromytis, V. Misra and D. Rubenstein, SoS: Secure Overlay Services, In Proceedings of the ACM SIGCOMM Conference, Pittsburgh, PA, 61–72, August 2002.

    Google Scholar 

  105. D. Kienzle and M. Elder, Recent Worms. A Survey and Trends, In Proceedings of the The Workshop on Rapid Malcode (WORM 2003), held in conjunction with the 10th ACM Conference on Computer and Communications Security, Washington, DC, October 27, 2003.

    Google Scholar 

  106. G. Kim and E. Spafford, The Design and Implementation of Tripwire: A File System Integrity Checker, In Proceedings of the ACM Conference on Computer and Communications Security, COAST, Purdue University, IN, 18–29, November 1994.

    Google Scholar 

  107. E. Knorr and R. Ng, Algorithms for Mining Distance based Outliers in Large Data Sets, In Proceedings of the Very Large Databases (VLDB) Conference, New York City, NY, August 1998.

    Google Scholar 

  108. I.V. Krsul, Software Vulnerability Analysis, Purdue University Ph.D. dissertation, May 1998.

    Google Scholar 

  109. C. Kruegel and T. Toth, Distributed Pattern Detection For Intrusion Detection, In Proceedings of the Network and Distributed System Security Symposium Conference Proceedings, Internet Society, Los Angeles, CA, February 2002.

    Google Scholar 

  110. C. Krugel and T. Toth, A Survey on Intrusion Detection Systems, Technical University of Vienna Technical report, TUV-1841-00-11, 2000.

    Google Scholar 

  111. C. Krugel, T. Toth and E. Kirda, Service Specific Anomaly Detection for Network Intrusion Detection, In Proceedings of the ACM Symposium on Applied Computing, Madrid, Spain, March 2002.

    Google Scholar 

  112. S. Kumar, Classification and Detection of Computer Intrusion, Computer Science Department, Purdue University Ph.D. dissertation, August 1995.

    Google Scholar 

  113. S. Kumar and E. Spafford, An Application of Pattern Matching in Intrusion Detection, Purdue University Technical Report, 1994.

    Google Scholar 

  114. H. Kvarnstrom, A Survey of Commercial Tools for Intrusion Detection, Chalmers University of Technology, Göteborg, Sweden Technical Report, 1999.

    Google Scholar 

  115. C. Landwehr, A. Bull, J. McDermott and W. Choi, A Taxonomy of Computer Program Security Flaws, ACM Computing Surveys, vol. 26,3, pp. 211–254, September 1994.

    CrossRef  Google Scholar 

  116. T. Lane and C. Brodley, Temporal Sequence Learning and Data Reduction for Anomaly Detection, ACM Transactions on Information and System Security, vol. 2,3, pp. 295–331, 1999.

    CrossRef  Google Scholar 

  117. A. Lazarevic, L. Ertoz, A. Ozgur, J. Srivastava and V. Kumar, A Comparative Study of Anomaly Detection Schemes in Network Intrusion Detection, In Proceedings of the Third SIAM International Conference on Data Mining, San Francisco, CA, May 2003.

    Google Scholar 

  118. A. Lazarevic, J. Srivastava and V. Kumar, Cyber Threat Analysis-A Key Enabling Technology for the Objective Force (A Case Study in Network Intrusion Detection), In Proceedings of the IT/C4ISR, 23rd Army Science Conference, Orlando, FL, December 2002.

    Google Scholar 

  119. W. Lee, S. Stolfo and P. Chan, Patterns from Unix Process Execution Traces for Intrusion Detection, In Proceedings of the AAAI Workshop: AI Approaches to Fraud Detection and Risk Management, Providence, RI, July 1997.

    Google Scholar 

  120. W. Lee, S. Stolfo and K. Mok, Adaptive Intrusion Detection: A Data Mining Approach., Artificial Intelligence Review, vol. 14, pp. 533–567, 2001.

    CrossRef  Google Scholar 

  121. W. Lee and S.J. Stolfo, Data Mining Approaches for Intrusion Detection, In Proceedings of the USENIX Security Symposium, San Antonio, TX, January, 1998.

    Google Scholar 

  122. W. Lee and S.J. Stolfo, A Framework for Constructing Features and Models for Intrusion Detection Systems., ACM Transactions on Information and System Security, vol. 3,4, pp. 227–261, 2000.

    CrossRef  Google Scholar 

  123. W. Lee and D. Xiang, Information-Theoretic Measures for Anomaly Detection, In Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, May 2001.

    Google Scholar 

  124. G. Liepins and H. Vaccaro, Anomaly Detection Purpose and Framework, In Proceedings of the 12th National Computer Security Conference, Baltimore, MD, 495–504, October 1989.

    Google Scholar 

  125. G. Liepins and H. Vaccaro, Intrusion Detection: It’s Role and Validation, Computers and Security, pp. 347–355, 1992.

    Google Scholar 

  126. Y.X. Lim, T. Schmoyer, J. Levine and H.L. Owen, Wireless Intrusion Detection and Response, In Proceedings of the IEEE Workshop on Information Assurance, United States Military Academy, West Point, NY, June 2003.

    Google Scholar 

  127. J.L Lin, X.S. Wang and S. Jajodia, Abstraction-Based Misuse Detection: High-Level Specifications and Adaptable Strategies, In Proceedings of the 11th IEEE Computer Security Foundations Workshop, Rockport, MA, June 1998.

    Google Scholar 

  128. U. Lindqvist and E. Jonsson, How to Systematically Classify Computer Security Intrusions, IEEE Security and Privacy, pp. 154–163, 1997.

    Google Scholar 

  129. U. Lindqvist and P. A. Porras, Detecting Computer and Network Misuse Through the Production-Based Expert System Toolset (P-BEST), In Proceedings of the IEEE Symposium on Security and Privacy, Berkeley, CA, May 1999.

    Google Scholar 

  130. R. Lippmann, The Role of Network Intrusion Detection, In Proceedings of the Workshop on Network Intrusion Detection, H.E.A.T. Center, Aberdeen, MD, March 19–20, 2002.

    Google Scholar 

  131. R. Lippmann and R. Cunningham, Improving Intrusion Detection Performance Using Keyword Selection and Neural Networks, Computer Networks, vol. 34,4, pp. 597–603, 2000.

    CrossRef  Google Scholar 

  132. R. Lippmann, J.W. Haines, D.J. Fried, J. Korba and K. Das, The 1999 DARPA Off-Line Intrusion Detection Evaluation, Computer Networks, 2000.

    Google Scholar 

  133. R.P. Lippmann, R.K. Cunningham, D.J. Fried, I. Graf, K.R. Kendall, S.E. Webster and M.A. Zissman, Results of the DARPA 1998 Offline Intrusion Detection Evaluation, In Proceedings of the Workshop on Recent Advances in Intrusion Detection, (RAID-1999), West Lafayette, IN, September, 1999.

    Google Scholar 

  134. J. Lo, Trojan Horse Attacks, www.irchelp.org/irchelp/security/trojan.html, April 2004.

    Google Scholar 

  135. D. Lough, A Taxonomy of Computer Attacks with Applications to Wireless Networks, Virginia Polytechnic Institute PhD Thesis, April 2001.

    Google Scholar 

  136. T. Lunt, A Survey of Intrusion Detection techniques, Computers & Security, vol. 12,4, pp. 405–418, June 1993.

    CrossRef  Google Scholar 

  137. T. Lunt, R. Jagannathan, R. Lee, S. Listgarten, D.L. Edwards, P.G. Neumann, H.S. Javitz and A. Valdes, IDES: The Enhanced Prototype-A Real-Time Intrusion-Detection Expert System, SRI International Technical Report SRI-CSL-88-12.

    Google Scholar 

  138. T. Lunt, A. Tamaru, F. Gilham, R. Jagannathan, C. Jalali, P.G. Neumann, H.S. Javitz, A. Valdes and T.D. Garvey, A Real Time Intrusion Detection Expert System (IDES), SRI Technical report, 1992.

    Google Scholar 

  139. T.F. Lunt, Real-Time Intrusion Detection, In Proceedings of the Thirty Fourth IEEE Computer Society International Conference (COMPCON), Intellectual Leverage, San Francisco, CA, February 1989.

    Google Scholar 

  140. J. Luo, Integrating Fuzzy Logic With Data Mining Methods for Intrusion Detection, Department of Computer Science, Mississippi State University Master’s thesis, 1999.

    Google Scholar 

  141. R. Mahajan, S. Bellovin, S. Floyd, J. Ioannidis, V. Paxson and S. Shenker, Controlling High Bandwidth Aggregates in The Network, ACM Computer Communication Review, July 2001.

    Google Scholar 

  142. M. Mahoney and P. Chan, Learning Nonstationary Models of Normal Network Traffic for Detecting Novel Attacks, In Proceedings of the Eight ACM International Conference on Knowledge Discovery and Data Mining, Edmonton, Canada, 376–385, July 2002.

    Google Scholar 

  143. S. Manganaris, M. Christensen, D. Serkle and K. Hermiz, A Data Mining Analysis of RTID Alarms, Computer Networks, vol. 34,4, October 2000.

    Google Scholar 

  144. D. Marchette, Computer Intrusion Detection and Network Monitoring, A Statistical Viewpoint. New York, Springer, 2001.

    MATH  Google Scholar 

  145. J. Marin, D. Ragsdale and J. Surdu, A Hybrid Approach to Profile Creation and Intrusion Detection, In Proceedings of the DARPA Information Survivability Conference and Exposition, Anaheim, CA, June, 2001.

    Google Scholar 

  146. R. Maxion and K. Tan, Anomaly Detection in Embedded Systems, IEEE Transactions on Computers, vol. 51,2, pp. 108–120, 2002.

    CrossRef  Google Scholar 

  147. Mazu Profiler™, An Overview, http://www.mazunetworks.com/solutions/white_papers/download/Mazu_Profiler.pdf, December 2003.

    Google Scholar 

  148. M. Medina, A Layered Framework for Placement of Distributed Intrusion Detection Devices, In Proceedings of the 21st National Information Systems Security Conference (NISSC’98), Crystal City, VA, October 1998.

    Google Scholar 

  149. Meier. M. and M. Sobirey, Intrusion Detection Systems List and Bibliography, http://www-rnks.informatik.tu-cottbus.de/en/security/ids.html

    Google Scholar 

  150. Metropolitan, Metropolitan Network BBS, Inc., Kaspersky.ch, Computer Virus Classification, http://www.avp.ch/avpve/classes/classes.stm, 2003.

    Google Scholar 

  151. J. Mirkovic, G. Prier and P. Reiher, Attacking DDoS at the Source, 10th IEEE International Conference on Network Protocols, November 2002.

    Google Scholar 

  152. J. Mirkovic and P. Reiher, A Taxonomy of DDoS Attacks and Defense Mechanisms, ACM Computer Communication Review, April 2004.

    Google Scholar 

  153. D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford and N. Weaver, The Spread of the Sapphire/Slammer Worm, http://www.cs.berkeley.edu/~nweaver/sapphire/, 2003.

    Google Scholar 

  154. D. Moore, G. M. Voeker and S. Savage, Inferring Internet Denial-of-Service Activity, USENIX Security Symposium, pp. 9–22, August 2001.

    Google Scholar 

  155. A. Mounji, Languages and Tools for Rule-Based Distributed Intrusion Detection, Facult es Universitaires Notre-Dame de la Paix, Namur, Belgium Doctor of Science Thesis, September 1997.

    Google Scholar 

  156. S. Mukkamala, G. Janoski and A. Sung, Intrusion Detection Using Neural Networks and Support Vector Machines, In Proceedings of the IEEE International Joint Conference on Neural Networks, Honolulu, HI, May 2002.

    Google Scholar 

  157. S. Mukkamala, A. Sung and A. Abraham, Intrusion Detection Systems Using Adaptive Regression Splines, In Proceedings of the 1st Indian International Conference on Artificial Intelligence (IICAI-03), Hyderabad, India, December 2003.

    Google Scholar 

  158. S. Mukkamala, A. Sung and A. Abraham, A Linear Genetic Programming Approach for Modeling Intrusion, In Proceedings of the IEEE Congress on Evolutionary Computation (CEC2003), Perth, Australia, December, 2003.

    Google Scholar 

  159. NAGIOS Network Monitoring Tool, www.nagios.org, February 2004.

    Google Scholar 

  160. Nessus Network Security Scanner, http://www.nessus.org/, 2004.

    Google Scholar 

  161. Netflow Tools, www.netflow.com

    Google Scholar 

  162. NetForensics®, Security Information Management, http://www.netforensics.com/

    Google Scholar 

  163. Network Associates, Inc., Cybercop server, http://www.nai.com/products/security/cybercopsvr/index.asp, 1998.

    Google Scholar 

  164. P. Neumann and P. Porras, Experience with Emerald to Date, In Proceedings of the First Usenix Workshop on Intrusion Detection and Network Monitoring, Santa Clara, CA, 1999.

    Google Scholar 

  165. P.G. Neumann, Computer Related Risks, The ACM Press, a division of the Association for Computing Machinery, Inc. (ACM), 1995.

    Google Scholar 

  166. P.G. Neumann and D.B. Parker, A Summary of Computer Misuse Techniques, In Proceedings of the 12th National Computer Security Conference, 396–407, 1989.

    Google Scholar 

  167. NFR Network Intrusion Detection, http://www.nfr.com/products/NID/, 2001.

    Google Scholar 

  168. P. Ning, Y. Cui and D. Reeves, Constructing Attack Scenarios through Correlation of Intrusion Alerts, In Proceedings of the 9th ACM Conference on Computer & Communications Security, Washington D.C., 245–254, November 2002.

    Google Scholar 

  169. S. Nomad, Distributed Denial of Service Defense Tactics, http://razor.bindview.com/publish/papers/strategies.html, 2/14/2000.

    Google Scholar 

  170. S. Northcutt, SHADOW, http://www.nswc.navy.mil/ISSEC/CID/, 1998.

    Google Scholar 

  171. K. P. Park and H. Lee, On the Effectiveness of Router-Based Packet Filtering for Distributed Dos Attack Prevention in Power-Law Internets, In Proceedings of the ACM SIGCOMM Conference, San Diego, CA, August 2001.

    Google Scholar 

  172. D.B. Parker, Computer Abuse Perpetrators and Vulnerabilities of Computer Systems, Stanford Research Institute, Menlo Park, CA 94025 Technical Report, December 1975.

    Google Scholar 

  173. D.B. Parker, COMPUTER CRIME Criminal Justice Resource Manual, U.S. Department of Justice National Institute of Justice Office of Justice Programs, Prepared by SRI International under contract to Abt Associates for National Institute of Justice, U.S. Department of Justice, contract #OJP-86-C-002., 1989.

    Google Scholar 

  174. V. Paxson, Bro: A System for Detecting Network Intruders in Real-Time, In Proceedings of the 7th USENIX Security Symposium, San Antonio, TX, January 1998.

    Google Scholar 

  175. Pcap, libpcap, winpcap, libdnet, and libnet Applications and Resources, http://www.stearns.org/doc/pcap-apps.html, 2004.

    Google Scholar 

  176. T. Peng, C. Leckie and K. Ramamohanarao, Defending Against Distributed Denial of Service Attack Using Selective Pushback, In Proceedings of the Ninth IEEE International Conference on Telecommunications (ICT 2002), Beijing, China, June 2002.

    Google Scholar 

  177. P. Porras, D. Schanckernberg, S. Staniford-Chen, M. Stillman and F. Wu, Common Intrusion Detection Framework Architecture, http://www.gidos.org/drafts/ architecture.txt, 2001.

    Google Scholar 

  178. P.A. Porras and R.A. Kemmerer, Penetration State Transition Analysis: A Rule-Based Intrusion Detection Approach, In Proceedings of the Eighth Annual Computer Security Applications Conference, San Antonio, TX, December, 1992.

    Google Scholar 

  179. P.A. Porras and P.G. Neumann, EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances, In Proceedings of the 20th National Information Systems Security Conference, Baltimore, MD., 353–365, October, 1997.

    Google Scholar 

  180. P.A. Porras and A. Valdes, Live Traffic Analysis of TCP/IP Gateways, In Proceedings of the ISOC Symposium on Network and Distributed System Security (NDSS’98), San Diego, CA, March 1998.

    Google Scholar 

  181. D. Powell and R. Stroud, Conceptual Model and Architecture, Deliverable D2, Project MAFTIA IST-1999-11583, IBM Zurich Research Laboratory Research Report RZ 3377, Nov. 2001.

    Google Scholar 

  182. Proventia™, Security’s Silver Bullet? An Internet Security Systems White Paper, available at:, http://documents.iss.net/whitepapers/ProventiaVision.pdf, 2003.

    Google Scholar 

  183. F. Provost and T. Fawcett, Robust Classification for Imprecise Environments, Machine Learning, vol. 42,3, pp. 203–231, 2001.

    CrossRef  MATH  Google Scholar 

  184. T.H. Ptacek and T.N. Newsham, Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection, Secure Networks, Inc Technical Report, January 1998.

    Google Scholar 

  185. Michael Puldy, Lessons Learned in the Implementation of a Multi-Location Network Based Real Time Intrusion Detection System, In Proceedings of the Workshop on Recent Advances in Intrusion Detection (RAID 98), Louvain-la-Neuve, Belgium, September 1998.

    Google Scholar 

  186. X. Qin and W. Lee, Statistical Causality Analysis of INFOSEC Alert Data, In Proceedings of the 6th International Symposium on Recent Advances in Intrusion Detection (RAID 2003), Pittsburgh, PA, September 2003.

    Google Scholar 

  187. S. Ramaswamy, R. Rastogi and K. Shim, Efficient Algorithms for Mining Outliers from Large Data Sets, In Proceedings of the ACM SIGMOD Conference, Dallas, TX, May 2000.

    Google Scholar 

  188. M.J. Ranum, K. Landfield, M. Stolarchuk, M. Sienkiewicz, A. Lambeth and Wall E., Implementing a Generalized Tool for Network Monitoring, In Proceedings of the Eleventh Systems Administration Conference (LISA’97), San Diego, CA, October 1997.

    Google Scholar 

  189. T. Richardson, The Development of a Database Taxonomy of Vulnerabilities to Support the Study of Denial of Service Attacks., Iowa State University PhD Thesis, 2001.

    Google Scholar 

  190. T. Richardson, J. Davis, D. Jacobson, J. Dickerson and L. Elkin, Developing a Database of Vulnerabilities to Support the Study of Denial of Service Attacks, IEEE Symposium on Security and Privacy, May 1999.

    Google Scholar 

  191. S. Robertson, E. Siegel, M. Miller and S. Stolfo, Surveillance Detection in High Bandwidth Environments, In Proceedings of the 3rd DARPA Information Survivability Conference and Exposition (DISCEX 2003), Washington DC, April 2003.

    Google Scholar 

  192. P. Rolin, L. Toutain and S. Gombault, Network Security Probe, In Proceedings of the 2nd ACM Conference on Computer and Communication Security (ACM CCS’94), Fairfax, VA, 229–240, November 1994.

    Google Scholar 

  193. J. Ryan, M-J. Lin and R. Miikkulainen, Intrusion Detection with Neural Networks, In Proceedings of the AAA1 Workshop on AI Approaches to Fraud Detection and Risk Management, Providence, RI, 72–77, July 1997.

    Google Scholar 

  194. D. Safford, D. Schales and D. Hess, The Tamu Security Package: An Ongoing Response to Internet Intruders in an Academic Environment, In Proceedings of the Fourth USENIX Security Symposium, Santa Clara, CA, 91–118, October 1993.

    Google Scholar 

  195. S. Savage, D. Wetherall, A. Karlin and T. Anderson, Practical Network Support for IP Traceback, In Proceedings of the ACM SIGCOMM Conference, Stockholm, Sweden, 295–306, August 2000.

    Google Scholar 

  196. M. Schultz, E. Eskin, E. Zadok and S. Stolfo, Data Mining Methods for Detection of New Malicious Executables, In Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, 38–49, May 2001.

    Google Scholar 

  197. Secure Networks, Inc., Ballista Security Auditing System, http:// www.securenetworks.com/ballista/ballista.html, 1997.

    Google Scholar 

  198. SecurityTechNet.com Intrusion Detection Links, http://cnscenter.future.co.kr/security/ids.html, 2004.

    Google Scholar 

  199. R. Sekar, A. Gupta, J. Frullo, T. Shanbhag, A. Tiwari, H. Yang and S. Zhou, Specification Based Anomaly Detection: A New Approach for Detecting Network Intrusions, In Proceedings of the ACM Conference on Computer and Communications Security (CCS), Washington, D.C., November 2002.

    Google Scholar 

  200. A. Seleznyov and S. Puuronen, HIDSUR: A Hybrid Intrusion Detection System Based on Real-Time User Recognition, In Proceedings of the 11th International Workshop on Database and Expert Systems Applications (DEXA’00), Greenwich, London, UK, September, 2000.

    Google Scholar 

  201. K. Sequeira and M. Zaki, ADMIT: Anomaly-base Data Mining for Intrusions, In Proceedings of the 8th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, Edmonton, Canada, July 2002.

    Google Scholar 

  202. C. Sinclair, L. Pierce and S. Matzner, An Application of Machine Learning to Network Intrusion Detection, In Proceedings of the 15th Annual Computer Security Applications Conference, Phoenix, AZ, 371–377, December 1999.

    Google Scholar 

  203. S. Singh and Kandula S., Argus: A Distributed Network Intrusion Detection System, Indian Institute of Technology Kanpur, Department of Computer Science & Engineering, available at: http://www.cse.iitk.ac.in/research/btp2001/Argus.html Technical Report, 2001.

    Google Scholar 

  204. S. Smaha, Haystack: An Intrusion Detection System, In Proceedings of the Fourth Aerospace Computer Security Applications Conference, 37–44, October 1988.

    Google Scholar 

  205. S.R. Snapp, J. Brentano, G.V. Dias, T.L. Goan, T. Heberlein, C. Ho, K.N. Levitt, B. Mukherjee, S.E. Smaha, T. Grance, D.M. Teal and D. Mansur, DIDS (Distributed Intrusion Detection System) Motivation, Architecture, and an Early Prototype, In Proceedings of the Nth National Computer Security Conference, Washington, DC, 167–176, October 1991.

    Google Scholar 

  206. A.C. Snoeren, C. Partridge, L.A. Sanchez, C.E Jones, F. Tchakountio, S.T. Kent and W.T. Strayer, Hash-Based IP Traceback, In Proceedings of the ACM SIGCOMM Conference, San Diego, CA, 3–14, August 2001.

    Google Scholar 

  207. SNORT Intrusion Detection System, www.snort.org, 2004.

    Google Scholar 

  208. Snort-Wireless Intrusion Detection, http://snort-wireless.org, 2003.

    Google Scholar 

  209. A. Somayaji, S. Hofmeyr and S. Forrest, Principles of a computer immune system, In Proceedings of the New Security Paradigms Workshop, Langdale, Cumbria UK, 1997.

    Google Scholar 

  210. Sourcefire, Sourcefire Real-time Network Awareness™ (RNA), http:// www.sourcefire.com/products/rna.html, 2004.

    Google Scholar 

  211. E. Spafford and D. Zamboni, Intrusion Detection Using Autonomous Agents, Computer Networks, vol. 34, pp. 547–570, 2000.

    CrossRef  Google Scholar 

  212. P. Spirakis, S. Katsikas, D. Gritzalis, F. Allegre, J. Darzentas, C. Gigante, D. Karagiannis, P. Kess, H. Putkonen and T. Spyrou, SECURENET: A Network-Oriented Intelligent Intrusion Prevention And Detection System., Network Security Journal, vol. 1,1, November 1994.

    Google Scholar 

  213. T. Spyrou and J. Darzentas, Intention Modelling: Approximating Computer User Intentions for Detection and Prediction of Intrusions, In Proceedings of the Information Systems Security, Samos, Greece, 319–335, May 1996.

    Google Scholar 

  214. S. Staniford, J. Hoagland and J. McAlerney, Practical Automated Detection of Stealthy Portscans, Journal of Computer Security, vol. 10,1–2, pp. 105–136, 2002.

    Google Scholar 

  215. S. Staniford, V. Paxson and N. Weaver, How to Own the Internet in Your Spare Time, In Proceedings of the USENIX Security Symposium, San Francisco, CA, 149–167, August 2002.

    Google Scholar 

  216. S. Staniford-Chen, C.R. Crawford, M. Dilger, J. Frank, J. Hoagland, K. Levitt, C. Wee, R. Yip and D. Zerkle, GrIDS-A Graph Based Intrusion Detection System for Large Networks, In Proceedings of the 19th National Information Systems Security Conference, Baltimore, MD.

    Google Scholar 

  217. S. Staniford-Chen, B. Tung, P. Porras, C. Kahn, D. Schnackenberg, R. Feiertag and M. Stillman, The Common Intrusion Detection Framework-Data Formats, Internet Draft Draft-ietf-cidf-data-formats-00.txt, March 1998.

    Google Scholar 

  218. R. Stone, Centertrack: An IP Overlay Network for Tracking DoS Floods, In Proceedings of the USENIX Security Symposium, Denver, CO, 199–212, July 2000.

    Google Scholar 

  219. SunSHIELD Basic Security Module Guide, http://docs.sun.com/db/doc/802-1965?q=BSM, 1995.

    Google Scholar 

  220. Symantec Intruder Alert, http://enterprisesecurity.symantec.com/products/ products.cfm?ProductID=171&EID=0, May 2004.

    Google Scholar 

  221. Symantec Security Response, W32.ExploreZip.L.Worm, http://securityresponse.symantec.com/avcenter/venc/data/w32. explorezip.l.worm.html, January 2003.

    Google Scholar 

  222. System Detection, Anomaly Detection: The Antura Difference, http:// www.sysd.com/library/anomaly.pdf, 2003.

    Google Scholar 

  223. Talisker’s Network Security Resource, http://www.networkintrusion.co.uk/ids.htm

    Google Scholar 

  224. TCPDUMP public repository, www.tcpdump.org

    Google Scholar 

  225. S. Templeton and K. Levit, A Requires/Provides Model for Computer Attacks, In Proceedings of the Workshop on New Security Paradigms, Ballycotton, Ireland, 2000.

    Google Scholar 

  226. B. Tod, Distributed Denial of Service Attacks, OVEN Digital, http://www.linuxsecurity.com/resource_files/intrusion_detection/ddos-faq.html, 2000.

    Google Scholar 

  227. A. Valdes, Detecting Novel Scans Through Pattern Anomaly Detection, In Proceedings of the Third DARPA Information Survivability Conference and Exposition (DISCEX-III 2003), Washington, D.C., April 2003.

    Google Scholar 

  228. A. Valdes and K. Skinner, Adaptive, Model-based Monitoring for Cyber Attack Detection, In Proceedings of the Recent Advances in Intrusion Detection (RAID 2000), Toulouse, France, 80–92, October 2000.

    Google Scholar 

  229. A. Valdes and K. Skinner, Probabilistic Alert Correlation, In Proceedings of the Recent Advances in Intrusion Detection (RAID 2001), Davis, CA, October 2001.

    Google Scholar 

  230. J. Van Ryan, SAIC’s Center for Information Security, Technology Releases CMDS Version 3.5, http://www.saic.com/news/may98/news05-15-98.html, 1998.

    Google Scholar 

  231. Vicomsoft White Paper, Firewall White Paper-What Different Types of Firewalls are There?, available at:, http://www.firewall-software.com/firewall_faqs/ types_of_firewall.html, 2003.

    Google Scholar 

  232. G. Vigna and R.A. Kemmerer, Netstat: A Network-Based Intrusion Detection Approach, Journal of Computer Security, vol. 7,1, pp. 37–71, 1999.

    Google Scholar 

  233. D. Vincenzetti and M. Cotrozzi, ATP-Anti Tampering Program, In Proceedings of the Fourth USENIX Security Symposium, Santa Clara, CA, 79–89, October 1993.

    Google Scholar 

  234. D. Wagner and D. Dean, Intrusion Detection via Static Analysis, In Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, May 2001.

    Google Scholar 

  235. H. Wang, D. Zhang and K. Shin, Detecting SYN Flooding Attacks, In Proceedings of the IEEE Infocom, New York, NY, 000-001, June 2002.

    Google Scholar 

  236. N. Weaver, V. Paxson, S. Staniford and R. Cunningham, A Taxonomy of Computer Worms, In Proceedings of the The Workshop on Rapid Malcode (WORM 2003), held in conjunction with the 10th ACM Conference on Computer and Communications Security, Washington, DC, October 27, 2003.

    Google Scholar 

  237. A. Wespi, M. Dacier and H. Debar, Intrusion Detection Using Variable-Length Audit Trail Patterns, In Proceedings of the Recent Advances in Intrusion Detection (RAID-2000), Toulouse, FR, 110–129, October 2000.

    Google Scholar 

  238. WheelGroup Corporation, Cisco Secure Intrusion Detection System, http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/index.htm, 2004.

    Google Scholar 

  239. WIDZ Wireless Intrusion Detection System, www.loud-fat-bloke.co.uk/articles/widz_design.pdf.

    Google Scholar 

  240. D. Winer, Clay Shirky on P2P, davenet.scripting.com/2000/ll/15/clayShirkyOnP2p, November 2000.

    Google Scholar 

  241. J.R. Winkler, A Unix Prototype for Intrusion and Anomaly Detection in Secure Networks, In Proceedings of the 13th National Computer Security Conference, Baltimore, MD, October 1990.

    Google Scholar 

  242. J.R. Winkler and L.C. Landry, Intrusion and Anomaly Detection, ISOA Update, In Proceedings of the 15th National Computer Security Conference, Baltimore, MD, October 1992.

    Google Scholar 

  243. K. Yamanishi and J. Takeuchi, Discovering Outlier Filtering Rules from Unlabeled Data, In Proceedings of the Seventh ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, San Francisco, CA, August 2001.

    Google Scholar 

  244. K. Yamanishi, J. Takeuchi, G. Williams and P. Milne, On-line Unsupervised Outlier Detection Using Finite Mixtures with Discounting Learning Algorithms, In Proceedings of the Sixth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, Boston, MA, 320–324, August 2000.

    Google Scholar 

  245. N. Ye and Q. Chen, An Anomaly Detection Technique Based on a Chi-Square Statistic for Detecting Intrusions Into Information Systems, Quality and Reliability Engineering International, vol. 17,2, pp. 105–112, 2001.

    CrossRef  MathSciNet  Google Scholar 

  246. N. Ye and X. Li, A Scalable Clustering Technique for Intrusion Signature Recognition, In Proceedings of the 2001 IEEE Workshop on Information Assurance and Security, United States Military Academy, West Point, NY, June, 2001.

    Google Scholar 

  247. Z. Zhang, J. Li, C.N. Manikopoulos, J. Jorgenson and J. Ucles, HIDE: A Hierarchical Network Intrusion Detection System Using Statistical Preprocessing and Neural Network Classification, In Proceedings of the IEEE Workshop on Information Assurance and Security, United States Military Academy, West Point, NY, June 2001.

    Google Scholar 

  248. E. Zwicky, S. Cooper, D. Chapman and D. Ru, Building Internet Firewalls, 2nd Edition ed, O’Reilly and Associates, 2000.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Science Department, University of Minnesota, USA

    Aleksandar Lazarevic, Vipin Kumar & Jaideep Srivastava

Authors
  1. Aleksandar Lazarevic
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Vipin Kumar
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jaideep Srivastava
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. University of Minnesota, USA

    Vipin Kumar, Jaideep Srivastava & Aleksandar Lazarevic,  & 

Rights and permissions

Reprints and Permissions

Copyright information

© 2005 Springer Science+Business Media, Inc.

About this chapter

Cite this chapter

Lazarevic, A., Kumar, V., Srivastava, J. (2005). Intrusion Detection: A Survey. In: Kumar, V., Srivastava, J., Lazarevic, A. (eds) Managing Cyber Threats. Massive Computing, vol 5. Springer, Boston, MA. https://doi.org/10.1007/0-387-24230-9_2

Download citation

  • DOI: https://doi.org/10.1007/0-387-24230-9_2

  • Publisher Name: Springer, Boston, MA

  • Print ISBN: 978-0-387-24226-2

  • Online ISBN: 978-0-387-24230-9

  • eBook Packages: Computer ScienceComputer Science (R0)

search

Navigation