Abstract
In recent years, researchers have focused on the ability of intrusion detection systems to resist evasion: techniques attackers use to bypass intrusion detectors and avoid detection. Researchers have developed successful evasion techniques either for network-based (e.g., [14], [191]) or host-based (e.g., [18],[20]) detectors.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
K. G. Anagnostakis, S. Sidiroglon, P. Akritidis, K. Xinidis, E. Markatos, and A. D. Keromytis. Detecting targeted attacks using shadow honeypots. In USENZX Security Symposium, Baltimore, MD, August 2005.
S. Axelsson. The base-rate fallacy and the difficulty of intrusion detection. ACM Transactions on Information and System Security, 3(3):186–205,2000.
S. Axelsson. Visualisation for intrusion detection: Hooking the worm. In European Symposium on Research in Computer Security, Gjvik, Norway, Sep. 2003.
M. Christodorescu and S. Jha. Testing malware detectors. In Proceedings of the 2004 ACM SIGSOFTInternational Symposium on Sofnyare Testing andAnalysis (ISSTA 2004),pages 34–44, Boston, MA, USA, July 2004. ACM Press.
E Cuppens and A. Miege. Alert correlation in a cooperative intrusion detection framework. In IEEE Symposium on Security and Privacy, Oakland, CA, May 2002.
M. Dacier, editor. Design of an Intrusion-Tolerant Intrusion Detection System. IBM Zurich Research Laboratory, Aug. 2002. Deliverable D10, Project MAFTIA IST-1999-11583, Available at www.maftia.org.
R. Deraison. Nessus, a network security scanner. Available at www.nessus.org.
G. Giacinto, E Roli, and L. Didaci. A modular multiple classifier system for the detection of intrusions in computer networks. In Multiple Classifier Systems, 4th International Workshop, MCS, Guilford, UK, June 2003.
K. Julisch. Clustering intrusion detection alarms to support root cause analysis. ACM Transactions on Information and System Security, 6(4):443–471,2003.
C. Kruegel, D. Mutz, W. Robertson, G. Vigna, and R. Kemmerer. Reverse engineering of network signatures. In Proceedings of the AusCERTAsia Pacific information Technology Security Conference, Gold Coast, Australia, May 2005.
C. Kruegel and W. Robertson. Alert verification-determining the success of intrusion attempts. In In Proceedings of the Workshop on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA), Germany, July 2004.
R. Lippmann, J. W. Haines, D. J. Fried, J. Korba, and K. Das. Analysis and results of the 1999 DARPA off-line intrusion detection evaluation. In International Symposium on Recent Advances in Intrusion Detection, Toulouse, France, Oct. 2000.
MITRE Corporation. CVE: Common Vulnerabilities and Exposures. Available at www.cve.rnitre.org.
S. Rubin, S. Jha, and B. P. Miller. Automatic generation and analysis of NIDS attacks. In Annual Computer Security Applications Conference, Tucson, AZ, Dec. 2004.
S. Rubin, S. Jha, and B. P. Miller. Language-based generation and evaluation of NIDS signatures. In ZEEE Symposium on Security and Privacy, Oakland, CA, May 2005.
SecurityFocus. Focus on IDS. Mailing list. Available at http://www.securityfocus.corn/archive.
R. Sornrner and V. Paxson. Enhancing byte-level network intrusion detection signatures with context. In ACM Conference on Computer and Communications Security, Washington, DC, Oct. 2003.
K. M. C. Tan, K. S. Killourhy, and R. A. Maxion. Undermining an anomaly-based intrusion detection system using common exploits. In International Symposium on Recent Advances in Intrusion Detection, Zurich, Switzerland, Oct. 2002.
G. Vigna, W. Robertson, and D. Balzarotti. Testing network-based intrusion detection signatures using mutant exploits. In ACM Conference on Computer and Communications Security, Washington, DC, Oct. 2004.
D. Wagner and P. Soto. Mimicry attacks on host-based intrusion detection systems. In ACM Conference on Computer and Communications Security, Washington, DC, Nov. 2002.
Z. Zhang, J. Li, C. Manikopoulos, J. Jorgenson, and J. Ucles. HIDE: a hierarchical network intrusion detection system using statistical preprocessing and neural network classification. In Workshop on Information Assurance and Security, West Point, NY,, June 2001.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2007 Springer Science+Business Media, LLC.
About this paper
Cite this paper
Christodorescu, M., Rubin, S. (2007). Can Cooperative Intrusion Detectors Challenge the Base-Rate Fallacy?. In: Christodorescu, M., Jha, S., Maughan, D., Song, D., Wang, C. (eds) Malware Detection. Advances in Information Security, vol 27. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-44599-1_9
Download citation
DOI: https://doi.org/10.1007/978-0-387-44599-1_9
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-32720-4
Online ISBN: 978-0-387-44599-1
eBook Packages: Computer ScienceComputer Science (R0)