Skip to main content
SpringerLink
Log in

Can Cooperative Intrusion Detectors Challenge the Base-Rate Fallacy?

  • Conference paper
Malware Detection

Part of the book series: Advances in Information Security ((ADIS,volume 27))

Abstract

In recent years, researchers have focused on the ability of intrusion detection systems to resist evasion: techniques attackers use to bypass intrusion detectors and avoid detection. Researchers have developed successful evasion techniques either for network-based (e.g., [14], [191]) or host-based (e.g., [18],[20]) detectors.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 259.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 329.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 329.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. K. G. Anagnostakis, S. Sidiroglon, P. Akritidis, K. Xinidis, E. Markatos, and A. D. Keromytis. Detecting targeted attacks using shadow honeypots. In USENZX Security Symposium, Baltimore, MD, August 2005.

    Google Scholar 

  2. S. Axelsson. The base-rate fallacy and the difficulty of intrusion detection. ACM Transactions on Information and System Security, 3(3):186–205,2000.

    Article  MathSciNet  Google Scholar 

  3. S. Axelsson. Visualisation for intrusion detection: Hooking the worm. In European Symposium on Research in Computer Security, Gjvik, Norway, Sep. 2003.

    Google Scholar 

  4. M. Christodorescu and S. Jha. Testing malware detectors. In Proceedings of the 2004 ACM SIGSOFTInternational Symposium on Sofnyare Testing andAnalysis (ISSTA 2004),pages 34–44, Boston, MA, USA, July 2004. ACM Press.

    Google Scholar 

  5. E Cuppens and A. Miege. Alert correlation in a cooperative intrusion detection framework. In IEEE Symposium on Security and Privacy, Oakland, CA, May 2002.

    Google Scholar 

  6. M. Dacier, editor. Design of an Intrusion-Tolerant Intrusion Detection System. IBM Zurich Research Laboratory, Aug. 2002. Deliverable D10, Project MAFTIA IST-1999-11583, Available at www.maftia.org.

    Google Scholar 

  7. R. Deraison. Nessus, a network security scanner. Available at www.nessus.org.

    Google Scholar 

  8. G. Giacinto, E Roli, and L. Didaci. A modular multiple classifier system for the detection of intrusions in computer networks. In Multiple Classifier Systems, 4th International Workshop, MCS, Guilford, UK, June 2003.

    Google Scholar 

  9. K. Julisch. Clustering intrusion detection alarms to support root cause analysis. ACM Transactions on Information and System Security, 6(4):443–471,2003.

    Article  Google Scholar 

  10. C. Kruegel, D. Mutz, W. Robertson, G. Vigna, and R. Kemmerer. Reverse engineering of network signatures. In Proceedings of the AusCERTAsia Pacific information Technology Security Conference, Gold Coast, Australia, May 2005.

    Google Scholar 

  11. C. Kruegel and W. Robertson. Alert verification-determining the success of intrusion attempts. In In Proceedings of the Workshop on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA), Germany, July 2004.

    Google Scholar 

  12. R. Lippmann, J. W. Haines, D. J. Fried, J. Korba, and K. Das. Analysis and results of the 1999 DARPA off-line intrusion detection evaluation. In International Symposium on Recent Advances in Intrusion Detection, Toulouse, France, Oct. 2000.

    Google Scholar 

  13. MITRE Corporation. CVE: Common Vulnerabilities and Exposures. Available at www.cve.rnitre.org.

    Google Scholar 

  14. S. Rubin, S. Jha, and B. P. Miller. Automatic generation and analysis of NIDS attacks. In Annual Computer Security Applications Conference, Tucson, AZ, Dec. 2004.

    Google Scholar 

  15. S. Rubin, S. Jha, and B. P. Miller. Language-based generation and evaluation of NIDS signatures. In ZEEE Symposium on Security and Privacy, Oakland, CA, May 2005.

    Google Scholar 

  16. SecurityFocus. Focus on IDS. Mailing list. Available at http://www.securityfocus.corn/archive.

    Google Scholar 

  17. R. Sornrner and V. Paxson. Enhancing byte-level network intrusion detection signatures with context. In ACM Conference on Computer and Communications Security, Washington, DC, Oct. 2003.

    Google Scholar 

  18. K. M. C. Tan, K. S. Killourhy, and R. A. Maxion. Undermining an anomaly-based intrusion detection system using common exploits. In International Symposium on Recent Advances in Intrusion Detection, Zurich, Switzerland, Oct. 2002.

    Google Scholar 

  19. G. Vigna, W. Robertson, and D. Balzarotti. Testing network-based intrusion detection signatures using mutant exploits. In ACM Conference on Computer and Communications Security, Washington, DC, Oct. 2004.

    Google Scholar 

  20. D. Wagner and P. Soto. Mimicry attacks on host-based intrusion detection systems. In ACM Conference on Computer and Communications Security, Washington, DC, Nov. 2002.

    Google Scholar 

  21. Z. Zhang, J. Li, C. Manikopoulos, J. Jorgenson, and J. Ucles. HIDE: a hierarchical network intrusion detection system using statistical preprocessing and neural network classification. In Workshop on Information Assurance and Security, West Point, NY,, June 2001.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Sciences, University of Wisconsin, Madison

    Mihai Christodorescu & Shai Rubin

Authors
  1. Mihai Christodorescu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shai Rubin
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Computer Sciences Department, University of Wisconsin, 1210 W Dayton St, Madison, WI, 53706-1685

    Mihai Christodorescu  & Somesh Jha  & 

  2. Dept. of Homeland Security, Washington D.C., 20528

    Douglas Maughan

  3. Carnegie Mellon University, CIC 2122, 4720 Forbes Ave, Pittsburgh, PA, 15213

    Dawn Song

  4. Computing and Information Science Div., U.S. Army Research Office, P.O. Box 12211, Research Triangle Park, NC, 27709-2211

    Cliff Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer Science+Business Media, LLC.

About this paper

Cite this paper

Christodorescu, M., Rubin, S. (2007). Can Cooperative Intrusion Detectors Challenge the Base-Rate Fallacy?. In: Christodorescu, M., Jha, S., Maughan, D., Song, D., Wang, C. (eds) Malware Detection. Advances in Information Security, vol 27. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-44599-1_9

Download citation

  • DOI: https://doi.org/10.1007/978-0-387-44599-1_9

  • Publisher Name: Springer, Boston, MA

  • Print ISBN: 978-0-387-32720-4

  • Online ISBN: 978-0-387-44599-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation