Service specific anomaly detection for network intrusion detection
作者: Christopher Krügel , Thomas Toth , Engin Kirda
关键词:
摘要: The constant increase of attacks against networks and their resources (as recently shown by the CodeRed worm) causes a necessity to protect these valuable assets. Firewalls are now common installation repel intrusion attempts in first place. Intrusion detection systems (IDS), which try detect malicious activities instead preventing them, offer additional protection when defense perimeter has been penetrated. ID attempt pin down comparing collected data predefined signatures known be (signature based) or model legal behavior (anomaly based).Anomaly based have advantage being able previously unknown but they suffer from difficulty build solid acceptable high number alarms caused unusual authorized activities. We present an approach that utilizes application specific knowledge network services should protected. This information helps extend current, simple traffic models form allows content hidden single packets. describe features our proposed experimental underlines efficiency systems.
acm.org
core.ac.uk
sci-hub.se 参考文章(13)
Alfonso Valdes, Phillip A. Porras, Live Traffic Analysis of TCP/IP Gateways. network and distributed system security symposium. ,(1998)
Aaron Schwartzbard, Anup K. Ghosh, A study in using neural networks for anomaly and misuse detection usenix security symposium. pp. 12- 12 ,(1999)
Giovanni Vigna, Richard A. Kemmerer, NetSTAT: a network-based intrusion detection system Journal of Computer Security. ,vol. 7, pp. 37- 71 ,(1999) , 10.3233/JCS-1999-7103
Peter G. Neumann, Phillip A. Porras, Experience with EMERALD to Date ID'99 Proceedings of the 1st conference on Workshop on Intrusion Detection and Network Monitoring - Volume 1. pp. 73- 80 ,(1999)
Stuart Staniford, James A. Hoagland, Joseph M. McAlerney, Practical automated detection of stealthy portscans Journal of Computer Security. ,vol. 10, pp. 105- 136 ,(2002) , 10.3233/JCS-2002-101-205
Martin Roesch, Snort - Lightweight Intrusion Detection for Networks usenix large installation systems administration conference. pp. 229- 238 ,(1999)
Wenke Lee, S.J. Stolfo, K.W. Mok, A data mining framework for building intrusion detection models ieee symposium on security and privacy. pp. 120- 132 ,(1999) , 10.1109/SECPRI.1999.766909
Dorothy E. Denning, An Intrusion-Detection Model ieee symposium on security and privacy. pp. 118- 118 ,(1986) , 10.1109/SP.1986.10010
J.B.D. Caberera, B. Ravichandran, R.K. Mehra, Statistical traffic modeling for network intrusion detection modeling analysis and simulation on computer and telecommunication systems. pp. 466- 473 ,(2000) , 10.1109/MASCOT.2000.876573
Marina Bykova, Shawn Ostermann, Brett Tjaden, Detecting network intrusions via a statistical analysis of network packet characteristics southeastern symposium on system theory. pp. 309- 314 ,(2001) , 10.1109/SSST.2001.918537