Analysis and Results of the 1999 DARPA Off-Line Intrusion Detection Evaluation
作者: Richard Lippmann , Joshua W. Haines , David J. Fried , Jonathan Korba , Kumar Das
关键词:
摘要: Eight sites participated in the second DARPA off-line intrusion detection evaluation 1999. Three weeks of training and two test data were generated on a bed that emulates small government site. More than 200 instances 58 attack types launched against victim UNIX Windows NT hosts. False alarm rates low (less 10 per day). Best was provided by network-based systems for old probe denial-of-service (DoS) attacks host-based Solaris user-to-root (U2R) attacks. overall performance would have been combined system used both host- detection. Detection accuracy poor previously unseen new, stealthy, Ten completely missed all systems. Systems because protocols TCP services not analyzed at or to depth required, signatures did generalize new attacks, auditing available
springer.com
core.ac.uk
fit.edu 
acm.org 
sci-hub.se 参考文章(18)
Aaron Schwartzbard, Anup K. Ghosh, A Study in the Feasibility of Performing Host-Based Anomaly Detection on Windows NT. recent advances in intrusion detection. ,(1999)
Kathleen A. Jackson, INTRUSION DETECTION SYSTEM (IDS) PRODUCT SURVEY ,(1999)
Aaron Schwartzbard, Anup K. Ghosh, A study in using neural networks for anomaly and misuse detection usenix security symposium. pp. 12- 12 ,(1999)
Robert K. Cunningham, Richard P. Lippmann, Guide to Creating Stealthy Attacks for the 1999 DARPA Off-Line Intrusion Detection Evaluation* ,(2000)
Edward G. Amoroso, Intrusion detection : an introduction to Internet surveillance, correlation, traps, trace back, and response ,(1999)
Timothy N. Newsham, Thomas H. Ptacek, Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection ,(1998)
Peter G. Neumann, Phillip A. Porras, Experience with EMERALD to Date ID'99 Proceedings of the 1st conference on Workshop on Intrusion Detection and Network Monitoring - Volume 1. pp. 73- 80 ,(1999)
R. Sekar, P. Uppuluri, Synthesizing fast intrusion prevention/detection systems from high-level specifications usenix security symposium. pp. 6- 6 ,(1999)
G. Vigna, S.T. Eckmann, R.A. Kemmerer, The STAT tool suite darpa information survivability conference and exposition. ,vol. 2, pp. 46- 55 ,(2000) , 10.1109/DISCEX.2000.821508
R.P. Lippmann, D.J. Fried, I. Graf, J.W. Haines, K.R. Kendall, D. McClung, D. Weber, S.E. Webster, D. Wyschogrod, R.K. Cunningham, M.A. Zissman, Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation darpa information survivability conference and exposition. ,vol. 2, pp. 12- 26 ,(2000) , 10.1109/DISCEX.2000.821506