On the use of context in network intrusion detection systems
作者: Ion Stoica , Jayanthkumar Kannan
DOI:
关键词:
摘要: This thesis examines frameworks and mechanisms for building network intrusion detection systems. These systems perform a variety of complex analysis in order to enforce security policies, such enforcement requires contextual information from several sources. In this thesis, we examine three sources context. First, propose semi-automatic that can be used understand how application traffic manifests the network; are necessary incorporate semantics into policy enforcement. Second, analyze effectiveness exchange amongst multiple sites containing fast spreading worm. Third, framework helps system gain access encryped is typically decipherable only by end-host, while at same time, respecting confidentiality constraints on sensitive content embedded traffic.
berkeley.edu参考文章(64)
Jon Crowcroft, Antony Rowstron, Miguel Castro, Manuel Costa, Can we contain Internet worms Association for Computing Machinery, Inc.. pp. 7- ,(2004)
Brad Karp, Hyang-Ah Kim, Autograph: toward automated, distributed worm signature detection usenix security symposium. pp. 19- 19 ,(2004)
Vern Paxson, Yin Zhang, Detecting stepping stones usenix security symposium. pp. 13- 13 ,(2000)
Peter B. Danzig, Danny J. Mitzel, Deborah Estrin, Ramón Cáceres, Sugih Jamin, An Empirical Workload Model for Driving Wide-Area TCP/IP Network Simulations ,(2001)
Vern Paxson, Weidong Cui, Nicholas Weaver, Randy H. Katz, Protocol-Independent Adaptive Replay of Application Dialog. network and distributed system security symposium. ,(2006)
N. Weaver, D. Ellis, S. Staniford, V. Paxson, Worms vs. perimeters: the case for hard-LANs high performance interconnects. pp. 70- 76 ,(2004) , 10.1109/CONECT.2004.1375206
Xinyuan Wang, Douglas S. Reeves, S. Felix Wu, Inter-Packet Delay Based Correlation for Tracing Encrypted Connections through Stepping Stones european symposium on research in computer security. pp. 244- 263 ,(2002) , 10.1007/3-540-45853-0_15
K.G. Anagnostakis, M.B. Greenwald, S. Ioannidis, A.D. Keromytis, Dekai Li, A cooperative immunization system for an untrusting Internet international conference on networks. pp. 403- 408 ,(2003) , 10.1109/ICON.2003.1266224
K. G. Anagnostakis, K. Xinidis, A. D. Keromytis, E. Markatos, S. Sidiroglou, P. Akritidis, Detecting targeted attacks using shadow honeypots usenix security symposium. pp. 9- 9 ,(2005) , 10.7916/D8WM1PS8
Niels Provos, A virtual honeypot framework usenix security symposium. pp. 1- 1 ,(2004)