Network Intrusion Detection: An Analyst's Handbook
Network Intrusion Detection: An Analyst's Handbook
Case-Based Reasoning for Intrusion Detection
ACSAC '96 Proceedings of the 12th Annual Computer Security Applications Conference
USTAT: A Real-Time Intrusion Detection System for UNIX
SP '93 Proceedings of the 1993 IEEE Symposium on Security and Privacy
A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
The statl attack detection language
The statl attack detection language
Practical Unix & Internet Security, 3rd Edition
Practical Unix & Internet Security, 3rd Edition
Intrusion detection using sequences of system calls
Journal of Computer Security
Hi-index | 0.00 |
Many intrusion behaviors can be characterized as the execution of a sequence of crucial commands that results in an unauthorized access. Lots of attack sequences can be derived by either exchanging properly orders of crucial commands or replacing crucial commands with the functionally similar commands, which have the same performance. Therefore, it is very difficult to detect such attacks. In this paper, we propose a cooperative intrusion detection model based on state transition analysis, in which the topological order and isomorphic transformation are adopted. For a given sequence of crucial commands of an intrusion, all the possible derived sequences as an intrusion scenario can be generated by means of the model. We may also use the model to detect the attacks from different cooperating attackers and the attacks from one attacker in different login sessions. Furthermore, a derived intrusion can be seen as an unknown intrusion, in this sense that the technique presented in this paper can detect some unknown intrusions.