Classification and detection of computer intrusions
Classification and detection of computer intrusions
Towards a taxonomy of intrusion-detection systems
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on computer network security
Characterizing the behavior of a program using multiple-length N-grams
Proceedings of the 2000 workshop on New security paradigms
Anomaly Detection in Embedded Systems
IEEE Transactions on Computers - Special issue on fault-tolerant embedded systems
Learning Program Behavior Profiles for Intrusion Detection
Proceedings of the Workshop on Intrusion Detection and Network Monitoring
Detecting Anomalous and Unknown Intrusions Against Programs
ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
"Why 6?" Defining the Operational Limits of Stide, an Anomaly-Based Intrusion Detector
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
A Sense of Self for Unix Processes
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Intrusion Detection via Static Analysis
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Intrusion detection using sequences of system calls
Journal of Computer Security
Mimicry attacks on host-based intrusion detection systems
Proceedings of the 9th ACM conference on Computer and communications security
Hiding Intrusions: From the Abnormal to the Normal and Beyond
IH '02 Revised Papers from the 5th International Workshop on Information Hiding
The role of suspicion in model-based intrusion detection
NSPW '04 Proceedings of the 2004 workshop on New security paradigms
Using dynamic information flow analysis to detect attacks against applications
SESS '05 Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications
A multi-model approach to the detection of web-based attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
Anomalous system call detection
ACM Transactions on Information and System Security (TISSEC)
On evolving buffer overflow attacks using genetic programming
Proceedings of the 8th annual conference on Genetic and evolutionary computation
Automating mimicry attacks using static binary analysis
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Non-control-data attacks are realistic threats
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Hybrid Intrusion Detection with Weighted Signature Generation over Anomalous Internet Episodes
IEEE Transactions on Dependable and Secure Computing
An overview of anomaly detection techniques: Existing solutions and latest technological trends
Computer Networks: The International Journal of Computer and Telecommunications Networking
Challenging the anomaly detection paradigm: a provocative discussion
NSPW '06 Proceedings of the 2006 workshop on New security paradigms
A practical mimicry attack against powerful system-call monitors
Proceedings of the 2008 ACM symposium on Information, computer and communications security
Recurrent Neural Networks on Duty of Anomaly Detection in Databases
ISNN '07 Proceedings of the 4th international symposium on Neural Networks: Advances in Neural Networks, Part III
A Case-Based Approach to Anomaly Intrusion Detection
MLDM '07 Proceedings of the 5th international conference on Machine Learning and Data Mining in Pattern Recognition
Static Analysis on x86 Executables for Preventing Automatic Mimicry Attacks
DIMVA '07 Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
ICCBR '07 Proceedings of the 7th international conference on Case-Based Reasoning: Case-Based Reasoning Research and Development
Some Issues on Intrusion Detection in Web Applications
ICAISC '08 Proceedings of the 9th international conference on Artificial Intelligence and Soft Computing
Open problems in the security of learning
Proceedings of the 1st ACM workshop on Workshop on AISec
Testing Detector Parameterization Using Evolutionary Exploit Generation
EvoWorkshops '09 Proceedings of the EvoWorkshops 2009 on Applications of Evolutionary Computing: EvoCOMNET, EvoENVIRONMENT, EvoFIN, EvoGAMES, EvoHOT, EvoIASP, EvoINTERACTION, EvoMUSART, EvoNUM, EvoSTOC, EvoTRANSLOG
Evolving Buffer Overflow Attacks with Detector Feedback
Proceedings of the 2007 EvoWorkshops 2007 on EvoCoMnet, EvoFIN, EvoIASP,EvoINTERACTION, EvoMUSART, EvoSTOC and EvoTransLog: Applications of Evolutionary Computing
An adaptive approach to granular real-time anomaly detection
EURASIP Journal on Advances in Signal Processing - Special issue on signal processing applications in network intrusion detection systems
A multi-model approach to the detection of web-based attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
Detecting web application attacks with use of gene expression programming
CEC'09 Proceedings of the Eleventh conference on Congress on Evolutionary Computation
Optimizing anomaly detector deployment under evolutionary black-box vulnerability testing
CISDA'09 Proceedings of the Second IEEE international conference on Computational intelligence for security and defense applications
Understanding precision in host based intrusion detection: formal analysis and practical models
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Mimimorphism: a new approach to binary code obfuscation
Proceedings of the 17th ACM conference on Computer and communications security
KIDS: keyed intrusion detection system
DIMVA'10 Proceedings of the 7th international conference on Detection of intrusions and malware, and vulnerability assessment
A misleading attack against semi-supervised learning for intrusion detection
MDAI'10 Proceedings of the 7th international conference on Modeling decisions for artificial intelligence
Operating system interface obfuscation and the revealing of hidden operations
DIMVA'11 Proceedings of the 8th international conference on Detection of intrusions and malware, and vulnerability assessment
Proceedings of the 4th ACM workshop on Security and artificial intelligence
A learning-based approach to the detection of SQL attacks
DIMVA'05 Proceedings of the Second international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Improving host-based IDS with argument abstraction to prevent mimicry attacks
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
On random-inspection-based intrusion detection
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Automated discovery of mimicry attacks
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Anagram: a content anomaly detector resistant to mimicry attack
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
A general model and guidelines for attack manifestation generation
CRITIS'07 Proceedings of the Second international conference on Critical Information Infrastructures Security
Query strategies for evading convex-inducing classifiers
The Journal of Machine Learning Research
Masquerade attacks based on user's profile
Journal of Systems and Software
Sampling attack against active learning in adversarial environment
MDAI'12 Proceedings of the 9th international conference on Modeling Decisions for Artificial Intelligence
| Hi-index | 0.00 |
Over the past decade many anomaly-detection techniques have been proposed and/or deployed to provide early warnings of cyberattacks, particularly of those attacks involving masqueraders and novel methods. To date, however, there appears to be no study which has identified a systematic method that could be used by an attacker to undermine an anomaly-based intrusion detection system. This paper shows how an adversary can craft an offensive mechanism that renders an anomaly-based intrusion detector blind to the presence of on-going, common attacks. It presents a method that identifies the weaknesses of an anomaly-based intrusion detector, and shows how an attacker can manipulate common attacks to exploit those weaknesses. The paper explores the implications of this threat, and suggests possible improvements for existing and future anomaly-based intrusion detection systems.