Combinatorial optimization: algorithms and complexity
Combinatorial optimization: algorithms and complexity
Knapsack problems: algorithms and computer implementations
Knapsack problems: algorithms and computer implementations
A Methodology for Testing Intrusion Detection Systems
IEEE Transactions on Software Engineering
The design, implementation and evaluation of SMART: a scheduler for multimedia applications
Proceedings of the sixteenth ACM symposium on Operating systems principles
Information warfare and security
Information warfare and security
Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
Intrusion detection
The base-rate fallacy and the difficulty of intrusion detection
ACM Transactions on Information and System Security (TISSEC)
InfoFilter: supporting quality of service for fresh information delivery
New Generation Computing
Performance Guarantees for Web Server End-Systems: A Control-Theoretical Approach
IEEE Transactions on Parallel and Distributed Systems
Secrets & Lies: Digital Security in a Networked World
Secrets & Lies: Digital Security in a Networked World
Network Intrusion Detection: An Analyst's Handbook
Network Intrusion Detection: An Analyst's Handbook
Toward cost-sensitive modeling for intrusion detection and response
Journal of Computer Security
Cover story: dragon claws its way to the top
Network Computing
Designing a Web of Highly-Configurable Intrusion Detection Sensors
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Stateful Intrusion Detection for High-Speed Networks
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Evaluation of Intrusion Detectors: A Decision Theory Approach
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Network intrusion detection: evasion, traffic normalization, and end-to-end protocol semantics
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Performance specifications and metrics for adaptive real-time systems
RTSS'10 Proceedings of the 21st IEEE conference on Real-time systems symposium
A framework for malicious workload generation
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Operational experiences with high-volume network intrusion detection
Proceedings of the 11th ACM conference on Computer and communications security
Predicting the Resource Consumption of Network Intrusion Detection Systems
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Using attack graphs for correlating, hypothesizing, and predicting intrusion alerts
Computer Communications
An overview of network evasion methods
Information Security Tech. Report
Proceedings of the Third European Workshop on System Security
Robust and fast pattern matching for intrusion detection
INFOCOM'10 Proceedings of the 29th conference on Information communications
A fuzzy-based dynamic provision approach for virtualized network intrusion detection systems
AST/UCMA/ISA/ACN'10 Proceedings of the 2010 international conference on Advances in computer science and information technology
Towards software-based signature detection for intrusion prevention on the network card
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
An efficient and unified approach to correlating, hypothesizing, and predicting intrusion alerts
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Enhancing network intrusion detection with integrated sampling and filtering
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
WIND: workload-aware INtrusion detection
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Tolerating overload attacks against packet capturing systems
USENIX ATC'12 Proceedings of the 2012 USENIX conference on Annual Technical Conference
MCA2: multi-core architecture for mitigating complexity attacks
Proceedings of the eighth ACM/IEEE symposium on Architectures for networking and communications systems
Re-examining the performance bottleneck in a NIDS with detailed profiling
Journal of Network and Computer Applications
Self-protecting and self-optimizing database systems: implementation and experimental evaluation
Proceedings of the 2013 ACM Cloud and Autonomic Computing Conference
Scap: stream-oriented network traffic capture and analysis for high-speed networks
Proceedings of the 2013 conference on Internet measurement conference
Hi-index | 0.00 |
A real-time intrusion detection system (IDS) has several performance objectives: good detection coverage, economy in resource usage, resilience to stress, and resistance to attacks upon itself. In this paper, we argue that these objectives are trade-offs that must be considered not only in IDS design and implementation, but also in deployment and in an adaptive manner. We show that IDS performance trade-offs can be studied as classical optimization problems. We describe an IDS architecture with multiple dynamically configured front-end and back-end detection modules and a monitor. The IDS run-time performance is measured periodically, and detection strategies and workload are configured among the detection modules according to resource constraints and cost-benefit analysis. The back-end performs scenario (or trend) analysis to recognize on-going attack sequences, so that the predictions of the likely forthcoming attacks can be used to pro-actively and optimally configure the IDS.