The 1999 DARPA off-line intrusion detection evaluation
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Proceedings of the 25th International Conference on Software Engineering
A high-level programming environment for packet trace anonymization and transformation
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Enhancing byte-level network intrusion detection signatures with context
Proceedings of the 10th ACM conference on Computer and communications security
Clustering intrusion detection alarms to support root cause analysis
ACM Transactions on Information and System Security (TISSEC)
Modeling network intrusion detection alerts for correlation
ACM Transactions on Information and System Security (TISSEC)
Adaptive real-time anomaly detection with incremental clustering
Information Security Tech. Report
Classification of intrusion detection alerts using abstaining classifiers
Intelligent Data Analysis
Extending Anticipation Games with Location, Penalty and Timeline
Formal Aspects in Security and Trust
A logical framework for evaluating network resilience against faults and attacks
ASIAN'07 Proceedings of the 12th Asian computing science conference on Advances in computer science: computer and network security
Security system for encrypted environments (S2E2)
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Using strategy objectives for network security analysis
Inscrypt'09 Proceedings of the 5th international conference on Information security and cryptology
International Journal of Automation and Computing
Simplifying signature engineering by reuse
ETRICS'06 Proceedings of the 2006 international conference on Emerging Trends in Information and Communication Security
ISI'06 Proceedings of the 4th IEEE international conference on Intelligence and Security Informatics
Towards systematic signature testing
TestCom'07/FATES'07 Proceedings of the 19th IFIP TC6/WG6.1 international conference, and 7th international conference on Testing of Software and Communicating Systems
Review: An intrusion detection and prevention system in cloud computing: A systematic review
Journal of Network and Computer Applications
Taxonomy and proposed architecture of intrusion detection and prevention systems for cloud computing
CSS'12 Proceedings of the 4th international conference on Cyberspace Safety and Security
Information security strategies: towards an organizational multi-strategy perspective
Journal of Intelligent Manufacturing
Context and semantics for detection of cyber attacks
International Journal of Information and Computer Security
| Hi-index | 0.00 |
Vulnerability scanning and installing software patches for known vulnerabilities greatly affects the utility of network-based intrusion detection systems that use signatures to detect system compromises. A detailed timeline analysis of important remote-to-local vulnerabilities demonstrates (1) Vulnerabilities in widely-used server software are discovered infrequently (at most 6 times a year) and (2) Software patches to prevent vulnerabilities from being exploited are available before or simultaneously with signatures. Signature-based intrusion detection systems will thus never detect successful system compromises on small secure sites when patches are installed as soon as they are available. Network intrusion detection systems may detect successful system compromises on large sites where it is impractical to eliminate all known vulnerabilities. On such sites, information from vulnerability scanning can be used to prioritize the large numbers of extraneous alerts caused by failed attacks and normal background traffic. On one class B network with roughly 10 web servers, this approach successfully filtered out 95% of all remote-to-local alerts.