Algorithms on strings, trees, and sequences: computer science and computational biology
Algorithms on strings, trees, and sequences: computer science and computational biology
The 1999 DARPA off-line intrusion detection evaluation
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
Code-Red: a case study on the spread and victims of an internet worm
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
How to Own the Internet in Your Spare Time
Proceedings of the 11th USENIX Security Symposium
Shield: vulnerability-driven network filters for preventing known vulnerability exploits
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Countering Network Worms Through Automatic Patch Generation
IEEE Security and Privacy
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Address obfuscation: an efficient approach to combat a board range of memory error exploits
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Autograph: toward automated, distributed worm signature detection
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Privacy-preserving payload-based correlation for accurate malicious traffic detection
Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense
A distributed host-based worm detection system
Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense
Evading network anomaly detection systems: formal reasoning and practical techniques
Proceedings of the 13th ACM conference on Computer and communications security
On the infeasibility of modeling polymorphic shellcode
Proceedings of the 14th ACM conference on Computer and communications security
Data sanitization: improving the forensic utility of anomaly detection systems
HotDep'07 Proceedings of the 3rd workshop on on Hot Topics in System Dependability
ATLANTIDES: an architecture for alert verification in network intrusion detection systems
LISA'07 Proceedings of the 21st conference on Large Installation System Administration Conference
BotHunter: detecting malware infection through IDS-driven dialog correlation
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Fast detection of database system abuse behaviors based on data mining approach
Proceedings of the 2nd international conference on Scalable information systems
Behavioral detection of malware on mobile handsets
Proceedings of the 6th international conference on Mobile systems, applications, and services
LOBSTER: a European platform for passive network traffic monitoring
Proceedings of the 4th International Conference on Testbeds and research infrastructures for the development of networks & communities
On the Adaptive Real-Time Detection of Fast-Propagating Network Worms
DIMVA '07 Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
A Study of Malcode-Bearing Documents
DIMVA '07 Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Swarm Attacks against Network-Level Emulation/Analysis
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Vigilante: End-to-end containment of Internet worm epidemics
ACM Transactions on Computer Systems (TOCS)
A data mining approach for analysis of worm activity through automatic signature generation
Proceedings of the 1st ACM workshop on Workshop on AISec
The Design and Testing of Automated Signature Generation Engine for Worms Detection
KES-AMSTA '07 Proceedings of the 1st KES International Symposium on Agent and Multi-Agent Systems: Technologies and Applications
An architecture of unknown attack detection system against zero-day worm
ACS'08 Proceedings of the 8th conference on Applied computer scince
McPAD: A multiple classifier system for accurate payload-based anomaly detection
Computer Networks: The International Journal of Computer and Telecommunications Networking
Automatic discovery of botnet communities on large-scale communication networks
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
SAX: a privacy preserving general pupose methodapplied to detection of intrusions
Proceedings of the ACM first international workshop on Privacy and anonymity for very large databases
P2P botnet detection using behavior clustering & statistical tests
Proceedings of the 2nd ACM workshop on Security and artificial intelligence
Proceedings of the 2nd ACM workshop on Security and artificial intelligence
Using identity credential usage logs to detect anomalous service accesses
Proceedings of the 5th ACM workshop on Digital identity management
Adaptive Anomaly Detection via Self-calibration and Dynamic Updating
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Emulation-based detection of non-self-contained polymorphic shellcode
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
SWorD: a simple worm detection scheme
OTM'07 Proceedings of the 2007 OTM confederated international conference on On the move to meaningful internet systems: CoopIS, DOA, ODBASE, GADA, and IS - Volume Part II
Hybrid traffic classification approach based on decision tree
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
Client-side detection of XSS worms by monitoring payload propagation
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Thwarting zero-day polymorphic worms with network-level length-based signature generation
IEEE/ACM Transactions on Networking (TON)
Behavior-based worm detectors compared
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Toward worm detection in online social networks
Proceedings of the 26th Annual Computer Security Applications Conference
Enhancing Intrusion Detection System with proximity information
International Journal of Security and Networks
Abstracting audit data for lightweight intrusion detection
ICISS'10 Proceedings of the 6th international conference on Information systems security
Summary-invisible networking: techniques and defenses
ISC'10 Proceedings of the 13th international conference on Information security
Detecting unknown network attacks using language models
DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment
Allergy attack against automatic signature generation
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Anagram: a content anomaly detector resistant to mimicry attack
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Software diversity: security, entropy and game theory
HotSec'12 Proceedings of the 7th USENIX conference on Hot Topics in Security
Adversarial attacks against intrusion detection systems: Taxonomy, solutions and open issues
Information Sciences: an International Journal
Security analysis of online centroid anomaly detection
The Journal of Machine Learning Research
Administrative evaluation of intrusion detection system
Proceedings of the 2nd annual conference on Research in information technology
A survey of multiple classifier systems as hybrid systems
Information Fusion
| Hi-index | 0.00 |
New features of the PAYL anomalous payload detection sensor are demonstrated to accurately detect and generate signatures for zero-day worms. Experimental evidence demonstrates that site-specific packet content models are capable of detecting new worms with high accuracy in a collaborative security system. A new approach is proposed that correlates ingress/egress payload alerts to identify the worm's initial propagation. The method also enables automatic signature generation that can be deployed immediately to network firewalls and content filters to proactively protect other hosts. We also propose a collaborative privacy-preserving security strategy whereby different hosts can exchange PAYL signatures to increase accuracy and mitigate against false positives. The important principle demonstrated is that correlating multiple alerts identifies true positives from the set of anomaly alerts and reduces incorrect decisions producing accurate mitigation.