Communications of the ACM
IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Learning in the presence of malicious errors
SIAM Journal on Computing
Towards a taxonomy of intrusion-detection systems
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on computer network security
Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
Safety critical systems: challenges and directions
Proceedings of the 24th International Conference on Software Engineering
Toward cost-sensitive modeling for intrusion detection and response
Journal of Computer Security
Aggregation and Correlation of Intrusion-Detection Alerts
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Policy-Based Intrusion Detection and Automated Response Mechanism
ICOIN '02 Revised Papers from the International Conference on Information Networking, Wireless Communications Technologies and Network Applications-Part II
Controlling Intrusion Detection Systems by Generating False Positives: Squealing Proof-of-Concept
LCN '02 Proceedings of the 27th Annual IEEE Conference on Local Computer Networks
Applying data mining to intrusion detection: the quest for automation, efficiency, and credibility
ACM SIGKDD Explorations Newsletter
Active Mapping: Resisting NIDS Evasion without Altering Traffic
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Information-Theoretic Measures for Anomaly Detection
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Beyond Fear: Thinking Sensibly about Security in an Uncertain World
Beyond Fear: Thinking Sensibly about Security in an Uncertain World
Smooth boosting and learning with malicious noise
The Journal of Machine Learning Research
Enhancing byte-level network intrusion detection signatures with context
Proceedings of the 10th ACM conference on Computer and communications security
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Protocol scrubbing: network security through transparent flow modification
IEEE/ACM Transactions on Networking (TON)
Testing network-based intrusion detection signatures using mutant exploits
Proceedings of the 11th ACM conference on Computer and communications security
Intrusion Detection and Correlation: Challenges and Solutions
Intrusion Detection and Correlation: Challenges and Solutions
Automatic Generation and Analysis of NIDS Attacks
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Polygraph: Automatically Generating Signatures for Polymorphic Worms
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Rootkits: Subverting the Windows Kernel
Rootkits: Subverting the Windows Kernel
Feature bagging for outlier detection
Proceedings of the eleventh ACM SIGKDD international conference on Knowledge discovery in data mining
The Use of Distributed Network-Based IDS Systems in Detection of Evasion Attacks
AICT-SAPIR-ELETE '05 Proceedings of the Advanced Industrial Conference on Telecommunications/Service Assurance with Partial and Intermittent Resources Conference/E-Learning on Telecommunications Workshop
MisleadingWorm Signature Generators Using Deliberate Noise Injection
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Hamsa: Fast Signature Generation for Zero-day PolymorphicWorms with Provable Attack Resilience
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Siren: Catching Evasive Malware (Short Paper)
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
A formal approach to sensor placement and configuration in a network intrusion detection system
Proceedings of the 2006 international workshop on Software engineering for secure systems
On evolving buffer overflow attacks using genetic programming
Proceedings of the 8th annual conference on Genetic and evolutionary computation
On the Completeness of Attack Mutation Algorithms
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
Alert confidence fusion in intrusion detection systems with extended Dempster-Shafer theory
Proceedings of the 43rd annual Southeast regional conference - Volume 2
Network Intrusion Detection: Automated and Manual Methods Prone to Attack and Evasion
IEEE Security and Privacy
Backtracking Algorithmic Complexity Attacks against a NIDS
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Automatic Evaluation of Intrusion Detection Systems
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Using an Ensemble of One-Class SVM Classifiers to Harden Payload-based Anomaly Detection Systems
ICDM '06 Proceedings of the Sixth International Conference on Data Mining
Privacy-Respecting Intrusion Detection (Advances in Information Security)
Privacy-Respecting Intrusion Detection (Advances in Information Security)
Analysis of active intrusion prevention data for predicting hostile activity in computer networks
Communications of the ACM
Machine Learning for Computer Security
The Journal of Machine Learning Research
Tracking the role of adversaries in measuring unwanted traffic
SRUTI'06 Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet - Volume 2
Denial of service via algorithmic complexity attacks
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Dynamic application-layer protocol analysis for network intrusion detection
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Network intrusion detection: evasion, traffic normalization, and end-to-end protocol semantics
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
A hybrid machine learning approach to network anomaly detection
Information Sciences: an International Journal
An inquiry into the nature and causes of the wealth of internet miscreants
Proceedings of the 14th ACM conference on Computer and communications security
Catch me, if you can: evading network signatures with web-based polymorphic worms
WOOT '07 Proceedings of the first USENIX workshop on Offensive Technologies
ATLANTIDES: an architecture for alert verification in network intrusion detection systems
LISA'07 Proceedings of the 21st conference on Large Installation System Administration Conference
A taxonomy of intrusion response systems
International Journal of Information and Computer Security
LISABETH: automated content-based signature generator for zero-day polymorphic worms
Proceedings of the fourth international workshop on Software engineering for secure systems
Exploiting machine learning to subvert your spam filter
LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
REFACING: An autonomic approach to network security based on multidimensional trustworthiness
Computer Networks: The International Journal of Computer and Telecommunications Networking
A Tool for Offline and Live Testing of Evasion Resilience in Network Intrusion Detection Systems
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
A Multi-Sensor Model to Improve Automated Attack Detection
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Mimicry Attacks Demystified: What Can Attackers Do to Evade Detection?
PST '08 Proceedings of the 2008 Sixth Annual Conference on Privacy, Security and Trust
Proceedings of the 15th ACM conference on Computer and communications security
Open problems in the security of learning
Proceedings of the 1st ACM workshop on Workshop on AISec
Traffic flooding attack detection with SNMP MIB using SVM
Computer Communications
A Sampling Method for Intrusion Detection System
APNOMS '08 Proceedings of the 11th Asia-Pacific Symposium on Network Operations and Management: Challenges for Next Generation Network Operations and Service Management
Directions in Network-Based Security Monitoring
IEEE Security and Privacy
An attacker model for MANET routing security
Proceedings of the second ACM conference on Wireless network security
Instruction-level countermeasures against stack-based buffer overflow attacks
Proceedings of the 1st EuroSys Workshop on Virtualization Technology for Dependable Systems
Multi-aspect profiling of kernel rootkit behavior
Proceedings of the 4th ACM European conference on Computer systems
ACM Computing Surveys (CSUR)
Information fusion for computer security: State of the art and open issues
Information Fusion
Multiple Classifier Systems for Adversarial Classification Tasks
MCS '09 Proceedings of the 8th International Workshop on Multiple Classifier Systems
A Framework for Cost Sensitive Assessment of Intrusion Response Selection
COMPSAC '09 Proceedings of the 2009 33rd Annual IEEE International Computer Software and Applications Conference - Volume 01
ANTIDOTE: understanding and defending against poisoning of anomaly detectors
Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
A multi-model approach to the detection of web-based attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
Secure in-VM monitoring using hardware virtualization
Proceedings of the 16th ACM conference on Computer and communications security
Mapping kernel objects to enable systematic integrity checking
Proceedings of the 16th ACM conference on Computer and communications security
Dynamic policy model for target based intrusion detection system
Proceedings of the 2nd International Conference on Interaction Sciences: Information Technology, Culture and Human
Counting bloom filters for pattern matching and anti- evasion at the wire speed
IEEE Network: The Magazine of Global Internetworking - Special issue title on recent developments in network intrusion detection
Panacea: Automating Attack Classification for Anomaly-Based Network Intrusion Detection Systems
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
An overview of network evasion methods
Information Security Tech. Report
Detecting Malicious Flux Service Networks through Passive Analysis of Recursive DNS Traces
ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
A Survey of Game Theory as Applied to Network Security
HICSS '10 Proceedings of the 2010 43rd Hawaii International Conference on System Sciences
Proceedings of the Third European Workshop on System Security
Information Sciences: an International Journal
Advanced allergy attacks: does a corpus really help
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Protocol normalization using attribute grammars
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Thwarting zero-day polymorphic worms with network-level length-based signature generation
IEEE/ACM Transactions on Networking (TON)
HMM-web: a framework for the detection of attacks against web applications
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
Inspector Gadget: Automated Extraction of Proprietary Gadgets from Malware Binaries
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Outside the Closed World: On Using Machine Learning for Network Intrusion Detection
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Behavioral clustering of HTTP-based malware and signature generation using malicious network traces
NSDI'10 Proceedings of the 7th USENIX conference on Networked systems design and implementation
Effective and efficient malware detection at the end host
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
The security of machine learning
Machine Learning
A control point for reducing root abuse of file-system privileges
Proceedings of the 17th ACM conference on Computer and communications security
AccessMiner: using system-centric models for malware protection
Proceedings of the 17th ACM conference on Computer and communications security
COMPSACW '10 Proceedings of the 2010 IEEE 34th Annual Computer Software and Applications Conference Workshops
DKSM: Subverting Virtual Machine Introspection for Fun and Profit
SRDS '10 Proceedings of the 2010 29th IEEE Symposium on Reliable Distributed Systems
Comprehensive shellcode detection using runtime heuristics
Proceedings of the 26th Annual Computer Security Applications Conference
Toward automated detection of logic vulnerabilities in web applications
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Virtuoso: Narrowing the Semantic Gap in Virtual Machine Introspection
SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy
Bagging classifiers for fighting poisoning attacks in adversarial classification tasks
MCS'11 Proceedings of the 10th international conference on Multiple classifier systems
A robust SNMP based infrastructure for intrusion detection and response in tactical MANETs
DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment
A new automatic intrusion response taxonomy and its application
APWeb'06 Proceedings of the 2006 international conference on Advanced Web and Network Technologies, and Applications
Mining outliers with ensemble of heterogeneous detectors on random subspaces
DASFAA'10 Proceedings of the 15th international conference on Database Systems for Advanced Applications - Volume Part I
Enhancing the accuracy of network-based intrusion detection with host-based context
DIMVA'05 Proceedings of the Second international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Anomalous payload-based worm detection and signature generation
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Paragraph: thwarting signature learning by training maliciously
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Weighted bagging for graph based one-class classifiers
MCS'10 Proceedings of the 9th international conference on Multiple Classifier Systems
Abusing File Processing in Malware Detectors for Fun and Profit
SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy
SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy
A pattern recognition system for malicious PDF files detection
MLDM'12 Proceedings of the 8th international conference on Machine Learning and Data Mining in Pattern Recognition
Secure and robust monitoring of virtual machines through guest-assisted introspection
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
Industrial espionage and targeted attacks: understanding the characteristics of an escalating threat
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
Efficient protection of kernel data structures via object partitioning
Proceedings of the 28th Annual Computer Security Applications Conference
Toward a more practical unsupervised anomaly detection system
Information Sciences: an International Journal
Information Sciences: an International Journal
| Hi-index | 0.07 |
Intrusion Detection Systems (IDSs) are one of the key components for securing computing infrastructures. Their objective is to protect against attempts to violate defense mechanisms. Indeed, IDSs themselves are part of the computing infrastructure, and thus they may be attacked by the same adversaries they are designed to detect. This is a relevant aspect, especially in safety-critical environments, such as hospitals, aircrafts, nuclear power plants, etc. To the best of our knowledge, this survey is the first work to present an overview on adversarial attacks against IDSs. In particular, this paper will provide the following original contributions: (a) a general taxonomy of attack tactics against IDSs; (b) an extensive description of how such attacks can be implemented by exploiting IDS weaknesses at different abstraction levels; (c) for each attack implementation, a critical investigation of proposed solutions and open points. Finally, this paper will highlight the most promising research directions for the design of adversary-aware, harder-to-defeat IDS solutions. To this end, we leverage on our research experience in the field of intrusion detection, as well as on a thorough investigation of the relevant related works published so far.