IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Task sequencing language for specifying distributed Ada systems
Volume II: Parallel Languages on PARLE: Parallel Architectures and Languages Europe
NADIR: an automated system for detecting network intrusion and misuse
Computers and Security
A survey of intrusion detection techniques
Computers and Security
A taxonomy of computer program security flaws
ACM Computing Surveys (CSUR)
Debugging heterogeneous distributed systems using event-based models of behavior
ACM Transactions on Computer Systems (TOCS)
Communications of the ACM
An Event-Based Architecture Definition Language
IEEE Transactions on Software Engineering
Implementing a Generalized Tool for Network Monitoring
LISA '97 Proceedings of the 11th Conference on Systems Administration
Learning Program Behavior Profiles for Intrusion Detection
Proceedings of the Workshop on Intrusion Detection and Network Monitoring
Automated Intrusion Detection Using NFR: Methods and Experiences
Proceedings of the Workshop on Intrusion Detection and Network Monitoring
On Preventing Intrusions by Process Behavior Monitoring
Proceedings of the Workshop on Intrusion Detection and Network Monitoring
NetSTAT: A Network-Based Intrusion Detection Approach
ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
USTAT: A Real-Time Intrusion Detection System for UNIX
SP '93 Proceedings of the 1993 IEEE Symposium on Security and Privacy
Synthesizing fast intrusion prevention/detection systems from high-level specifications
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Bro: a system for detecting network intruders in real-time
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Network security via reverse engineering of TCP code: vulnerability analysis and proposed solutions
INFOCOM'96 Proceedings of the Fifteenth annual joint conference of the IEEE computer and communications societies conference on The conference on computer communications - Volume 2
Specification-based anomaly detection: a new approach for detecting network intrusions
Proceedings of the 9th ACM conference on Computer and communications security
STATL: an attack language for state-based intrusion detection
Journal of Computer Security
Panoptis: intrusion detection using a domain-specific language
Journal of Computer Security
Statistical analysis of malformed packets and their origins in the modern internet
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Experiences with Specification-Based Intrusion Detection
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Clustering intrusion detection alarms to support root cause analysis
ACM Transactions on Information and System Security (TISSEC)
Towards trusted systems from the ground up
EW 10 Proceedings of the 10th workshop on ACM SIGOPS European workshop
Analysis of an Intelligent Agent Intrusion Response System
WI-IATW '06 Proceedings of the 2006 IEEE/WIC/ACM international conference on Web Intelligence and Intelligent Agent Technology
Network anomaly detection with incomplete audit data
Computer Networks: The International Journal of Computer and Telecommunications Networking
Streamflex: high-throughput stream programming in java
Proceedings of the 22nd annual ACM SIGPLAN conference on Object-oriented programming systems and applications
A Parallel Architecture for Stateful, High-Speed Intrusion Detection
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
Fast packet classification for Snort by native compilation of rules
LISA'08 Proceedings of the 22nd conference on Large installation system administration conference
Reflexes: Abstractions for integrating highly responsive tasks into Java applications
ACM Transactions on Embedded Computing Systems (TECS)
ISNN'06 Proceedings of the Third international conference on Advances in Neural Networks - Volume Part III
Overlay logging: an IP traceback scheme in MPLS network
ICN'05 Proceedings of the 4th international conference on Networking - Volume Part II
WIND: workload-aware INtrusion detection
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Intrusion Detection: Towards scalable intrusion detection
Network Security
Model-driven, network-context sensitive intrusion detection
MODELS'07 Proceedings of the 10th international conference on Model Driven Engineering Languages and Systems
| Hi-index | 0.00 |
In this paper we present a new approach for network intrusion detection based on concise specifications that characterize normal and abnormal network packet sequences. Our specification language is geared for a robust network intrusion detection by enforcing a strict type discipline via a combination of static and dynamic type checking. Unlike most previous approaches in network intrusion detection, our approach can easily support new network protocols as information relating to the protocols are not hard-coded into the system. Instead, we simply add suitable type definitions in the specifications and define intrusion patterns on these types. We compile these specifications into a high-performance network intrusion detection system. Important components of our approach include efficient algorithms for pattern-matching and information aggregation on sequences of network packets. In particular, our techniques ensure that the matching time is insensitive to the number of patterns characterizing different network intrusions, and that the aggregation operations typically take constant time per packet. Our system participated in an intrusion detection evaluation organized by MIT Lincoln Labs, where our system demonstrated its effectiveness (96% detection rate on low-level network attacks) and performance (real-time detection at 500Mbps), while producing very few false positives (0.05 to 0.1 per attack).