Dynamic analysis of security protocols
Proceedings of the 2000 workshop on New security paradigms
ACM fellow profile: Eugene H. Spafford
ACM SIGSOFT Software Engineering Notes
The economics of information security investment
ACM Transactions on Information and System Security (TISSEC)
Using internal sensors and embedded detectors for intrusion detection
Journal of Computer Security
An environment for security protocol intrusion detection
Journal of Computer Security
Application-Integrated Data Collection for Security Monitoring
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Journal of Computer Security - IFIP 2000
Metadata for Anomaly-Based Security Protocol Attack Deduction
IEEE Transactions on Knowledge and Data Engineering
The impact of information security breaches: Has there been a downward shift in costs?
Journal of Computer Security
METAL – a tool for extracting attack manifestations
DIMVA'05 Proceedings of the Second international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Information Systems and e-Business Management
Theorizing Information Security Success: Towards Secure E-Government
International Journal of Electronic Government Research
Hi-index | 0.00 |
Conventional host-based and network-based intrusion and misusedetection systems have concentrated on detecting network-based andinternal attacks, but little work has addressed host-baseddetection of low-level network attacks. A major reason for this isthe misuse detection systems dependence on audit data and theabsence of low-level network data in audit trails. This workdefines low-level IP vulnerabilities and distinguishes betweenlow-level IP and IP-based vulnerabilities. Furthermore, we analyzea number of different low-level IP attacks and the vulnerabilitiesthat they exploit. We develop attack signatures for each attack,and based upon our analysis, we determine a baseline collection ofinformation needed to detect the attacks. We suggest locationswithin protocol stacks where the needed data can be collected.Finally, we generalize from the baseline audit data to try topredict audit content suitable not only for detecting theseattacks, but possible future ones.