Identification of host audit data to detect attacks on low-level IP vulnerabilities

Authors:
Thomas E. Daniels;Eugene H. Spafford
Affiliations:
-;-
Venue:
Journal of Computer Security
Year:
1999

Citing 0
Cited 12

Dynamic analysis of security protocols

Proceedings of the 2000 workshop on New security paradigms
ACM fellow profile: Eugene H. Spafford

ACM SIGSOFT Software Engineering Notes
The economics of information security investment

ACM Transactions on Information and System Security (TISSEC)
Using internal sensors and embedded detectors for intrusion detection

Journal of Computer Security
An environment for security protocol intrusion detection

Journal of Computer Security
Application-Integrated Data Collection for Security Monitoring

RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
The economic cost of publicly announced information security breaches: empirical evidence from the stock market

Journal of Computer Security - IFIP 2000
Metadata for Anomaly-Based Security Protocol Attack Deduction

IEEE Transactions on Knowledge and Data Engineering
The impact of information security breaches: Has there been a downward shift in costs?

Journal of Computer Security
METAL – a tool for extracting attack manifestations

DIMVA'05 Proceedings of the Second international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Taking value-networks to the cloud services: security services, semantics and service level agreements

Information Systems and e-Business Management
Theorizing Information Security Success: Towards Secure E-Government

International Journal of Electronic Government Research

Quantified Score

Hi-index	0.00

Visualization

Abstract

Conventional host-based and network-based intrusion and misusedetection systems have concentrated on detecting network-based andinternal attacks, but little work has addressed host-baseddetection of low-level network attacks. A major reason for this isthe misuse detection systems dependence on audit data and theabsence of low-level network data in audit trails. This workdefines low-level IP vulnerabilities and distinguishes betweenlow-level IP and IP-based vulnerabilities. Furthermore, we analyzea number of different low-level IP attacks and the vulnerabilitiesthat they exploit. We develop attack signatures for each attack,and based upon our analysis, we determine a baseline collection ofinformation needed to detect the attacks. We suggest locationswithin protocol stacks where the needed data can be collected.Finally, we generalize from the baseline audit data to try topredict audit content suitable not only for detecting theseattacks, but possible future ones.