Dynamic analysis of security protocols
Proceedings of the 2000 workshop on New security paradigms
Abstraction-based intrusion detection in distributed environments
ACM Transactions on Information and System Security (TISSEC)
Capture of an intruder by mobile agents
Proceedings of the fourteenth annual ACM symposium on Parallel algorithms and architectures
The economics of information security investment
ACM Transactions on Information and System Security (TISSEC)
STATL: an attack language for state-based intrusion detection
Journal of Computer Security
An environment for security protocol intrusion detection
Journal of Computer Security
Designing a Web of Highly-Configurable Intrusion Detection Sensors
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Internet security and intrusion detection
Proceedings of the 25th International Conference on Software Engineering
A Network State Based Intrusion Detection Model
ICCNMC '01 Proceedings of the 2001 International Conference on Computer Networks and Mobile Computing (ICCNMC'01)
Enhancing byte-level network intrusion detection signatures with context
Proceedings of the 10th ACM conference on Computer and communications security
Techniques and tools for analyzing intrusion alerts
ACM Transactions on Information and System Security (TISSEC)
Measuring normality in HTTP traffic for anomaly-based intrusion detection
Computer Networks: The International Journal of Computer and Telecommunications Networking
A Comprehensive Approach to Intrusion Detection Alert Correlation
IEEE Transactions on Dependable and Secure Computing
A formal approach to sensor placement and configuration in a network intrusion detection system
Proceedings of the 2006 international workshop on Software engineering for secure systems
Requirement enforcement by transformation automata
Proceedings of the 6th workshop on Foundations of aspect-oriented languages
D-SCIDS: distributed soft computing intrusion detection system
Journal of Network and Computer Applications - Special issue: Network and information security: A computational intelligence approach
An architecture for generating semantics-aware signatures
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Information Assurance: Dependability and Security in Networked Systems
Information Assurance: Dependability and Security in Networked Systems
IP Packet Size Entropy-Based Scheme for Detection of DoS/DDoS Attacks
IEICE - Transactions on Information and Systems
A logic-based model to support alert correlation in intrusion detection
Information Fusion
An adaptive genetic-based signature learning system for intrusion detection
Expert Systems with Applications: An International Journal
A cascade architecture for DoS attacks detection based on the wavelet transform
Journal of Computer Security
Analyzing intensive intrusion alerts via correlation
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
M2D2: a formal data model for IDS alert correlation
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Accurate buffer overflow detection via abstract payload execution
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
A distributed monitoring system for enhancing security and dependability at architectural level
Architecting dependable systems IV
The NIDS cluster: scalable, stateful network intrusion detection on commodity hardware
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Meta learning intrusion detection in real time network
ICANN'07 Proceedings of the 17th international conference on Artificial neural networks
Algebra for capability based attack correlation
WISTP'08 Proceedings of the 2nd IFIP WG 11.2 international conference on Information security theory and practices: smart devices, convergence and next generation networks
Secure multi-agent coordination in a network monitoring system
Software engineering for large-scale multi-agent systems
On the use of computational geometry to detect software faults at runtime
Proceedings of the 7th international conference on Autonomic computing
A log analyzer agent for intrusion detection in a multi-agent system
KES'10 Proceedings of the 14th international conference on Knowledge-based and intelligent information and engineering systems: Part I
The impact of information security breaches: Has there been a downward shift in costs?
Journal of Computer Security
ASAP: automatic semantics-aware analysis of network payloads
PSDML'10 Proceedings of the international ECML/PKDD conference on Privacy and security issues in data mining and machine learning
SLA-based complementary approach for network intrusion detection
Computer Communications
An efficient hash-based load balancing scheme to support parallel NIDS
ICCSA'11 Proceedings of the 2011 international conference on Computational science and its applications - Volume Part I
High-speed intrusion detection in support of critical infrastructure protection
CRITIS'06 Proceedings of the First international conference on Critical Information Infrastructures Security
ICAPR'05 Proceedings of the Third international conference on Pattern Recognition and Image Analysis - Volume Part II
M of N features vs. intrusion detection
ICCSA'05 Proceedings of the 2005 international conference on Computational Science and its Applications - Volume Part I
Model generalization and its implications on intrusion detection
ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
ICIAP'05 Proceedings of the 13th international conference on Image Analysis and Processing
Enhancing the accuracy of network-based intrusion detection with host-based context
DIMVA'05 Proceedings of the Second international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Enforcing security with behavioral fingerprinting
Proceedings of the 7th International Conference on Network and Services Management
HTTPHunting: an IBR approach to filtering dangerous HTTP Traffic
ICDM'06 Proceedings of the 6th Industrial Conference on Data Mining conference on Advances in Data Mining: applications in Medicine, Web Mining, Marketing, Image and Signal Mining
Design and implementation of a decentralized prototype system for detecting distributed attacks
Computer Communications
Information Systems and e-Business Management
Theorizing Information Security Success: Towards Secure E-Government
International Journal of Electronic Government Research
| Hi-index | 0.00 |
Network-based attacks are becoming more common andsophisticated. For this reason, intrusion detection systems are nowshifting their focus from the hosts and their operating systems tothe network itself. Network-based intrusion detection ischallenging because network auditing produces large amounts ofdata, and different events related to a single intrusion may bevisible in different places on the network. This paper presents anew approach that applies the State Transition Analysis Technique(STAT) to network intrusion detection. Network-based intrusions aremodeled using state transition diagrams in which states andtransitions are characterized in a networked environment. Thetarget network environment itself is represented using a modelbased on hypergraphs. By using a formal model of both the networkto be protected and the attacks to be detected the approach is ableto determine which network events have to be monitored and wherethey can be monitored, providing automatic support forconfiguration and placement of intrusion detection components.