Temporal reasoning based on semi-intervals
Artificial Intelligence
NADIR: an automated system for detecting network intrusion and misuse
Computers and Security
State Transition Analysis: A Rule-Based Intrusion Detection Approach
IEEE Transactions on Software Engineering
Classification and detection of computer intrusions
Classification and detection of computer intrusions
A first course in database systems
A first course in database systems
Intrusion detection
NetSTAT: a network-based intrusion detection system
Journal of Computer Security
Maintaining knowledge about temporal intervals
Communications of the ACM
Intrusion detection using autonomous agents
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
Intrusion detection inter-component adaptive negotiation
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
A framework for constructing features and models for intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
Real-time protocol analysis for detecting link-state routing protocol attacks
ACM Transactions on Information and System Security (TISSEC)
Network Intrusion Detection: An Analyst's Handbook
Network Intrusion Detection: An Analyst's Handbook
Implementation techniques for main memory database systems
SIGMOD '84 Proceedings of the 1984 ACM SIGMOD international conference on Management of data
CARDS: A Distributed System for Detecting Coordinated Attacks
Proceedings of the IFIP TC11 Fifteenth Annual Working Conference on Information Security for Global Information Infrastructures
NetSTAT: A Network-Based Intrusion Detection Approach
ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
Abstraction-Based Misuse Detection: High-Level Specifications and Adaptable Strategies
CSFW '98 Proceedings of the 11th IEEE workshop on Computer Security Foundations
Distributed audit trail analysis
SNDSS '95 Proceedings of the 1995 Symposium on Network and Distributed System Security (SNDSS'95)
USTAT: A Real-Time Intrusion Detection System for UNIX
SP '93 Proceedings of the 1993 IEEE Symposium on Security and Privacy
Holding intruders accountable on the Internet
SP '95 Proceedings of the 1995 IEEE Symposium on Security and Privacy
Analysis of a Denial of Service Attack on TCP
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
NSTAT: A Model-based Real-time Network Intrusion Detection System
NSTAT: A Model-based Real-time Network Intrusion Detection System
Abstraction-based misuse detection: high-level specifications and adaptable strategies
Abstraction-based misuse detection: high-level specifications and adaptable strategies
Modeling requests among cooperating intrusion detection systems
Computer Communications
Cooperating security managers: a peer-based intrusion detection system
IEEE Network: The Magazine of Global Internetworking
Clustering intrusion detection alarms to support root cause analysis
ACM Transactions on Information and System Security (TISSEC)
Using DAML+OIL to classify intrusive behaviours
The Knowledge Engineering Review
Techniques and tools for analyzing intrusion alerts
ACM Transactions on Information and System Security (TISSEC)
Attack abstraction using a multiagent system for intrusion detection
Journal of Intelligent & Fuzzy Systems: Applications in Engineering and Technology
Hybrid Intrusion Detection with Weighted Signature Generation over Anomalous Internet Episodes
IEEE Transactions on Dependable and Secure Computing
Collaborative Detection of DDoS Attacks over Multiple Network Domains
IEEE Transactions on Parallel and Distributed Systems
Distributed change-point detection of DDoS attacks: experimental results on DETER testbed
DETER Proceedings of the DETER Community Workshop on Cyber Security Experimentation and Test on DETER Community Workshop on Cyber Security Experimentation and Test 2007
Security in grid computing: A review and synthesis
Decision Support Systems
Analyzing intensive intrusion alerts via correlation
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Intrusion detection for mobile devices using the knowledge-based, temporal abstraction method
Journal of Systems and Software
Malware characterization through alert pattern discovery
LEET'09 Proceedings of the 2nd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
Expressive, efficient and obfuscation resilient behavior based IDS
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Fusing intrusion data for detection and containment
MILCOM'03 Proceedings of the 2003 IEEE conference on Military communications - Volume II
The impact of information security breaches: Has there been a downward shift in costs?
Journal of Computer Security
Alert correlation in collaborative intelligent intrusion detection systems-A survey
Applied Soft Computing
Design and implementation of a decentralized prototype system for detecting distributed attacks
Computer Communications
Mobile Agent Based Network Defense System in Enterprise Network
International Journal of Handheld Computing Research
Note: One-round multi-party communication complexity of distinguishing sums
Theoretical Computer Science
Semantic security against web application attacks
Information Sciences: an International Journal
| Hi-index | 0.00 |
Abstraction is an important issue in intrusion detection, since it not only hides the difference between heterogeneous systems, but also allows generic intrusion-detection models. However, abstraction is an error-prone process and is not well supported in current intrusion-detection systems (IDSs). This article presents a hierarchical model to support attack specification and event abstraction in distributed intrusion detection. The model involves three concepts: system view, signature, and view definition. A system view provides an abstract interface of a particular type of information; defined on the instances of system views, a signature specifies certain distributed attacks or events to be monitored; a view definition is then used to derive information from the matches of a signature and presents it through a system view. With the three elements, the model provides a hierarchical framework for maintaining signatures, system views, as well as event abstraction. As a benefit, the model allows generic signatures that can accommodate unknown variants of known attacks. Moreover, abstraction represented by a system view can be updated without changing either its specification or the signatures specified on its basis. This article then presents a decentralized method for autonomous but cooperative component systems to detect distributed attacks specified by signatures. Specifically, a signature is decomposed into finer units, called detection tasks, each of which represents the activity to be monitored on a component system. The component systems (involved in a signature) then perform the detection tasks cooperatively according to the "dependency" relationships among these tasks. An experimental system called CARDS has been implemented to test the feasibility of the proposed approach.