Experience with EMERALD to Date
Proceedings of the Workshop on Intrusion Detection and Network Monitoring
NetSTAT: A Network-Based Intrusion Detection Approach
ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
Statistical Traffic Modeling for Network Intrusion Detection
MASCOTS '00 Proceedings of the 8th International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems
A Sense of Self for Unix Processes
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
A study in using neural networks for anomaly and misuse detection
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Decentralized Event Correlation for Intrusion Detection
ICISC '01 Proceedings of the 4th International Conference Seoul on Information Security and Cryptology
Anomaly detection of web-based attacks
Proceedings of the 10th ACM conference on Computer and communications security
Conversation Exchange Dynamics for Real-Time Network Monitoring and Anomaly Detection
IWIA '04 Proceedings of the Second IEEE International Information Assurance Workshop (IWIA'04)
Measuring normality in HTTP traffic for anomaly-based intrusion detection
Computer Networks: The International Journal of Computer and Telecommunications Networking
Web tap: detecting covert web traffic
Proceedings of the 11th ACM conference on Computer and communications security
A multi-model approach to the detection of web-based attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
An auctioning reputation system based on anomaly
Proceedings of the 12th ACM conference on Computer and communications security
Protomatching network traffic for high throughputnetwork intrusion detection
Proceedings of the 13th ACM conference on Computer and communications security
Evading network anomaly detection systems: formal reasoning and practical techniques
Proceedings of the 13th ACM conference on Computer and communications security
Scalable network-based buffer overflow attack detection
Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
ANSS '06 Proceedings of the 39th annual Symposium on Simulation
Information sharing for distributed intrusion detection systems
Journal of Network and Computer Applications
Attack profiles to derive data observations, features, and characteristics of cyber attacks
Information-Knowledge-Systems Management
An overview of anomaly detection techniques: Existing solutions and latest technological trends
Computer Networks: The International Journal of Computer and Telecommunications Networking
Weighting versus pruning in rule validation for detecting network and host anomalies
Proceedings of the 13th ACM SIGKDD international conference on Knowledge discovery and data mining
Holistic VoIP intrusion detection and prevention system
Proceedings of the 1st international conference on Principles, systems and applications of IP telecommunications
Agent-oriented network intrusion detection system using data mining approaches
International Journal of Agent-Oriented Software Engineering
Monitoring SIP Traffic Using Support Vector Machines
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
A Self-learning System for Detection of Anomalous SIP Messages
Principles, Systems and Applications of IP Telecommunications. Services and Security for Next Generation Networks
Incorporation of Application Layer Protocol Syntax into Anomaly Detection
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
An architecture of unknown attack detection system against zero-day worm
ACS'08 Proceedings of the 8th conference on Applied computer scince
A method of run-time detecting DDos attacks
ICCOMP'08 Proceedings of the 12th WSEAS international conference on Computers
McPAD: A multiple classifier system for accurate payload-based anomaly detection
Computer Networks: The International Journal of Computer and Telecommunications Networking
Filtering False Positives Based on Server-Side Behaviors
IEICE - Transactions on Information and Systems
Proceedings of the International Conference on Advances in Computing, Communication and Control
ACM Computing Surveys (CSUR)
A multi-model approach to the detection of web-based attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
Using identity credential usage logs to detect anomalous service accesses
Proceedings of the 5th ACM workshop on Digital identity management
Adaptive Anomaly Detection via Self-calibration and Dynamic Updating
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Automated Behavioral Fingerprinting
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Accurate buffer overflow detection via abstract payload execution
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
WISA'06 Proceedings of the 7th international conference on Information security applications: PartI
PAID: packet analysis for anomaly intrusion detection
PAKDD'08 Proceedings of the 12th Pacific-Asia conference on Advances in knowledge discovery and data mining
A Framework for Large-Scale Detection of Web Site Defacements
ACM Transactions on Internet Technology (TOIT)
Payload modeling for network intrusion detection systems
MILCOM'09 Proceedings of the 28th IEEE conference on Military communications
Cyber-critical infrastructure protection using real-time payload-based anomaly detection
CRITIS'09 Proceedings of the 4th international conference on Critical information infrastructures security
Review: A survey on security issues in service delivery models of cloud computing
Journal of Network and Computer Applications
Efficient decision tree for protocol analysis in intrusion detection
International Journal of Security and Networks
Effective multimodel anomaly detection using cooperative negotiation
GameSec'10 Proceedings of the First international conference on Decision and game theory for security
A two-tier system for web attack detection using linear discriminant method
ICICS'10 Proceedings of the 12th international conference on Information and communications security
Summary-invisible networking: techniques and defenses
ISC'10 Proceedings of the 13th international conference on Information security
Classification of packet contents for malware detection
Journal in Computer Virology
A design of network traffic analysis and monitoring system for early warning system
ISPA'06 Proceedings of the 2006 international conference on Frontiers of High Performance Computing and Networking
The top ten cloud-security practices in next-generation networking
International Journal of Communication Networks and Distributed Systems
Detecting unknown network attacks using language models
DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment
Detection of unknown dos attacks by kolmogorov-complexity fluctuation
CISC'05 Proceedings of the First SKLOIS conference on Information Security and Cryptology
FPGA based intrusion detection system against unknown and known attacks
PRIMA'06 Proceedings of the 9th Pacific Rim international conference on Agent Computing and Multi-Agent Systems
A learning-based approach to the detection of SQL attacks
DIMVA'05 Proceedings of the Second international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
FLIPS: hybrid adaptive intrusion prevention
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
The multi-fractal nature of worm and normal traffic at individual source level
ISI'05 Proceedings of the 2005 IEEE international conference on Intelligence and Security Informatics
Finding peer-to-peer file-sharing using coarse network behaviors
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Anagram: a content anomaly detector resistant to mimicry attack
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Anomaly detection methods in wired networks: a survey and taxonomy
Computer Communications
CONFU: Configuration Fuzzing Testing Framework for Software Vulnerability Detection
International Journal of Secure Software Engineering
Service-independent payload analysis to improve intrusion detection in network traffic
AusDM '08 Proceedings of the 7th Australasian Data Mining Conference - Volume 87
Scalable fine-grained behavioral clustering of HTTP-based malware
Computer Networks: The International Journal of Computer and Telecommunications Networking
A novel approach to visualize web anomaly attacks in pervasive computing environment
The Journal of Supercomputing
A close look on n-grams in intrusion detection: anomaly detection vs. classification
Proceedings of the 2013 ACM workshop on Artificial intelligence and security
Discovery of emergent malicious campaigns in cellular networks
Proceedings of the 29th Annual Computer Security Applications Conference
Cross-domain privacy-preserving cooperative firewall optimization
IEEE/ACM Transactions on Networking (TON)
Semantic security against web application attacks
Information Sciences: an International Journal
| Hi-index | 0.00 |
The constant increase of attacks against networks and their resources (as recently shown by the CodeRed worm) causes a necessity to protect these valuable assets. Firewalls are now a common installation to repel intrusion attempts in the first place. Intrusion detection systems (IDS), which try to detect malicious activities instead of preventing them, offer additional protection when the first defense perimeter has been penetrated. ID systems attempt to pin down attacks by comparing collected data to predefined signatures known to be malicious (signature based) or to a model of legal behavior (anomaly based).Anomaly based systems have the advantage of being able to detect previously unknown attacks but they suffer from the difficulty to build a solid model of acceptable behavior and the high number of alarms caused by unusual but authorized activities. We present an approach that utilizes application specific knowledge of the network services that should be protected. This information helps to extend current, simple network traffic models to form an application model that allows to detect malicious content hidden in single network packets. We describe the features of our proposed model and present experimental data that underlines the efficiency of our systems.