Empirically derived analytic models of wide-area TCP connections
IEEE/ACM Transactions on Networking (TON)
Testing and evaluating computer intrusion detection systems
Communications of the ACM
The 1999 DARPA off-line intrusion detection evaluation
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
Intrusion Detection
Network Intrusion Detection: An Analyst's Handbook
Network Intrusion Detection: An Analyst's Handbook
Experience with EMERALD to Date
Proceedings of the Workshop on Intrusion Detection and Network Monitoring
Synthesizing fast intrusion prevention/detection systems from high-level specifications
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
A study in using neural networks for anomaly and misuse detection
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Dynamic analysis of security protocols
Proceedings of the 2000 workshop on New security paradigms
Specification-based anomaly detection: a new approach for detecting network intrusions
Proceedings of the 9th ACM conference on Computer and communications security
Multivariate Statistical Analysis of Audit Trails for Host-Based Intrusion Detection
IEEE Transactions on Computers
Accurately Detecting Source Code of Attacks That Increase Privilege
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Using DAML+OIL to classify intrusive behaviours
The Knowledge Engineering Review
Understanding when location-hiding using overlay networks is feasible
Computer Networks: The International Journal of Computer and Telecommunications Networking - Overlay distribution structures and their applications
CluVis: dual-domain visual exploration of cluster/network metadata
ACM-SE 45 Proceedings of the 45th annual southeast regional conference
Copilot - a coprocessor-based kernel runtime integrity monitor
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
A Case-Based Approach to Anomaly Intrusion Detection
MLDM '07 Proceedings of the 5th international conference on Machine Learning and Data Mining in Pattern Recognition
IDS Based on Bio-inspired Models
KES '07 Knowledge-Based Intelligent Information and Engineering Systems and the XVII Italian Workshop on Neural Networks on Proceedings of the 11th International Conference
WI-IAT '08 Proceedings of the 2008 IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology - Volume 02
A Regression Method to Compare Network Data and Modeling Data Using Generalized Additive Model
Information Security Applications
Attacks against computer network: formal grammar-based framework and simulation tool
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
A Framework for Large-Scale Detection of Web Site Defacements
ACM Transactions on Internet Technology (TOIT)
Network intrusion detection: dead or alive?
Proceedings of the 26th Annual Computer Security Applications Conference
Fusing intrusion data for detection and containment
MILCOM'03 Proceedings of the 2003 IEEE conference on Military communications - Volume II
Should security researchers experiment more and draw more inferences?
CSET'11 Proceedings of the 4th conference on Cyber security experimentation and test
Towards a requirements-driven framework for detecting malicious behavior against software systems
Proceedings of the 2011 Conference of the Center for Advanced Studies on Collaborative Research
Audit file reduction using n-gram models
FC'05 Proceedings of the 9th international conference on Financial Cryptography and Data Security
SVM based false alarm minimization scheme on intrusion prevention system
ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part V
Learning intrusion detection: supervised or unsupervised?
ICIAP'05 Proceedings of the 13th international conference on Image Analysis and Processing
WIND: workload-aware INtrusion detection
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
An application-level content generative model for network applications
Proceedings of the 5th International ICST Conference on Simulation Tools and Techniques
Case study: visualization and information retrieval techniques for network intrusion detection
EGVISSYM'01 Proceedings of the 3rd Joint Eurographics - IEEE TCVG conference on Visualization
Towards systematic signature testing
TestCom'07/FATES'07 Proceedings of the 19th IFIP TC6/WG6.1 international conference, and 7th international conference on Testing of Software and Communicating Systems
Performance analysis of wireless intrusion detection systems
IDCS'12 Proceedings of the 5th international conference on Internet and Distributed Computing Systems
CSS'12 Proceedings of the 4th international conference on Cyberspace Safety and Security
Divided two-part adaptive intrusion detection system
Wireless Networks
D0M-WLAN: a traffic analysis based approach for detecting malicious activities on wireless networks
Proceedings of the 6th International Conference on Security of Information and Networks
Infinite Dirichlet mixture models learning via expectation propagation
Advances in Data Analysis and Classification
Generating profile-based signatures for online intrusion and failure detection
Information and Software Technology
Hi-index | 0.00 |
Eight sites participated in the second DARPA off-line intrusion detection evaluation in 1999. Three weeks of training and two weeks of test data were generated on a test bed that emulates a small government site. More than 200 instances of 58 attack types were launched against victim UNIX and Windows NT hosts. False alarm rates were low (less than 10 per day). Best detection was provided by network-based systems for old probe and old denial-of-service (DoS) attacks and by host-based systems for Solaris user-to-root (U2R) attacks. Best overall performance would have been provided by a combined system that used both host- and network-based intrusion detection. Detection accuracy was poor for previously unseen new, stealthy, and Windows NT attacks. Ten of the 58 attack types were completely missed by all systems. Systems missed attacks because protocols and TCP services were not analyzed at all or to the depth required, because signatures for old attacks did not generalize to new attacks, and because auditing was not available on all hosts.