A high-performance network intrusion detection system
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
The 1999 DARPA off-line intrusion detection evaluation
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
Synthesizing fast intrusion prevention/detection systems from high-level specifications
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Using Text Categorization Techniques for Intrusion Detection
Proceedings of the 11th USENIX Security Symposium
Web application security assessment by fault injection and behavior monitoring
WWW '03 Proceedings of the 12th international conference on World Wide Web
Formal Specification of Intrusion Signatures and Detection Rules
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Preventing race condition attacks on file-systems
Proceedings of the 2005 ACM symposium on Applied computing
A testing framework for Web application security assessment
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
Distributed intrusion detection in clusters based on non-interference
ACSW Frontiers '06 Proceedings of the 2006 Australasian workshops on Grid computing and e-research - Volume 54
Intrusion detection aware component-based systems: A specification-based framework
Journal of Systems and Software
A taxonomy of intrusion response systems
International Journal of Information and Computer Security
Intrusion Detection as Passive Testing: Linguistic Support with TTCN-3 (Extended Abstract)
DIMVA '07 Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Bridging the gap: software specification meets intrusion detector
Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
A testing framework for Web application security assessment
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
Application Data Consistency Checking for Anomaly Based Intrusion Detection
SSS '09 Proceedings of the 11th International Symposium on Stabilization, Safety, and Security of Distributed Systems
Introducing reference flow control for detecting intrusion symptoms at the OS level
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
On run-time enforcement of policies
ASIAN'07 Proceedings of the 12th Asian computing science conference on Advances in computer science: computer and network security
A distributed multi-approach intrusion detection system for web services
Proceedings of the 3rd international conference on Security of information and networks
Securing computerised models and data against integrity attacks
International Journal of Electronic Finance
Formal analysis of intrusion detection systems for high speed networks
ISPACT'10 Proceedings of the 9th WSEAS international conference on Advances in e-activities, information security and privacy
Evolutionary computation techniques for intrusion detection in mobile ad hoc networks
Computer Networks: The International Journal of Computer and Telecommunications Networking
On random-inspection-based intrusion detection
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
ICDCIT'04 Proceedings of the First international conference on Distributed Computing and Internet Technology
A survey of intrusion detection techniques for cyber-physical systems
ACM Computing Surveys (CSUR)
| Hi-index | 0.00 |
Specification-based intrusion detection, where manually specified program behavioral specifications are used as a basis to detect attacks, have been proposed as a promising alternative that combine the strengths of misuse detection (accurate detection of known attacks) and anomaly detection (ability to detect novel attacks). However, the question of whether this promise can be realized in practice has remained open. We answer this question in this paper, based on our experience in building a specification-based intrusion detection system and experimenting with it. Our experiments included the 1999 DARPA/AFRL online evaluation, as well as experiments conducted using 1999 DARPA/ Lincoln Labs offline evaluation data. These experiments show that an effective specification-based IDS can be developed with modest efforts. They also show that the specification-based techniques live up to their promise of detecting known as well as unknown attacks, while maintaining a very low rate of false positives.