The base-rate fallacy and its implications for the difficulty of intrusion detection
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
A requires/provides model for computer attacks
Proceedings of the 2000 workshop on New security paradigms
Specification-based anomaly detection: a new approach for detecting network intrusions
Proceedings of the 9th ACM conference on Computer and communications security
STATL: an attack language for state-based intrusion detection
Journal of Computer Security
Panoptis: intrusion detection using a domain-specific language
Journal of Computer Security
Multivariate Statistical Analysis of Audit Trails for Host-Based Intrusion Detection
IEEE Transactions on Computers
Fine-Grain Access Control for Securing Shared Resources in Computational Grids
IPDPS '02 Proceedings of the 16th International Parallel and Distributed Processing Symposium
System Health and Intrusion Monitoring Using a Hierarchy of Constraints
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
An Intrusion Detection System for Aglets
MA '02 Proceedings of the 6th International Conference on Mobile Agents
Proceedings of the 25th International Conference on Software Engineering
Anomaly detection of web-based attacks
Proceedings of the 10th ACM conference on Computer and communications security
Grid-computing portals and security issues
Journal of Parallel and Distributed Computing - Scalable web services and architecture
A specification-based intrusion detection system for AODV
Proceedings of the 1st ACM workshop on Security of ad hoc and sensor networks
Network Awareness for Mobile Agents on Ad Hoc Networks
AAMAS '04 Proceedings of the Third International Joint Conference on Autonomous Agents and Multiagent Systems - Volume 1
A Comprehensive Approach to Intrusion Detection Alert Correlation
IEEE Transactions on Dependable and Secure Computing
Secure Embedded Processing through Hardware-Assisted Run-Time Monitoring
Proceedings of the conference on Design, Automation and Test in Europe - Volume 1
LAD: Localization Anomaly Detection forWireless Sensor Networks
IPDPS '05 Proceedings of the 19th IEEE International Parallel and Distributed Processing Symposium (IPDPS'05) - Papers - Volume 01
Decentralized intrusion detection in wireless sensor networks
Proceedings of the 1st ACM international workshop on Quality of service & security in wireless and mobile networks
A multi-model approach to the detection of web-based attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
Automatic diagnosis and response to memory corruption vulnerabilities
Proceedings of the 12th ACM conference on Computer and communications security
Anomalous system call detection
ACM Transactions on Information and System Security (TISSEC)
Position: "insider" is relative
NSPW '05 Proceedings of the 2005 workshop on New security paradigms
Real-time data attack isolation for commercial database applications
Journal of Network and Computer Applications
Factor-analysis based anomaly detection and clustering
Decision Support Systems
Analyzing and evaluating dynamics in stide performance for intrusion detection
Knowledge-Based Systems
Intrusion detection aware component-based systems: A specification-based framework
Journal of Systems and Software
Watermarking techniques using the Drawing Exchange Format (DXF) file
MM&Sec '01 Proceedings of the 2001 workshop on Multimedia and security: new challenges
A System Architecture for Computer Intrusion Detection
Information-Knowledge-Systems Management
Towards security monitoring patterns
Proceedings of the 2007 ACM symposium on Applied computing
Detecting and countering system intrusions using software wrappers
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Storage-based intrusion detection: watching storage activity for suspicious behavior
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Detecting malicious java code using virtual machine auditing
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Intrusion Detection as Passive Testing: Linguistic Support with TTCN-3 (Extended Abstract)
DIMVA '07 Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Distributed Intrusion Detection Systems for Enhancing Security in Mobile Wireless Sensor Networks
International Journal of Distributed Sensor Networks - Advances on Heterogeneous Wireless Sensor Networks
Transparent Process Monitoring in a Virtual Environment
Electronic Notes in Theoretical Computer Science (ENTCS)
A multi-model approach to the detection of web-based attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
Storage-Based Intrusion Detection Using Artificial Immune Technique
ISICA '09 Proceedings of the 4th International Symposium on Advances in Computation and Intelligence
A modular architecture for distributed IDS in MANET
ICCSA'03 Proceedings of the 2003 international conference on Computational science and its applications: PartIII
A distributed monitoring system for enhancing security and dependability at architectural level
Architecting dependable systems IV
Swaddler: an approach for the anomaly-based detection of state violations in web applications
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Algebra for capability based attack correlation
WISTP'08 Proceedings of the 2nd IFIP WG 11.2 international conference on Information security theory and practices: smart devices, convergence and next generation networks
Storage-Based Intrusion Detection
ACM Transactions on Information and System Security (TISSEC)
Intrusion detection and security policy framework for distributed environments
CTS'05 Proceedings of the 2005 international conference on Collaborative technologies and systems
Formal analysis of intrusion detection systems for high speed networks
ISPACT'10 Proceedings of the 9th WSEAS international conference on Advances in e-activities, information security and privacy
Specification-based intrusion detection system for WiBro
ICHIT'11 Proceedings of the 5th international conference on Convergence and hybrid information technology
Using static program analysis to aid intrusion detection
DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment
Probabilistic inference strategy in distributed intrusion detection systems
ISPA'04 Proceedings of the Second international conference on Parallel and Distributed Processing and Applications
A specification-based intrusion detection model for OLSR
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
FAST'05 Proceedings of the Third international conference on Formal Aspects in Security and Trust
Mathematical and Computer Modelling: An International Journal
A systematic process-model-based approach for synthesizing attacks and evaluating them
EVT/WOTE'12 Proceedings of the 2012 international conference on Electronic Voting Technology/Workshop on Trustworthy Elections
Go with the flow: toward workflow-oriented security assessment
Proceedings of the 2013 workshop on New security paradigms workshop
| Hi-index | 0.00 |
Abstract: We describe a specification-based approach to detect exploitations of vulnerabilities in security-critical programs. The approach utilizes security specifications that describe the intended behavior of programs and scans audit trails for operations that are in violation of the specifications. We developed a formal framework for specifying the security-relevant behavior of programs, on which we based the design and implementation of a real-time intrusion detection system for a distributed system. Also, we wrote security specifications for 15 Unix setuid root programs. Our system detects attacks caused by monitored programs, including security violations caused by improper synchronization in distributed programs. Our approach encompasses attacks that exploit previously unknown vulnerabilities in security-critical programs.