State Transition Analysis: A Rule-Based Intrusion Detection Approach
IEEE Transactions on Software Engineering
Framework-based software development in C++
Framework-based software development in C++
Testing and evaluating computer intrusion detection systems
Communications of the ACM
The Ad Hoc on-demand distance-vector protocol
Ad hoc networking
Programming and Deploying Java Mobile Agents Aglets
Programming and Deploying Java Mobile Agents Aglets
STATL: an attack language for state-based intrusion detection
Journal of Computer Security
Implementing a Generalized Tool for Network Monitoring
LISA '97 Proceedings of the 11th Conference on Systems Administration
Designing a Web of Highly-Configurable Intrusion Detection Sensors
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Experience with EMERALD to Date
Proceedings of the Workshop on Intrusion Detection and Network Monitoring
NetSTAT: A Network-Based Intrusion Detection Approach
ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
USTAT: A Real-Time Intrusion Detection System for UNIX
SP '93 Proceedings of the 1993 IEEE Symposium on Security and Privacy
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
A Comprehensive Approach to Intrusion Detection Alert Correlation
IEEE Transactions on Dependable and Secure Computing
Anomalous system call detection
ACM Transactions on Information and System Security (TISSEC)
A formal approach to sensor placement and configuration in a network intrusion detection system
Proceedings of the 2006 international workshop on Software engineering for secure systems
A comparative evaluation of two algorithms for Windows Registry Anomaly Detection
Journal of Computer Security
Wireless and physical security via embedded sensor networks
WiSec '08 Proceedings of the first ACM conference on Wireless network security
Large-scale evaluation of distributed attack detection
Proceedings of the 2nd International Conference on Simulation Tools and Techniques
Algebra for capability based attack correlation
WISTP'08 Proceedings of the 2nd IFIP WG 11.2 international conference on Information security theory and practices: smart devices, convergence and next generation networks
In-depth behavior understanding and use: The behavior informatics approach
Information Sciences: an International Journal
Modeling a distributed intrusion detection system using collaborative building blocks
ACM SIGSOFT Software Engineering Notes
Using static program analysis to aid intrusion detection
DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment
Anomaly detection in computer security and an application to file system accesses
ISMIS'05 Proceedings of the 15th international conference on Foundations of Intelligent Systems
A WS-based infrastructure for integrating intrusion detection systems in large-scale environments
ODBASE'06/OTM'06 Proceedings of the 2006 Confederated international conference on On the Move to Meaningful Internet Systems: CoopIS, DOA, GADA, and ODBASE - Volume Part I
Using hidden markov models to evaluate the risks of intrusions
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
ESAS'06 Proceedings of the Third European conference on Security and Privacy in Ad-Hoc and Sensor Networks
Engineering self-protection for autonomous systems
FASE'06 Proceedings of the 9th international conference on Fundamental Approaches to Software Engineering
Model-driven, network-context sensitive intrusion detection
MODELS'07 Proceedings of the 10th international conference on Model Driven Engineering Languages and Systems
| Hi-index | 0.00 |
Intrusion detection systems are distributed applications that analyze the events in a networked system to identify malicious behavior. The analysis is performed using a number of attack models (or signatures) that are matched against a specific event stream. Intrusion detection systems may operate in heterogeneous environments, analyzing different types of event streams. Currently, intrusion detection systems and the corresponding attack modeling languages are developed following an ad hoc approach to match the characteristics of specific target environments. As the number of systems that have to be protected increases, this approach results in increased development effort. To overcome this limitation, we developed a framework, called STAT, that supports the development of new intrusion detection functionality in a modular fashion. The STAT framework can be extended following a well-defined process to implement intrusion detection systems tailored to specific environments, platforms, and event streams. The STAT framework is novel in the fact that the extension process also includes the extension of the attack modeling language. The resulting intrusion detection systems represent a software family whose members share common attack modeling features and the ability to reconfigure their behavior dynamically.