Calendar queues: a fast 0(1) priority queue implementation for the simulation event set problem
Communications of the ACM
Empirically derived analytic models of wide-area TCP connections
IEEE/ACM Transactions on Networking (TON)
A Methodology for Testing Intrusion Detection Systems
IEEE Transactions on Software Engineering
End-to-end Internet packet dynamics
SIGCOMM '97 Proceedings of the ACM SIGCOMM '97 conference on Applications, technologies, architectures, and protocols for computer communication
Implementing a Generalized Tool for Network Monitoring
LISA '97 Proceedings of the 11th Conference on Systems Administration
BPF+: exploiting global data-flow optimization in a generalized packet filter architecture
Proceedings of the conference on Applications, technologies, architectures, and protocols for computer communication
A high-performance network intrusion detection system
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
A framework for constructing features and models for intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
ADeLe: an attack description language for knowledge-based intrustion detection
Sec '01 Proceedings of the 16th international conference on Information security: Trusted information: the new decade challenge
Data mining aided signature discovery in network-based intrusion detection system
ACM SIGOPS Operating Systems Review
Specification-based anomaly detection: a new approach for detecting network intrusions
Proceedings of the 9th ACM conference on Computer and communications security
Toward cost-sensitive modeling for intrusion detection and response
Journal of Computer Security
STATL: an attack language for state-based intrusion detection
Journal of Computer Security
Panoptis: intrusion detection using a domain-specific language
Journal of Computer Security
A multimedia service composition scheme for ubiquitous networks
Journal of Network and Computer Applications
A Multiple Model Cost-Sensitive Approach for Intrusion Detection
ECML '00 Proceedings of the 11th European Conference on Machine Learning
A Data Mining and CIDF Based Approach for Detecting Novel and Distributed Intrusions
RAID '00 Proceedings of the Third International Workshop on Recent Advances in Intrusion Detection
BlueBoX: A policy-driven, host-based intrusion detection system
ACM Transactions on Information and System Security (TISSEC)
Learning nonstationary models of normal network traffic for detecting novel attacks
Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining
Internet intrusions: global characteristics and prevalence
SIGMETRICS '03 Proceedings of the 2003 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Log Auditing through Model-Checking
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Markov Chains, Classifiers, and Intrusion Detection
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Anomaly detection of web-based attacks
Proceedings of the 10th ACM conference on Computer and communications security
Learning Rules for Anomaly Detection of Hostile Network Traffic
ICDM '03 Proceedings of the Third IEEE International Conference on Data Mining
Network traffic anomaly detection based on packet bytes
Proceedings of the 2003 ACM symposium on Applied computing
Towards NIC-based intrusion detection
Proceedings of the ninth ACM SIGKDD international conference on Knowledge discovery and data mining
Measuring normality in HTTP traffic for anomaly-based intrusion detection
Computer Networks: The International Journal of Computer and Telecommunications Networking
On the difficulty of scalably detecting network attacks
Proceedings of the 11th ACM conference on Computer and communications security
Payload attribution via hierarchical bloom filters
Proceedings of the 11th ACM conference on Computer and communications security
Web tap: detecting covert web traffic
Proceedings of the 11th ACM conference on Computer and communications security
LISA '98 Proceedings of the 12th USENIX conference on System administration
A Comprehensive Approach to Intrusion Detection Alert Correlation
IEEE Transactions on Dependable and Secure Computing
Defending Distributed Systems Against Malicious Intrusions and Network Anomalies
IPDPS '05 Proceedings of the 19th IEEE International Parallel and Distributed Processing Symposium (IPDPS'05) - Workshop 17 - Volume 18
Greynets: a definition and evaluation of sparsely populated darknets
Proceedings of the 2005 ACM SIGCOMM workshop on Mining network data
Decentralized intrusion detection in wireless sensor networks
Proceedings of the 1st ACM international workshop on Quality of service & security in wireless and mobile networks
A multi-model approach to the detection of web-based attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
An Active Splitter Architecture for Intrusion Detection and Prevention
IEEE Transactions on Dependable and Secure Computing
Anomalous system call detection
ACM Transactions on Information and System Security (TISSEC)
Average case vs. worst case: margins of safety in system design
NSPW '05 Proceedings of the 2005 workshop on New security paradigms
Probabilistic anomaly detection in distributed computer networks
Science of Computer Programming
binpac: a yacc for writing application protocol parsers
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Protecting mobile devices from TCP flooding attacks
Proceedings of first ACM/IEEE international workshop on Mobility in the evolving internet architecture
Detecting distributed scans using high-performance query-driven visualization
Proceedings of the 2006 ACM/IEEE conference on Supercomputing
Network Intrusion Detection: Automated and Manual Methods Prone to Attack and Evasion
IEEE Security and Privacy
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Tracking the role of adversaries in measuring unwanted traffic
SRUTI'06 Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet - Volume 2
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Storage-based intrusion detection: watching storage activity for suspicious behavior
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Improving host security with system call policies
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
An architecture for generating semantics-aware signatures
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Hybrid Intrusion Detection with Weighted Signature Generation over Anomalous Internet Episodes
IEEE Transactions on Dependable and Secure Computing
Data mining approaches for intrusion detection
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Pandora: a flexible network monitoring platform
ATEC '00 Proceedings of the annual conference on USENIX Annual Technical Conference
Transaction-based anomaly detection
ID'99 Proceedings of the 1st conference on Workshop on Intrusion Detection and Network Monitoring - Volume 1
Weighting versus pruning in rule validation for detecting network and host anomalies
Proceedings of the 13th ACM SIGKDD international conference on Knowledge discovery and data mining
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
A user-oriented ontology-based approach for network intrusion detection
Computer Standards & Interfaces
Dependable security: testing network intrusion detection systems
HotDep'07 Proceedings of the 3rd workshop on on Hot Topics in System Dependability
NetADHICT: a tool for understanding network traffic
LISA'07 Proceedings of the 21st conference on Large Installation System Administration Conference
Syntax vs. semantics: competing approaches to dynamic network intrusion detection
International Journal of Security and Networks
SpyProxy: execution-based detection of malicious web content
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
BotHunter: detecting malware infection through IDS-driven dialog correlation
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
LISABETH: automated content-based signature generator for zero-day polymorphic worms
Proceedings of the fourth international workshop on Software engineering for secure systems
Gnort: High Performance Network Intrusion Detection Using Graphics Processors
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
On the Limits of Payload-Oblivious Network Attack Detection
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Incorporation of Application Layer Protocol Syntax into Anomaly Detection
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
A Parallel Architecture for Stateful, High-Speed Intrusion Detection
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
Fast packet classification for Snort by native compilation of rules
LISA'08 Proceedings of the 22nd conference on Large installation system administration conference
Profiling and identification of P2P traffic
Computer Networks: The International Journal of Computer and Telecommunications Networking
Scan Surveillance in Internet Networks
NETWORKING '09 Proceedings of the 8th International IFIP-TC 6 Networking Conference
Fast Packet Classification Using Condition Factorization
ACNS '09 Proceedings of the 7th International Conference on Applied Cryptography and Network Security
Entropy based adaptive flow aggregation
IEEE/ACM Transactions on Networking (TON)
The user is not the enemy: fighting malware by tracking user intentions
Proceedings of the 2008 workshop on New security paradigms
An adaptive approach to granular real-time anomaly detection
EURASIP Journal on Advances in Signal Processing - Special issue on signal processing applications in network intrusion detection systems
A scalable multi-core aware software architecture for high-performance network monitoring
Proceedings of the 2nd international conference on Security of information and networks
A multi-model approach to the detection of web-based attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
Regular Expression Matching on Graphics Hardware for Intrusion Detection
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
DROP: Detecting Return-Oriented Programming Malicious Code
ICISS '09 Proceedings of the 5th International Conference on Information Systems Security
Design of effective anti-malware system for mobile industrial devices based on windows CE
ICACT'09 Proceedings of the 11th international conference on Advanced Communication Technology - Volume 3
An overview of network evasion methods
Information Security Tech. Report
Applying Kernel methods to anomaly based intrusion detection systems
GIIS'09 Proceedings of the Second international conference on Global Information Infrastructure Symposium
Proceedings of the International Conference and Workshop on Emerging Trends in Technology
MIRA: a distributed and scalable WAN/LAN real-time measurement platform
QofIS'02/ICQT'02 Proceedings of the 3rd international conference on quality of future internet services and internet charging and QoS technologies 2nd international conference on From QoS provisioning to QoS charging
Attacks against computer network: formal grammar-based framework and simulation tool
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Lightweight anomaly intrusion detection in wireless sensor networks
PAISI'07 Proceedings of the 2007 Pacific Asia conference on Intelligence and security informatics
A hybrid, stateful and cross-protocol intrusion detection system for converged applications
OTM'07 Proceedings of the 2007 OTM confederated international conference on On the move to meaningful internet systems: CoopIS, DOA, ODBASE, GADA, and IS - Volume Part II
A reactive measurement framework
PAM'08 Proceedings of the 9th international conference on Passive and active network measurement
Hybrid intrusion detection system for wireless sensor networks
ICCSA'07 Proceedings of the 2007 international conference on Computational science and Its applications - Volume Part II
Policy-based security configuration management application to intrusion detection and prevention
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
CSET'09 Proceedings of the 2nd conference on Cyber security experimentation and test
Toward instrumenting network warfare competitions to generate labeled datasets
CSET'09 Proceedings of the 2nd conference on Cyber security experimentation and test
Inference and analysis of formal models of botnet command and control protocols
Proceedings of the 17th ACM conference on Computer and communications security
Network traffic characteristics of data centers in the wild
IMC '10 Proceedings of the 10th ACM SIGCOMM conference on Internet measurement
OverCourt: DDoS mitigation through credit-based traffic segregation and path migration
Computer Communications
Storage-Based Intrusion Detection
ACM Transactions on Information and System Security (TISSEC)
Cyber-critical infrastructure protection using real-time payload-based anomaly detection
CRITIS'09 Proceedings of the 4th international conference on Critical information infrastructures security
Semi-supervised learning for false alarm reduction
ICDM'10 Proceedings of the 10th industrial conference on Advances in data mining: applications and theoretical aspects
The use of artificial intelligence based techniques for intrusion detection: a review
Artificial Intelligence Review
Automatic discovery of parasitic malware
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Markov anomaly modeling for trust management in variable threat environments
Proceedings of the 48th Annual Southeast Regional Conference
Network intrusion detection: dead or alive?
Proceedings of the 26th Annual Computer Security Applications Conference
Selective regular expression matching
ISC'10 Proceedings of the 13th international conference on Information security
Can network characteristics detect spam effectively in a stand-alone enterprise?
PAM'11 Proceedings of the 12th international conference on Passive and active measurement
A comparative study of handheld and non-handheld traffic in campus Wi-Fi networks
PAM'11 Proceedings of the 12th international conference on Passive and active measurement
Towards vulnerability-based intrusion detection with event processing
Proceedings of the 5th ACM international conference on Distributed event-based system
Learning web application firewall - benefits and caveats
ARES'11 Proceedings of the IFIP WG 8.4/8.9 international cross domain conference on Availability, reliability and security for business, enterprise and health information systems
Session-based classification of internet applications in 3G wireless networks
Computer Networks: The International Journal of Computer and Telecommunications Networking
MIDeA: a multi-parallel intrusion detection architecture
Proceedings of the 18th ACM conference on Computer and communications security
GQ: practical containment for measuring modern malware systems
Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference
Analysis of neural networks usage for detection of a new attack in IDS
Annales UMCS, Informatica
The middlebox manifesto: enabling innovation in middlebox deployment
Proceedings of the 10th ACM Workshop on Hot Topics in Networks
FORECAST: skimming off the malware cream
Proceedings of the 27th Annual Computer Security Applications Conference
Nexat: a history-based approach to predict attacker actions
Proceedings of the 27th Annual Computer Security Applications Conference
A high-performance and scalable multi-core aware software solution for network monitoring
The Journal of Supercomputing
Using static program analysis to aid intrusion detection
DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment
Detecting unknown network attacks using language models
DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment
Probabilistic inference strategy in distributed intrusion detection systems
ISPA'04 Proceedings of the Second international conference on Parallel and Distributed Processing and Applications
An electronic reconfigurable neural architecture for intrusion detection
IWINAC'05 Proceedings of the First international work-conference on the Interplay Between Natural and Artificial Computation conference on Artificial Intelligence and Knowledge Engineering Applications: a bioinspired approach - Volume Part II
METAL – a tool for extracting attack manifestations
DIMVA'05 Proceedings of the Second international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Polymorphic worm detection using structural information of executables
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Anomaly internet network traffic detection by kernel principle component classifier
ISNN'05 Proceedings of the Second international conference on Advances in Neural Networks - Volume Part III
Effective discovery of intrusion protection strategies
AIS-ADM 2005 Proceedings of the 2005 international conference on Autonomous Intelligent Systems: agents and Data Mining
Port scan behavior diagnosis by clustering
ICICS'05 Proceedings of the 7th international conference on Information and Communications Security
HTTPHunting: an IBR approach to filtering dangerous HTTP Traffic
ICDM'06 Proceedings of the 6th Industrial Conference on Data Mining conference on Advances in Data Mining: applications in Medicine, Web Mining, Marketing, Image and Signal Mining
Enhancing network intrusion detection with integrated sampling and filtering
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
DDoS defense mechanisms: a new taxonomy
DPM'09/SETOP'09 Proceedings of the 4th international workshop, and Second international conference on Data Privacy Management and Autonomous Spontaneous Security
Indices of power in optimal IDS default configuration: theory and examples
GameSec'11 Proceedings of the Second international conference on Decision and Game Theory for Security
Enhanced network traffic anomaly detector
ICDCIT'05 Proceedings of the Second international conference on Distributed Computing and Internet Technology
Cross-Domain collaborative anomaly detection: so far yet so close
RAID'11 Proceedings of the 14th international conference on Recent Advances in Intrusion Detection
Local system security via SSHD instrumentation
LISA'11 Proceedings of the 25th international conference on Large Installation System Administration
Using active intrusion detection to recover network trust
LISA'11 Proceedings of the 25th international conference on Large Installation System Administration
Design and implementation of a consolidated middlebox architecture
NSDI'12 Proceedings of the 9th USENIX conference on Networked Systems Design and Implementation
Intrusion detection techniques and approaches
Computer Communications
Building agents for rule-based intrusion detection system
Computer Communications
An economic modelling approach to information security risk management
International Journal of Information Management: The Journal for Information Professionals
Towards automatic assembly of privacy-preserved intrusion signatures
TrustBus'07 Proceedings of the 4th international conference on Trust, Privacy and Security in Digital Business
xOMB: extensible open middleboxes with commodity servers
Proceedings of the eighth ACM/IEEE symposium on Architectures for networking and communications systems
New opportunities for load balancing in network-wide intrusion detection systems
Proceedings of the 8th international conference on Emerging networking experiments and technologies
Revisiting network scanning detection using sequential hypothesis testing
Security and Communication Networks
Fine-grained fault tolerance using device checkpoints
Proceedings of the eighteenth international conference on Architectural support for programming languages and operating systems
Detection of fast flux service networks
AISC '11 Proceedings of the Ninth Australasian Information Security Conference - Volume 116
Overcoming performance collapse for 100Gbps cyber security
Proceedings of the first workshop on Changing landscapes in HPC security
Next stop, the cloud: understanding modern web service deployment in EC2 and azure
Proceedings of the 2013 conference on Internet measurement conference
On the benefits of using a large IXP as an internet vantage point
Proceedings of the 2013 conference on Internet measurement conference
POSTER: BotFlex: a community-driven tool for botnetdetection
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Protocol misidentification made easy with format-transforming encryption
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
ANCS '13 Proceedings of the ninth ACM/IEEE symposium on Architectures for networking and communications systems
Computer Networks: The International Journal of Computer and Telecommunications Networking
Genetic algorithm for effective open port selection for a web filter
Personal and Ubiquitous Computing
| Hi-index | 0.00 |
We describe Bro, a stand-alone system for detecting network intruders in real-time by passively monitoring a network link over which the intruder's traffic transits. We give an overview of the system's design, which emphasizes high-speed (FDDI-rate) monitoring, real-time notification, clear separation between mechanism and policy, and extensibility. To achieve these ends, Bro is divided into an "event engine" that reduces a kernel-filtered network traffic stream into a series of higher-level events, and a "policy script interpreter" that interprets event handlers written in a specialized language used to express a site's security policy. Event handlers can update state information, synthesize new events, record information to disk, and generate real-time notifications via syslog. We also discuss a number of attacks that attempt to subvert passive monitoring systems and defenses against these, and give particulars of how Bro analyzes the four applications integrated into it so far: Finger, FTP, Portmapper and Telnet. The system is publicly available in source code form.