Towards a Taxonomy of Intrusion Detection Systems and Attacks

In recent years, an increasing number of intrusion-detection systems (IDSes) have become available [Sobire98]. This development has been driven, among other things, by the growing number of computer security incidents [CIN0799, Gross97, Howard97, Kumar95, LSMTTF98, Neuman98b, NeuPar89] which have highlighted the need for organizations to protect their networks against adversaries [Sundar96]. The issue of protecting networks and making them secure and reliable has been addressed in many publications, which have analyzed the problems and made pertinent recommendations [BeGlRa98, Neuman98]. Intrusion detection (ID) is widely regarded as being part of the solution for protecting today’s networks. However, by generating false alarms or not recognizing attacks, IDSes may fail. This, together with the fact that today’s networks are not only distributed but also highly heterogeneous, makes it desirable to deploy multiple instances of diverse IDSes in order to achieve adequate protection of such networks. Last but not least, an ID architecture embodying multiple IDSes has to achieve adequate compliance with an organization’s security policy and should itself be tolerant to intrusions. Project IST-1999-11583 Maliciousand Accidental-Fault Tolerance for Internet Applications Towards a Taxonomy of Intrusion Detection Systems and Attacks MAFTIA deliverable D3

[1]  Eric Miller,et al.  Testing and evaluating computer intrusion detection systems , 1999, CACM.

[2]  Elaine J. Weyuker,et al.  Collecting and categorizing software error data in an industrial environment , 2018, J. Syst. Softw..

[3]  Erland Jonsson,et al.  How to systematically classify computer security intrusions , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[4]  Hervé Debar,et al.  Building an Intrusion-Detection System to Detect Suspicious Process Behavior , 1999, Recent Advances in Intrusion Detection.

[5]  Donald E. Knuth,et al.  The errors of tex , 1989, Softw. Pract. Exp..

[6]  Rangaswamy Jagannathan,et al.  SYSTEM DESIGN DOCUMENT: NEXT-GENERATION INTRUSION DETECTION EXPERT SYSTEM (NIDES) , 1993 .

[7]  William Stallings Network and Internetwork Security: Principles and Practice , 1994 .

[8]  Aurobindo Sundaram,et al.  An introduction to intrusion detection , 1996, CROS.

[9]  Andrew Harrison Gross,et al.  Analyzing computer intrusions , 1998 .

[10]  Peter G. Neumann Illustrative risks to the public in the use of computer systems and related technology , 1992, SOEN.

[11]  Victor R. Basili,et al.  Software errors and complexity: an empirical investigation0 , 1984, CACM.

[12]  H. Kopetz,et al.  Dependability: Basic Concepts and Terminology , 1992, Dependable Computing and Fault-Tolerant Systems.

[13]  Stefan Axelsson,et al.  The base-rate fallacy and its implications for the difficulty of intrusion detection , 1999, CCS '99.

[14]  Hervé Debar,et al.  Intrusion Detection Exchange Format Data Model , 2000 .

[15]  Bill Cheswick,et al.  Firewalls and internet security - repelling the wily hacker , 2003, Addison-Wesley professional computing series.

[16]  P. K. Aditya,et al.  A Grammar Based Fault Classification Scheme and its Application to the Classification of the Errors , 1995 .

[17]  Richard Lippmann,et al.  Analysis and Results of the 1999 DARPA Off-Line Intrusion Detection Evaluation , 2000, Recent Advances in Intrusion Detection.

[18]  ManganarisStefanos,et al.  A data mining analysis of RTID alarms , 2000 .

[19]  Stephen Smalley,et al.  The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments , 2000 .

[20]  Paulo Veríssimo,et al.  The Delta-4 approach to dependability in open distributed computing systems , 1988, [1988] The Eighteenth International Symposium on Fault-Tolerant Computing. Digest of Papers.

[21]  Hervé Debar,et al.  A neural network component for an intrusion detection system , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[22]  Peter G. Neumann,et al.  Practical Architectures for Survivable Systems and Networks , 1999 .

[23]  Renaud Deraison,et al.  Nessus , 2003, login Usenix Mag..

[24]  David Icove,et al.  Computer crime - a crimefighter's handbook , 1995, Computer security.

[25]  Marc Dacier,et al.  Towards a taxonomy of intrusion-detection systems , 1999, Comput. Networks.

[26]  Marc Dacier,et al.  A Lightweight Tool for Detecting Web Server Attacks , 2000, NDSS.

[27]  Andrew S. Tanenbaum,et al.  Computer networks (3rd ed.) , 1996 .

[28]  Merriam-Webster Merriam-Webster's Collegiate Dictionary , 1998 .

[29]  Diego Zamboni,et al.  Data collection mechanisms for intrusion detection systems , 2000 .

[30]  J. Swannell The oxford modern english dictionary , 1992 .

[31]  Marc Dacier,et al.  Reference Model and Use Cases , 2000 .

[32]  Stefan Axelsson,et al.  Intrusion Detection Systems: A Survey and Taxonomy , 2002 .

[33]  Harold Joseph Highland,et al.  AIN'T misbehaving—A taxonomy of anti-intrusion techniques , 1995 .

[34]  Eugene H. Spafford,et al.  A Taxonomy of Common Computer Security Vulnerabilities Based on their Method of Detection , 1995 .

[35]  Eugene H. Spafford,et al.  The internet worm program: an analysis , 1989, CCRV.

[36]  E. Amoroso Intrusion Detection , 1999 .

[37]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[38]  Dominique Alessandri,et al.  Using Rule-Based Activity Descriptions to Evaluate Intrusion-Detection Systems , 2000, Recent Advances in Intrusion Detection.

[39]  Partha Dasgupta,et al.  The Clouds distributed operating system: functional description, implementation details and related work , 1988, [1988] Proceedings. The 8th International Conference on Distributed.

[40]  Klaus Julisch Dealing with False Positives in Intrusion Detection , 2000 .

[41]  David Powell,et al.  Failure mode assumptions and assumption coverage , 1992, [1992] Digest of Papers. FTCS-22: The Twenty-Second International Symposium on Fault-Tolerant Computing.

[42]  Kathleen A. Jackson INTRUSION DETECTION SYSTEM (IDS) PRODUCT SURVEY , 1999 .

[43]  Peter G. Neumann,et al.  Computer-related risks , 1994 .

[44]  Marc Dacier,et al.  A revised taxonomy for intrusion-detection systems , 2000, Ann. des Télécommunications.

[45]  Eugene H. Spafford,et al.  Using embedded sensors for detecting network attacks , 2000 .

[46]  J. Noelle McAuliffe,et al.  Is your computer being misused? A survey of current intrusion detection system technology , 1990, [1990] Proceedings of the Sixth Annual Computer Security Applications Conference.

[47]  John E. Dobson,et al.  Modelling real-world issues for dependable software , 1989 .

[48]  Marc Dacier,et al.  MAFTIA (Malicious− and Accidental− Fault Tolerance for Internet Applications , 2001 .

[49]  Andrew Hutchison,et al.  IDS/A: An Interface between Intrusion Detection System and Application , 2000 .

[50]  Eugene H. Spafford,et al.  Software vulnerability analysis , 1998 .

[51]  Eugene H. Spafford,et al.  Use of A Taxonomy of Security Faults , 1996 .

[52]  Dhiraj K. Pradhan,et al.  Consensus With Dual Failure Modes , 1991, IEEE Trans. Parallel Distributed Syst..

[53]  Ramez Elmasri,et al.  Fundamentals of Database Systems , 1989 .

[54]  R.K. Cunningham,et al.  Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[55]  John Mhugh The 1998 Lincoln Laboratory IDS evaluation : A critique , 2000 .

[56]  John D. Howard,et al.  An analysis of security incidents on the Internet 1989-1995 , 1998 .

[57]  Eugene H. Spafford,et al.  Computer Vulnerability Analysis , 1998 .

[58]  Marc Dacier,et al.  Intrusion Detection Using Variable-Length Audit Trail Patterns , 2000, Recent Advances in Intrusion Detection.

[59]  Carl E. Landwehr,et al.  A taxonomy of computer program security flaws , 1993, CSUR.

[60]  Sandeep Kumar,et al.  Classification and detection of computer intrusions , 1996 .

[61]  Algirdas Avizienis,et al.  Reliability analysis and architecture of a hybrid-redundant digital system: generalized triple modular redundancy with self-repair , 1970, AFIPS '70 (Spring).

[62]  Andrew S. Tanenbaum,et al.  Operating systems: design and implementation , 1987, Prentice-Hall software series.

[63]  Brian Randell,et al.  Protecting IT Systems from Cyber Crime , 1998, Comput. J..

[64]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[65]  Merriam Webster Merriam-Webster's Collegiate Dictionary , 2016 .

[66]  Frederick B. Cohen,et al.  Protection and Security on the Information Superhighway , 1995 .