Revisiting Anomaly-based Network Intrusion Detection Systems

Intrusion detection systems (IDSs) are well-known and widely-deployed security tools to detect cyber-attacks and malicious activities in computer systems and networks. A signature-based IDS works similar to anti-virus software. It employs a signature database of known attacks, and a successful match with current input raises an alert. A signature-based IDS cannot detect unknown attacks, either because the database is out of date or because no signature is available yet. To overcome this limitation, researchers have been developing anomaly-based IDSs. An anomaly-based IDS works by building a model of normal data/usage patterns during a training phase, then it compares new inputs to the model (using a similarity metric). A significant deviation is marked as an anomaly. An anomaly-based IDS is able to detect previously unknown, or modifications of well-known, attacks as soon as they take place (i.e., so called zero-day attacks) and targeted attacks. Cyber-attacks and breaches of information security appear to be increasing in frequency and impact. Signature-based IDSs are likely to miss an increasingly number of attack attempts, as cyber-attacks diversify. Thus, one would expect a large number of anomalybased IDSs to have been deployed to detect the newest disruptive attacks. However, most IDSs in use today are still signature-based, and few anomaly-based IDSs have been deployed in production environments. Up to now a signature-based IDS has been easier to implement and simpler to configure and maintain than an anomaly-based IDS, i.e., it is easier and less expensive to use. We see in these limitations the main reason why anomaly-based systems have not been widely deployed, despite research that has been conducted for more than a decade. To address these limitations we have developed SilentDefense, a comprehensive anomaly-based intrusion detection architecture that outperforms competitors not only in terms of attack detection and false alert rates, but it reduces the user effort as well. SilentDefense is the first systematic attempt to develop an anomaly-based intrusion detection system with a high degree of usability.

[1]  Hajime Inoue,et al.  Comparing Anomaly Detection Techniques for HTTP , 2007, RAID.

[2]  Pieter H. Hartel,et al.  POSEIDON: a 2-tier anomaly-based network intrusion detection system , 2006, Fourth IEEE International Workshop on Information Assurance (IWIA'06).

[3]  Sandro Etalle,et al.  ATLANTIDES: An Architecture for Alert Verification in Network Intrusion Detection Systems , 2007, LISA.

[4]  EM Elena Bortnik,et al.  Formal methods in support of SMC design , 2008 .

[5]  Richard Lippmann,et al.  The 1999 DARPA off-line intrusion detection evaluation , 2000, Comput. Networks.

[6]  Henning Fernau,et al.  Algorithms for Learning Regular Expressions , 2005, ALT.

[7]  Marc Dacier,et al.  A Lightweight Tool for Detecting Web Server Attacks , 2000, NDSS.

[8]  Chris Clifton,et al.  Developing custom intrusion detection filters using data mining , 2000, MILCOM 2000 Proceedings. 21st Century Military Communications. Architectures and Technologies for Information Superiority (Cat. No.00CH37155).

[9]  B. Karp,et al.  Autograph: Toward Automated, Distributed Worm Signature Detection , 2004, USENIX Security Symposium.

[10]  Robert K. Cunningham,et al.  Fusing A Heterogeneous Alert Stream Into Scenarios , 2002, Applications of Data Mining in Computer Security.

[11]  Niels Provos,et al.  A Virtual Honeypot Framework , 2004, USENIX Security Symposium.

[12]  Jasen Markovski,et al.  Real and stochastic time in process algebras for performance evaluation , 2008 .

[13]  Stefan Axelsson,et al.  The base-rate fallacy and the difficulty of intrusion detection , 2000, TSEC.

[14]  Jeroen Eggermont,et al.  Data Mining using Genetic Programming : Classification and Symbolic Regression , 2005 .

[15]  Philip K. Chan,et al.  Learning nonstationary models of normal network traffic for detecting novel attacks , 2002, KDD.

[16]  Raluca Marin-Perianu,et al.  Wireless Sensor Networks in Motion - Clustering Algorithms for Service Discovery and Provisioning , 2008 .

[17]  H.M.A. van Beek,et al.  Specification and analysis of Internet applications , 2005 .

[18]  Gabriele Lenzini,et al.  Integration of Analysis Techniques in Security and Fault-Tolerance , 2005 .

[19]  James Cannady,et al.  Artificial Neural Networks for Misuse Detection , 1998 .

[20]  R. Boumen,et al.  Integration and test plans for complex manufacturing systems , 2007 .

[21]  Martijn van Veelen,et al.  Considerations on modeling for early detection of abnormalities in locally autonomous distributed systems , 2007 .

[22]  Pascal van Eck,et al.  Understanding and Specifying Information Security Needs to Support the Delivery of High Quality Security Services , 2007, The International Conference on Emerging Security Information, Systems, and Technologies (SECUREWARE 2007).

[23]  Giovanni Vigna,et al.  Swaddler: An Approach for the Anomaly-Based Detection of State Violations in Web Applications , 2007, RAID.

[24]  Ricardo Corin,et al.  Analysis Models for Security Protocols , 2006 .

[25]  Klaus Julisch,et al.  Data Mining for Intrusion Detection , 2002, Applications of Data Mining in Computer Security.

[26]  Sandro Etalle,et al.  Approaches in Anomaly-based Network Intrusion Detection Systems , 2008 .

[27]  T. van der Storm Component-based configuration, integration and delivery , 2003 .

[28]  Peng Ning,et al.  Analyzing Intensive Intrusion Alerts via Correlation , 2002, RAID.

[29]  Pascal van Eck,et al.  A Business Goal Driven Approach for Understanding and Specifying Information Security Requirements , 2006, ArXiv.

[30]  Cannady,et al.  Next Generation Intrusion Detection: Autonomous Reinforcement Learning of Network Attacks , 2000 .

[31]  Rebecca Gurley Bace,et al.  Intrusion Detection , 2018, Encyclopedia of Social Network Analysis and Mining. 2nd Ed..

[32]  Eelco Dolstra,et al.  The purely functional software deployment model , 2006 .

[33]  Aad Mathssen,et al.  Logical Calculi for Reasoning with Binding , 2008 .

[34]  M. Torabi Dashti,et al.  Keeping Fairness Alive : Design and formal verification of optimistic fair exchange protocols , 2008 .

[35]  Stuart Staniford-Chen,et al.  Practical Automated Detection of Stealthy Portscans , 2002, J. Comput. Secur..

[36]  Peng Ning,et al.  An Intrusion Alert Correlator Based on Prerequisites of Intrusions , 2002 .

[37]  Klaus Julisch,et al.  Clustering intrusion detection alarms to support root cause analysis , 2003, TSEC.

[38]  Pascal Durr,et al.  Resource-based Verification for Robust Composition of Aspects , 2008 .

[39]  Sushil Jajodia,et al.  ADAM: Detecting Intrusions by Data Mining , 2001 .

[40]  Goran Frehse,et al.  Compositional verification of hybrid systems using simulation relations , 2005 .

[41]  Iris Loeb Natural Deduction, Sharing By Presentation , 2007 .

[42]  Harold S. Javitz,et al.  The NIDES Statistical Component Description and Justification , 1994 .

[43]  Marius Adrian Marin,et al.  An Integrated System to Manage Crosscutting Concerns in Source Code , 2008 .

[44]  Daniel V. Klein Defending Against the Wily Surfer-Web-based Attacks and Defenses , 1999, Workshop on Intrusion Detection and Network Monitoring.

[45]  A. L. de Groot,et al.  Practical Automaton proofs in PVS , 2000 .

[46]  Miguel Castro,et al.  Vigilante: end-to-end containment of internet worms , 2005, SOSP '05.

[47]  Cjf Cas Cremers Scyther : semantics and verification of security protocols , 2006 .

[48]  Tim Berners-Lee,et al.  Hypertext transfer protocol--http/i , 1993 .

[49]  Graham J. Williams,et al.  On-Line Unsupervised Outlier Detection Using Finite Mixtures with Discounting Learning Algorithms , 2000, KDD '00.

[50]  Jakob Nielsen,et al.  Usability engineering , 1997, The Computer Science and Engineering Handbook.

[51]  Karina R. Olmos Joffré Strategies for Context Sensitive Program Transformation , 2009 .

[52]  Salvatore J. Stolfo,et al.  Anomalous Payload-Based Worm Detection and Signature Generation , 2005, RAID.

[53]  B. Gebremichael-Tesfagiorgis,et al.  Expressivity of Timed Automata Models , 2006 .

[54]  Bastiaan Heeren,et al.  Top quality type error Messages , 2005 .

[55]  Marcel Verhoef,et al.  Modeling and validating distributed embedded real-time control systems , 2009 .

[56]  J. Ketema,et al.  Bohm-Like Trees for Rewriting , 2006 .

[57]  Cfj Christian Lange,et al.  Assessing and improving the quality of modeling : a series of empirical studies about the UML , 2007 .

[58]  Sergio M. Savaresi,et al.  Unsupervised learning techniques for an intrusion detection system , 2004, SAC '04.

[59]  Robert Radvanovsky Supervisory Control and Data Acquisition (SCADA) , 2006 .

[60]  A Adam Koprowski,et al.  Termination of rewriting and its certification , 2004 .

[61]  Salvatore J. Stolfo,et al.  Toward Cost-Sensitive Modeling for Intrusion Detection and Response , 2002, J. Comput. Secur..

[62]  Hervé Debar,et al.  Aggregation and Correlation of Intrusion-Detection Alerts , 2001, Recent Advances in Intrusion Detection.

[63]  Ileana Buhan,et al.  Cryptographic keys from noisy data, theory and applications , 2008 .

[64]  Stephen D. Bay,et al.  The UCI KDD archive of large data sets for data mining research and experimentation , 2000, SKDD.

[65]  Herbert Bos,et al.  Argos: an emulator for fingerprinting zero-day attacks for advertised honeypots with automatic signature generation , 2006, EuroSys.

[66]  Martijn Hendriks,et al.  Model checking timed automata : techniques and applications , 2006 .

[67]  Philip K. Chan,et al.  An Analysis of the 1999 DARPA/Lincoln Laboratory Evaluation Data for Network Anomaly Detection , 2003, RAID.

[68]  E Elena Mumford,et al.  Drawing graphs for cartographic applications , 2008 .

[69]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[70]  Christopher Krügel,et al.  Alert Verification Determining the Success of Intrusion Attempts , 2004, DIMVA.

[71]  Ana Sokolova,et al.  Coalgebraic analysis of probabilistic systems , 2005 .

[72]  Charles E. Kahn,et al.  A common intrusion detection framework , 2000 .

[73]  C.-B. Breunesse On JML: topics in tool-assisted verification of Java programs , 2006 .

[74]  Michel Lemoine,et al.  Managing (requirements) evolutions of high assurance systems , 2002, Proceedings IEEE Joint International Conference on Requirements Engineering.

[75]  Marc Dacier,et al.  Towards a taxonomy of intrusion-detection systems , 1999, Comput. Networks.

[76]  R.K. Cunningham,et al.  Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[77]  Sandro Etalle,et al.  Model-Based Mitigation of Availability Risks , 2007, 2007 2nd IEEE/IFIP International Workshop on Business-Driven IT Management.

[78]  Wolter Pieters,et al.  La volonté machinale: understanding the electronic voting controversy , 2008 .

[79]  U Uzma Khadim,et al.  Process algebras for hybrid systems : comparison and development , 2008 .

[80]  Christopher Krügel,et al.  Service specific anomaly detection for network intrusion detection , 2002, SAC '02.

[81]  Salvatore J. Stolfo,et al.  Anomalous Payload-Based Network Intrusion Detection , 2004, RAID.

[82]  G. Rozenberg,et al.  Effective models for the structure of ð-calculus processes with replication , 2001 .

[83]  James Newsome,et al.  Polygraph: automatically generating signatures for polymorphic worms , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[84]  Stephanie Forrest,et al.  Learning DFA representations of HTTP for protecting web applications , 2007, Comput. Networks.

[85]  D. Graaf,et al.  Mining semi-structured data, theoretical and experimental aspects of pattern evaluation , 2008 .

[86]  Robert K. Cunningham,et al.  The 1998 DARPA/AFRL Off-line Intrusion Detection Evaluation , 1998 .

[87]  H. Zimmermann,et al.  OSI Reference Model - The ISO Model of Architecture for Open Systems Interconnection , 1980, IEEE Transactions on Communications.

[88]  Robert Brijder,et al.  Models of natural computation : gene assembly and membrane systems , 2008 .

[89]  Peng Ning,et al.  Constructing attack scenarios through correlation of intrusion alerts , 2002, CCS '02.

[90]  Gao Design and verification of lock-free parallel algorithms , 2005 .

[91]  Kasia Muldner,et al.  The challenges of using an intrusion detection system: is it worth the effort? , 2008, SOUPS '08.

[92]  John D. Howard,et al.  An analysis of security incidents on the Internet 1989-1995 , 1998 .

[93]  Jeroen Doumen,et al.  Searching in encrypted data , 2004 .

[94]  T. D. Vu,et al.  Semantics and applications of process and program algebra , 2007 .

[95]  Laura Brandán Briones,et al.  Theories for Model-based Testing: Real-time and Coverage , 2007 .

[96]  G Giovanni Russello,et al.  Separation and adaptation of concerns in a shared data space , 2006 .

[97]  Salvatore J. Stolfo,et al.  Spectrogram: A Mixture-of-Markov-Chains Model for Anomaly Detection in Web Traffic , 2009, NDSS.

[98]  Ka Lok Man,et al.  Formal specification and analysis of hybrid systems , 2006 .

[99]  Anton Wijs,et al.  What to do next? Analysing and optimising system behaviour in time , 2007 .

[100]  Salvatore J. Stolfo,et al.  A framework for constructing features and models for intrusion detection systems , 2000, TSEC.

[101]  Giovanni Vigna,et al.  Testing network-based intrusion detection signatures using mutant exploits , 2004, CCS '04.

[102]  Paolo Tonella,et al.  Analysis and testing of Web applications , 2001, Proceedings of the 23rd International Conference on Software Engineering. ICSE 2001.

[103]  Pieter H. Hartel,et al.  Panacea: Automating Attack Classification for Anomaly-Based Network Intrusion Detection Systems , 2009, RAID.

[104]  Hasan Sözer,et al.  Architecting Fault-Tolerant Software Systems , 2009 .

[105]  Salvatore J. Stolfo,et al.  Data Mining Approaches for Intrusion Detection , 1998, USENIX Security Symposium.

[106]  Guofei Gu,et al.  Worm detection, early warning and response based on local victim information , 2004, 20th Annual Computer Security Applications Conference.

[107]  Ray Hunt,et al.  A taxonomy of network and computer attacks , 2005, Comput. Secur..

[108]  P. Zoeteweij,et al.  Composing constraint solvers , 2005 .

[109]  Peter Verbaan,et al.  The Computational Complexity of Evolving Systems , 2006 .

[110]  Klaus Julisch,et al.  Mining alarm clusters to improve alarm handling efficiency , 2001, Seventeenth Annual Computer Security Applications Conference.

[111]  Wenke Lee,et al.  Polymorphic Blending Attacks , 2006, USENIX Security Symposium.

[112]  Anton Wijs,et al.  Silent steps in transition systems and Markov chains , 2007 .

[113]  H. Hansen Coalgebraic Modelling : Applications in Automata theory and Modal logic , 2009 .

[114]  Atze Dijkstra Stepping through Haskell , 2000 .

[115]  Marc Dacier,et al.  A revised taxonomy for intrusion-detection systems , 2000, Ann. des Télécommunications.

[116]  Kurt Hornik,et al.  The support vector machine under test , 2003, Neurocomputing.

[117]  A. J. Markvoort Towards hybrid molecular simulations , 2006 .

[118]  Gürcan Gülesir,et al.  Evolvable Behavior Specifications Using Context-Sensitive Wildcards , 2008 .

[119]  J. van den Berg,et al.  Reasoning about Java programs in PVS using JML , 2009 .

[120]  Stefan Axelsson,et al.  Intrusion Detection Systems: A Survey and Taxonomy , 2002 .

[121]  Wenke Lee,et al.  A Data Mining Framework for Constructing Features and Models for Intrusion Detection Systems , 1999 .

[122]  Magiel Bruntink,et al.  Renovation of idiomatic crosscutting concerns in embedded systems , 2005 .

[123]  David A. Wagner,et al.  Intrusion detection via static analysis , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[124]  Ichiro Hasuo,et al.  Tracing Anonymity with Coalgebras , 2008 .

[125]  Van Trees,et al.  Detection, estimation, and linear modulation theory , 1968 .

[126]  Nikolay Kavaldjiev,et al.  A run-time reconfigurable Network-on-Chip for streaming DSP applications , 2006 .

[127]  Juan Visente Guillen Scholten,et al.  Mobile Channels for Exogenous Coordination of Distributed Systems: Semantics, Implementation and Composition , 2007 .

[128]  V. Rao Vemuri,et al.  NSOM: A Tool To Detect Denial Of Service Attacks Using Self-Organizing Maps , 2002 .

[129]  Jens R. Calamé,et al.  Testing reactive systems with data: enumerative methods and constraint solving , 2008 .

[130]  Jurgen Vinju,et al.  Analysis and transformation of source code by parsing and rewriting , 2005 .

[131]  Christopher Krügel,et al.  Comprehensive approach to intrusion detection alert correlation , 2004, IEEE Transactions on Dependable and Secure Computing.

[132]  V. Vapnik Pattern recognition using generalized portrait method , 1963 .

[133]  RH Rudolf Mak,et al.  Design and performance analysis of data-independent stream processing systems , 2008 .

[134]  Sanjay Goel,et al.  Kolmogorov complexity estimates for detection of viruses in biologically inspired security systems: A comparison with traditional approaches , 2003, Complex..

[135]  E. Zambon,et al.  A Model Supporting Business Continuity Auditing and Planning in Information Systems , 2007, Second International Conference on Internet Monitoring and Protection (ICIMP 2007).

[136]  de Ism Ivo Jong Integration and test strategies for complex manufacturing machines , 2008 .

[137]  William W. Cohen Fast Effective Rule Induction , 1995, ICML.

[138]  Jr. Allen B. Tucker,et al.  The Computer Science and Engineering Handbook , 1997 .

[139]  Frédéric Cuppens,et al.  LAMBDA: A Language to Model a Database for Detection of Attacks , 2000, Recent Advances in Intrusion Detection.

[140]  Martijn Warnier,et al.  Language based security for Java and JML , 2006 .

[141]  Salvatore J. Stolfo,et al.  Anagram: A Content Anomaly Detector Resistant to Mimicry Attack , 2006, RAID.

[142]  Bahareh Badban,et al.  Verification Techniques for Extensions of Equality Logic , 2006 .

[143]  Giovanni Vigna,et al.  Multi-module vulnerability analysis of web-based applications , 2007, CCS '07.

[144]  Dan Andersson,et al.  Heterogeneous Sensor Correlation: A Case Study of Live Traffic Analysis , 2001 .

[145]  de Hayco Jong Flexible heterogeneous software systems , 2007 .

[146]  Tadeusz Pietraszek,et al.  Using Adaptive Alert Classification to Reduce False Positives in Intrusion Detection , 2004, RAID.

[147]  Matt Bishop,et al.  Verify results of network intrusion alerts using lightweight protocol analysis , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[148]  M. J. de Mol,et al.  Reasoning about functional programs : Sparkle, a proof assistant for Clean , 2009 .

[149]  Mohammed G. Khatib MEMS-Based Storage Devices : Integration in Energy-Constrained Mobile Systems , 2009 .

[150]  John McHugh,et al.  Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory , 2000, TSEC.

[151]  Ncwm Niels Braspenning Model-based integration and testing of high-tech multi-disciplinary systems , 2008 .

[152]  Magnus Almgren,et al.  Application-Integrated Data Collection for Security Monitoring , 2001, Recent Advances in Intrusion Detection.

[153]  William L. Fithen,et al.  State of the Practice of Intrusion Detection Technologies , 2000 .

[154]  van Mpwj Michiel Osch Automated model-based testing of hybrid systems , 2009 .

[155]  Cannady,et al.  An Adaptive Neural Network Approach to Intrusion Detection and Response , 2000 .

[156]  Peter G. Neumann,et al.  EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances , 1997, CCS 2002.

[157]  Arjen van Weelden,et al.  Putting Types To Good Use , 2007 .

[158]  Sebastiaan Gijsbert Marinus Cornelissen,et al.  Evaluating Dynamic Analysis Techniques for Program Comprehension , 2009 .

[159]  Christopher Krügel,et al.  A multi-model approach to the detection of web-based attacks , 2005, Comput. Networks.

[160]  Peng Ning,et al.  Learning attack strategies from intrusion alerts , 2003, CCS '03.

[161]  Cheun Ngen Chong Experiments in rights control : expression and enforcement , 2005 .

[162]  Erika Ábrahám,et al.  An Assertional Proof System for Multithreaded Java - Theory and Tool Support , 2005 .

[163]  Burton H. Bloom,et al.  Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[164]  Butler W. Lampson,et al.  31. Paper: Computer Security in the Real World Computer Security in the Real World , 2022 .

[165]  Tomas Krilavicius,et al.  Hybrid Techniques for Hybrid Systems , 2006 .

[166]  M. T. Ionita,et al.  Scenario-based system architecting : a systematic approach to developing future-proof system architectures , 2005 .

[167]  Pascal van Eck,et al.  Specifying Information Security Needs for the Delivery of High Quality Security Services , 2007, 2007 2nd IEEE/IFIP International Workshop on Business-Driven IT Management.

[168]  M. Kyas Verifying OCL Specifications of UML models , 2006 .

[169]  Stephanie Forrest,et al.  A sense of self for Unix processes , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[170]  David A. Wagner,et al.  Mimicry attacks on host-based intrusion detection systems , 2002, CCS '02.

[171]  Sandro Etalle,et al.  Boosting Web Intrusion Detection Systems by Inferring Positive Signatures , 2008, OTM Conferences.

[172]  Christopher Krügel,et al.  Using Decision Trees to Improve Signature-Based Intrusion Detection , 2003, RAID.

[173]  Sushil Jajodia,et al.  Detecting Novel Network Intrusions Using Bayes Estimators , 2001, SDM.

[174]  Salvatore J. Stolfo,et al.  A data mining framework for building intrusion detection models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[175]  Mohammad Ali Abam New data structures and algorithms for mobile data , 2007 .

[176]  M. F.,et al.  Bibliography , 1985, Experimental Gerontology.

[177]  Vern Paxson,et al.  Enhancing byte-level network intrusion detection signatures with context , 2003, CCS '03.

[178]  Thomas Henry Ptacek,et al.  Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection , 1998 .

[179]  Máximo Eduardo Egger Correlação de eventos para detecção de intrusão: um experimento com open source security information management (OSSIM) , 2009 .

[180]  Salvatore J. Stolfo,et al.  Casting out Demons: Sanitizing Training Data for Anomaly Sensors , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[181]  Peng Ning,et al.  Correlating Alerts Using Prerequisites of Intrusions , 2001 .

[182]  Stefanos Manganaris,et al.  A Data Mining Analysis of RTID Alarms , 2000, Recent Advances in Intrusion Detection.

[183]  Sushil Jajodia,et al.  ADAM: a testbed for exploring the use of data mining in intrusion detection , 2001, SGMD.

[184]  R Ronald Ruimerman,et al.  Modeling and remodeling in bone tissue , 2005 .

[185]  Ling Cheung,et al.  Reconciling nondeterministic and probabilistic choices , 2006 .

[186]  Eu-Jin Goh,et al.  Searching on Encrypted Data , 2003 .

[187]  Hervé Debar,et al.  M2D2: A Formal Data Model for IDS Alert Correlation , 2002, RAID.

[188]  M Damashek,et al.  Gauging Similarity with n-Grams: Language-Independent Categorization of Text , 1995, Science.

[189]  Thomas Wolle,et al.  Computational aspects of treewidth : Lower bounds and network reliability , 2005 .

[190]  Sharath Pankanti,et al.  Guide to Biometrics , 2003, Springer Professional Computing.

[191]  Christopher Krügel,et al.  Anomaly detection of web-based attacks , 2003, CCS '03.

[192]  Barry E. Mullins,et al.  Alert Verification Evasion Through Server Response Forging , 2007, RAID.

[193]  Jon Crowcroft,et al.  Honeycomb , 2004, Comput. Commun. Rev..

[194]  Daniel Kroening,et al.  Decision Procedures for Equality Logic and Uninterpreted Functions , 2008 .

[195]  Ivan S. Zapreev Model checking Markov chains : techniques and tools , 2008 .

[196]  Hervé Debar,et al.  The Intrusion Detection Message Exchange Format (IDMEF) , 2007, RFC.

[197]  Shawn Ostermann,et al.  Detecting Anomalous Network Traffic with Self-organizing Maps , 2003, RAID.

[198]  Bastiaan Stephan Graaf,et al.  Model-Driven Evolution of Software Architectures , 2007, 11th European Conference on Software Maintenance and Reengineering (CSMR'07).

[199]  Harmen Kastenberg Graph-based software specification and verification , 2008 .

[200]  M. T. de Berg,et al.  Multi-functional geometric data structures , 2003 .

[201]  Bernhard E. Boser,et al.  A training algorithm for optimal margin classifiers , 1992, COLT '92.

[202]  M. G. van der Horst,et al.  Scalable block processing algorithms , 2008 .

[203]  Christopher Krügel,et al.  Pixy: a static analysis tool for detecting Web application vulnerabilities , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[204]  Dmitri Jarnikov,et al.  QoS framework for video streaming in home networks , 2007 .

[205]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[206]  Yee Wei Law,et al.  Key management and link-layer security of wireless sensor networks : Energy-efficient attack and defense , 2005 .

[207]  Stephen F. Bush,et al.  Information assurance through Kolmogorov complexity , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[208]  A. Rodriguez Yakushev,et al.  Towards Getting Generic Programming Ready for Prime Time , 2009 .

[209]  Christopher Krügel,et al.  Using Generalization and Characterization Techniques in the Anomaly-based Detection of Web Attacks , 2006, NDSS.

[210]  Stefano Zanero,et al.  Analyzing TCP Traffic Patterns Using Self Organizing Maps , 2005, ICIAP.

[211]  Aloysius K. Mok,et al.  Advanced Allergy Attacks: Does a Corpus Really Help? , 2007, RAID.

[212]  Mohammad Reza Mousavi,et al.  Structuring structural operational semantics , 2005 .

[213]  V. Sundramoorthy,et al.  At Home in Service Discovery , 2006 .

[214]  Ivan Kurtev,et al.  Adaptability of model transformations , 2005 .

[215]  M. T. de Berg,et al.  Algorithms for Fat Objects: Decompositions and Applications , 2004 .

[216]  AJ Arjan Mooij,et al.  Constructive formal methods and protocol standardization , 2006 .

[217]  Martin Bravenboer,et al.  Exercises in Free Syntax. Syntax Definition, Parsing, and Assimilation of Language Conglomerates , 2003 .

[218]  M. A. Valero Espada,et al.  Modal Abstraction and Replication of Processes with Data , 2005 .

[219]  Aloysius K. Mok,et al.  Allergy Attack Against Automatic Signature Generation , 2006, RAID.

[220]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1986, 1986 IEEE Symposium on Security and Privacy.

[221]  Mitchell Kb,et al.  Web references , 2007, Ship and Mobile Offshore Unit Automation.

[222]  Flavio D. Garcia Formal and Computational Cryptography: Protocols, Hashes and Commitments , 2008 .

[223]  Barry E. Mullins,et al.  Network Intrusion Detection: Automated and Manual Methods Prone to Attack and Evasion , 2006, IEEE Security & Privacy.

[224]  Peng Ning,et al.  Techniques and tools for analyzing intrusion alerts , 2004, TSEC.