Handbook of Research on Emerging Developments in Data Privacy

This chapter aims at providing a clear and concise picture of data collection for intrusion detection. It provides a detailed explanation of generic data collection mechanism components and the interaction with the environment, from initial triggering to output of log data records. Taxonomies of mechanism characteristics and deployment considerations are provided and discussed. Furthermore, guidelines and hints for mechanism selection and deployment are provided. Finally, this chapter presents a set of strategies for determining what data to collect, and it also discusses some of the challenges in the field. An appendix providing a classification of 50 studied mechanisms is also provided. This chapter aims at assisting intrusion detection system developers, designers, and operators in selecting mechanisms for resource efficient data collection.

[1]  Eberhard Becker,et al.  Digital rights management : technological, economic, legal and political aspects , 2003 .

[2]  Stephanie Forrest,et al.  A sense of self for Unix processes , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[3]  Kymie M. C. Tan,et al.  Undermining an Anomaly-Based Intrusion Detection System Using Common Exploits , 2002, RAID.

[4]  Erland Jonsson,et al.  Operator-Centric and Adaptive Intrusion Detection , 2008, 2008 The Fourth International Conference on Information Assurance and Security.

[5]  Erland Jonsson,et al.  Extracting attack manifestations to determine log data requirements for intrusion detection , 2004, 20th Annual Computer Security Applications Conference.

[6]  Lawrence Lessig,et al.  code 2.0 , 2009 .

[7]  Erland Jonsson,et al.  A Revised Taxonomy of Data Collection Mechanisms with a Focus on Intrusion Detection , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[8]  Mary Baker,et al.  Measurements of a distributed file system , 1991, SOSP '91.

[9]  Hung Q. Ngo,et al.  A Data-Centric Approach to Insider Attack Detection in Database Systems , 2010, RAID.

[10]  Dan Tsafrir,et al.  Fine grained kernel logging with KLogger: experience and insights , 2007, EuroSys '07.

[11]  Zheng Wang,et al.  System support for automatic profiling and optimization , 1997, SOSP.

[12]  Christopher Krügel,et al.  Protecting a Moving Target: Addressing Web Application Concept Drift , 2009, RAID.

[13]  Julie E. Cohen Some Reflections on Copyright Management Systems and Laws Designed to Protect Them , 1997 .

[14]  Jack Dongarra,et al.  Using PAPI for Hardware Performance Monitoring on Linux Systems , 2001 .

[15]  Dong Xiang,et al.  Information-theoretic measures for anomaly detection , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[16]  Ulf E. Larson,et al.  Simulated attacks on CAN buses: vehicle virus , 2008 .

[17]  Jeffrey K. Hollingsworth,et al.  An API for Runtime Code Patching , 2000, Int. J. High Perform. Comput. Appl..

[18]  John Kunze,et al.  A trace-driven analysis of the unix 4 , 1985, SOSP 1985.

[19]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1986, 1986 IEEE Symposium on Security and Privacy.

[20]  Fulvio Risso,et al.  An architecture for high performance network analysis , 2001, Proceedings. Sixth IEEE Symposium on Computers and Communications.

[21]  Julie E. Cohen DRM and privacy , 2003, CACM.

[22]  Erland Jonsson,et al.  A Comparison of Alternative Audit Sources for Web Server Attack Detection , 2007 .

[23]  Jeffrey C. Mogul,et al.  The packer filter: an efficient mechanism for user-level network code , 1987, SOSP '87.

[24]  Flora J. Garcia Bodil Lindqvist: A Swedish Churchgoer's Violation of the European Union's Data Protection Directive Should Be a Warning to U.S. Legislators , 2005 .

[25]  C. Geiger The Future of Copyright in Europe - Striking a Fair Balance between Protection and Access to Information , 2010 .

[26]  Barton P. Miller,et al.  Fine-grained dynamic instrumentation of commodity operating system kernels , 1999, OSDI '99.

[27]  Lance M. Berc,et al.  Continuous profiling: where have all the cycles gone? , 1997, TOCS.

[28]  Dear Mr Sotiropoulos ARTICLE 29 Data Protection Working Party , 2013 .

[29]  Eugene H. Spafford,et al.  Defending a Computer System Using Autonomous Agents , 1995 .

[30]  Kymie M. C. Tan,et al.  A defense-centric taxonomy based on attack manifestations , 2004, International Conference on Dependable Systems and Networks, 2004.

[31]  Bert Wijnen,et al.  An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks , 2002, RFC.

[32]  Werner Vogels,et al.  File system usage in Windows NT 4.0 , 1999, SOSP.

[33]  Matt Bishop,et al.  Profiling under UNIX by patching , 1987, Softw. Pract. Exp..

[34]  James R. Larus,et al.  Efficient program tracing , 1993, Computer.

[35]  James N. Menendez,et al.  A Guide to Understanding Audit in Trusted Systems , 1988 .

[36]  Daniel J. Gervais,et al.  Cloud Control: Copyright, Global Memes and Privacy , 2012, J. Telecommun. High Technol. Law.

[37]  Erland Jonsson,et al.  An Approach to UNIX Security Logging 1 , 1998 .

[38]  Harish Patil,et al.  Pin: building customized program analysis tools with dynamic instrumentation , 2005, PLDI '05.

[39]  Eugene H. Spafford,et al.  Using internal sensors for computer intrusion detection , 2001 .

[40]  Robert Braden A pseudo-machine for packet monitoring and statistics , 1988, SIGCOMM 1988.

[41]  D.K. Nilsson,et al.  An approach to specification-based attack detection for in-vehicle networks , 2008, 2008 IEEE Intelligent Vehicles Symposium.

[42]  B.A. Fessi,et al.  Data collection for information security system , 2010, 2010 Second International Conference on Engineering System Management and Applications.

[43]  Vânia Sofia António Duarte Protecção de dados pessoais na Internet , 2014 .

[44]  Beth A. Schroeder On-Line Monitoring: A Tutorial , 1995, Computer.

[45]  Benjamin A. Kuperman,et al.  A categorization of computer security monitoring systems and the impact on the design of audit sources , 2004 .

[46]  Matt Bishop A model of security monitoring , 1989, [1989 Proceedings] Fifth Annual Computer Security Applications Conference.

[47]  Xin Jin,et al.  Architecture for Data Collection in Database Intrusion Detection Systems , 2007, Secure Data Management.

[48]  日本規格協会 情報技術-セキュリティ技術-情報セキュリティ管理策の実践のための規範 : ISO/IEC 27002 = Information technology-Security techniques-Code of practice for information security controls : ISO/IEC 27002 , 2013 .

[49]  M. Itzkowitz,et al.  Memory Profiling using Hardware Counters , 2003, ACM/IEEE SC 2003 Conference (SC'03).

[50]  Louis D. Brandeis,et al.  The Right to Privacy , 1890 .

[51]  Susan L. Graham,et al.  Gprof: A call graph execution profiler , 1982, SIGPLAN '82.

[52]  Michael D. Smith,et al.  Tracing with Pixie , 1991 .

[53]  Ann Q. Gates,et al.  A taxonomy and catalog of runtime software-fault monitoring tools , 2004, IEEE Transactions on Software Engineering.

[54]  Dmitri Bronnikov A practical adoption of partial redundancy elimination , 2004, SIGP.

[55]  J. Boyle Foucault in Cyberspace: Surveillance, Sovereignty, and Hard-Wired Censors , 1997 .

[56]  Gunnar Peterson,et al.  How to Do Application Logging Right , 2010, IEEE Security & Privacy.

[57]  James R. Larus,et al.  Rewriting executable files to measure program behavior , 1994, Softw. Pract. Exp..