Attack recognition for system survivability: a low-level approach

This paper extends and builds on previous work that presented a signature-based attack recognition technique. We present general requirements for "survivable attack recognition" and discuss how our approach fits the requirements. Empirical results are given along with an estimate of the measured performance. Other work is reviewed within the context of attack recognition for survivability.

[1]  Stephen Northcutt,et al.  Network Intrusion Detection: An Analyst's Hand-book , 1999 .

[2]  Stephanie Forrest,et al.  Automated response using system-call delays , 2000 .

[3]  Alfonso Valdes,et al.  Live Traffic Analysis of TCP/IP Gateways , 1998, NDSS.

[4]  Mark E. Segal,et al.  A Specification-Based Approach for Building Survivable Systems , 1998 .

[5]  N. Hanebutte,et al.  A Two-Layer Approach to Survivability of Networked Computing Systems , 2022 .

[6]  G. A. Ferguson,et al.  Statistical analysis in psychology and education , 1960 .

[7]  Magnus Almgren,et al.  Application-Integrated Data Collection for Security Monitoring , 2001, Recent Advances in Intrusion Detection.

[8]  William L. Fithen,et al.  State of the Practice of Intrusion Detection Technologies , 2000 .

[9]  Naji Habra,et al.  ASAX: Software Architecture and Rule-Based Language for Universal Audit Trail Analysis , 1992, ESORICS.

[10]  Thomas Spyrou,et al.  Intention modelling: approximating computer user intentions for detection and prediction of intrusions , 1996, SEC.

[11]  N. Hanebutte,et al.  Low-Level Network Attack Recognition : A Signature-Based Approach ∗ , 2001 .

[12]  Marcus J. Ranum,et al.  Implementing a generalized tool for network monitoring , 1997, Inf. Secur. Tech. Rep..

[13]  Ulf Lindqvist,et al.  Detecting computer and network misuse through the production-based expert system toolset (P-BEST) , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[14]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[15]  Henk Sol,et al.  Proceedings of the 54th Hawaii International Conference on System Sciences , 1997, HICSS 2015.

[16]  Stephanie Forrest,et al.  Intrusion Detection Using Sequences of System Calls , 1998, J. Comput. Secur..

[17]  Stephen Northcutt,et al.  Intrusion Signatures and Analysis , 2001 .

[18]  Nancy R. Mead,et al.  Requirements definition for survivable network systems , 1998, Proceedings of IEEE International Symposium on Requirements Engineering: RE '98.