Today hackers disguise their attacks by launching them form a set of compromised hosts distributed across the Internet. It is very difficult to defend against these attacks or to track down their origin. Commercially available intrusion detection systems can signal the occurrence of limited known types of attacks. New types of attacks are launched regularly but these tools are not effective in detecting them. Human experts are still the key tool for identifying, tracking, and disabling new attacks. Often this involves experts from many organizations working together to share their observations, hypothesis, and attack signatures. Unfortunately, today these experts have few tools that help them to automate this process. In this project we recognize that human experts will remain a critical part in the process of identifying, tracking and disabling computer attacks. We also recognize that an important part of the discovery, analysis, and defense against new distributed attacks is the cooperation that occurs between experts across different organizations. Many installations do not have the expertise necessary to develop full attack analyses. Our goal is to build automated tools for computer experts and system administrators to:
[1]
George Cybenko,et al.
AGENT TCL: Targeting the Needs of Mobile Computers
,
1997,
IEEE Internet Comput..
[2]
Daniela Rus,et al.
Digital Digital Transportable Information Agents Transportable Information Agents
,
1996
.
[3]
Isij Monitor,et al.
Network Intrusion Detection: An Analyst’s Handbook
,
2000
.
[4]
Daniela Rus,et al.
A practical clustering algorithm for static and dynamic information organization
,
1999,
SODA '99.
[5]
Stephen Northcutt,et al.
Intrusion Signatures and Analysis
,
2001
.
[6]
Giovanni Vigna,et al.
NetSTAT: A Network-based Intrusion Detection System
,
1999,
J. Comput. Secur..
[7]
Stephen Northcutt,et al.
Network Intrusion Detection: An Analyst's Hand-book
,
1999
.