The Kerf toolkit for intrusion analysis

Network-based intrusions have become a significant security concern. To aid system administrators with post-attack intrusion analysis, the Kerf toolkit provides an integrated front end and powerful correlation and data-representation tools, all in one package.

[1]  Igor V. Kotenko,et al.  Attacks Against Computer Network: Formal Grammar-Based Framework and Simulation Tool , 2002, RAID.

[2]  Todd L. Heberlein,et al.  Network intrusion detection , 1994, IEEE Network.

[3]  Giovanni Vigna,et al.  MNEMOSYNE: designing and implementing network short-term memory , 2002, Eighth IEEE International Conference on Engineering of Complex Computer Systems, 2002. Proceedings..

[4]  Cedric Michel,et al.  Intrusion detection: A bibliography , 2001 .

[5]  S. E. Smaha Haystack: an intrusion detection system , 1988, [Proceedings 1988] Fourth Aerospace Computer Security Applications.

[6]  Steve Romig Correlating Log File Entries , 2000, login Usenix Mag..

[7]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[8]  Michael C. Tanner,et al.  Automated diagnosis for computer forensics , 2002 .

[9]  Giovanni Vigna,et al.  STATL: An Attack Language for State-Based Intrusion Detection , 2002, J. Comput. Secur..

[10]  Bruce Schneier,et al.  Cryptographic Support for Secure Logs on Untrusted Machines , 1998, USENIX Security Symposium.

[11]  D. Sterne,et al.  Cooperative Intrusion Traceback and Response Architecture (CITRA) , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[12]  Hervé Debar,et al.  M2D2: A Formal Data Model for IDS Alert Correlation , 2002, RAID.

[13]  Lance Spitzner,et al.  The Honeynet Project: Trapping the Hackers , 2003, IEEE Secur. Priv..

[14]  Giovanni Vigna,et al.  NetSTAT: A Network-based Intrusion Detection System , 1999, J. Comput. Secur..

[15]  Stefan Axelsson,et al.  Intrusion Detection Systems: A Survey and Taxonomy , 2002 .

[16]  Eugene H. Spafford,et al.  Intrusion detection using autonomous agents , 2000, Comput. Networks.

[17]  Stephen Taylor,et al.  Validation of Sensor Alert Correlators , 2003, IEEE Secur. Priv..

[18]  Karl N. Levitt,et al.  GrIDS A Graph-Based Intrusion Detection System for Large Networks , 1996 .

[19]  Robert F. Erbacher,et al.  Improving Intrusion Analysis Effectiveness , .

[20]  Jared Allison Automated log processing , 2002 .

[21]  Peng Ning,et al.  Analyzing Intensive Intrusion Alerts via Correlation , 2002, RAID.

[22]  Peter G. Neumann,et al.  EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances , 1997, CCS 2002.

[23]  Biswanath Mukherjee,et al.  DIDS (distributed intrusion detection system)—motivation, architecture, and an early prototype , 1997 .

[24]  Salvatore J. Stolfo,et al.  Data Mining Approaches for Intrusion Detection , 1998, USENIX Security Symposium.

[25]  Steve Roming Correlating log file entries , 2000 .

[26]  Thomas Henry Ptacek,et al.  Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection , 1998 .

[27]  Vassilis Prevelakis,et al.  A Secure Station for Network Monitoring and Control , 1999, Conference on Information Security Management & Small Systems Security.

[28]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[29]  Naji Habra,et al.  ASAX: Software Architecture and Rule-Based Language for Universal Audit Trail Analysis , 1992, ESORICS.