State of the Practice of Intrusion Detection Technologies

Abstract : Attacks on the nation's computer infrastructures are a serious problem. Over the past 12 years, the growing number of computer security incidents on the Internet has reflected the growth of the Internet itself. Because most deployed computer systems are vulnerable to attack, intrusion detection (ID) is a rapidly developing field. Intrusion detection is an important technology business sector as well as an active area of research. Vendors make many claims for their products in the commercial marketplace so separating hype from reality can be a major challenge. A goal of this report is to provide an unbiased assessment of publicly available ID technology. We hope this will help those who purchase and use ID technology to gain a realistic understanding of its capabilities and limitations. The report raises issues that we believe are important for ID system (IDS) developers to address as they formulate product strategies. The report also points out relevant issues for the research community as they formulate research directions and allocate funds.

[1]  Ron Gula BROADENING THE SCOPE OF PENETRATION-TESTING TECHNIQUES , 2001 .

[2]  Deborah A. Frincke,et al.  Planning, Petri Nets, and Intrusion Detection , 1998 .

[3]  R.K. Cunningham,et al.  Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[4]  Nei Kato,et al.  Towards trapping wily intruders in the large , 2000, Recent Advances in Intrusion Detection.

[5]  Terry Dwain Escamilla,et al.  Intrusion detection: network security beyond the firewall , 1998 .

[6]  Chris Herringshaw,et al.  Detecting Attacks on Networks , 1997, Computer.

[7]  Nong Ye,et al.  Information fusion techniques for network intrusion detection , 1998, 1998 IEEE Information Technology Conference, Information Environment for the Future (Cat. No.98EX228).

[8]  Kristopher Kendall,et al.  A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems , 1999 .

[9]  Erland Jonsson,et al.  How to systematically classify computer security intrusions , 1997, S&P 1997.

[10]  Pramod K. Varshney,et al.  Distributed Detection and Data Fusion , 1996 .

[11]  Richard Brackney Cyber-intrusion response , 1998, Proceedings Seventeenth IEEE Symposium on Reliable Distributed Systems (Cat. No.98CB36281).

[12]  James Cannady,et al.  Artificial Neural Networks for Misuse Detection , 1998 .

[13]  Harold Joseph Highland,et al.  AIN'T misbehaving—A taxonomy of anti-intrusion techniques , 1995 .

[14]  Julia H. Allen,et al.  Security for Information Technology Service Contracts , 1998 .

[15]  Stephanie Forrest,et al.  Intrusion Detection Using Sequences of System Calls , 1998, J. Comput. Secur..

[16]  Vasant Honavar,et al.  Intelligent agents for intrusion detection , 1998, 1998 IEEE Information Technology Conference, Information Environment for the Future (Cat. No.98EX228).

[17]  Thomas G. Dietterich What is machine learning? , 2020, Archives of Disease in Childhood.

[18]  Salvatore J. Stolfo,et al.  Data Mining Approaches for Intrusion Detection , 1998, USENIX Security Symposium.

[19]  Stefan Axelsson,et al.  The base-rate fallacy and its implications for the difficulty of intrusion detection , 1999, CCS '99.

[20]  T. Bass,et al.  A glimpse into the future of id , 1999 .

[21]  Giovanni Vigna,et al.  NetSTAT: a network-based intrusion detection approach , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[22]  Eric Miller,et al.  Testing and evaluating computer intrusion detection systems , 1999, CACM.

[23]  Karl N. Levitt,et al.  GrIDS A Graph-Based Intrusion Detection System for Large Networks , 1996 .

[24]  Edson dos Santos Moreira,et al.  An adaptive intrusion detection system using neural networks , 1998 .

[25]  Gary Ford,et al.  Preparing to Detect Signs of Intrusion , 1998 .

[26]  Peiter Zatko A hacker's approach to id , 1999 .

[27]  Biswanath Mukherjee,et al.  A Methodology for Testing Intrusion Detection Systems , 1996, IEEE Trans. Software Eng..

[28]  Biswanath Mukherjee,et al.  A Software Platform for Testing Intrusion Detection Systems , 1997, IEEE Softw..

[29]  William W. Cohen Fast Effective Rule Induction , 1995, ICML.

[30]  Richard A. Kemmerer,et al.  NSTAT: A Model-based Real-time Network Intrusion Detection System , 1998 .

[31]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[32]  Paul Proctor Audit reduction and misuse detection in heterogeneous environments: framework and application , 1994, Tenth Annual Computer Security Applications Conference.

[33]  Todd L. Heberlein,et al.  Network intrusion detection , 1994, IEEE Network.

[34]  Eugene H. Spafford,et al.  Active Defense of a Computer System using Autonomous Agents , 1995 .

[35]  Eugene H. Spafford,et al.  Software forensics: Can we track code to its authors? , 1993, Comput. Secur..

[36]  Hai Tran,et al.  An introduction to automated intrusion detection approaches , 1999, Inf. Manag. Comput. Secur..

[37]  A.M. Cansian,et al.  Neural networks applied in intrusion detection systems , 1998, 1998 IEEE International Joint Conference on Neural Networks Proceedings. IEEE World Congress on Computational Intelligence (Cat. No.98CH36227).

[38]  Derek Simmel,et al.  An Approach for Selecting and Specifying Tools for Information Survivability. , 1998 .

[39]  Eugene H. Spafford,et al.  An Application of Pattern Matching in Intrusion Detection , 1994 .

[40]  Edward Amoroso,et al.  A selection criteria for intrusion detection systems , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[41]  Fred Cohen,et al.  Intrusion detection and response , 1997 .

[42]  David W. Baker,et al.  The Development of a Common Vulnerability Enumeration , 1999, Recent Advances in Intrusion Detection.

[43]  Neil C. Rowe,et al.  An intelligent tutor for intrusion detection on computer systems , 1998, Comput. Educ..

[44]  Erland Jonsson,et al.  How to systematically classify computer security intrusions , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[45]  Richard A. Kemmerer,et al.  State Transition Analysis: A Rule-Based Intrusion Detection Approach , 1995, IEEE Trans. Software Eng..

[46]  Russell M. Shumway Common-Sense An Alternative Approach to Web Security , .

[47]  Stephanie Forrest,et al.  Computer immunology , 1997, CACM.

[48]  Gary Ford,et al.  Responding to Intrusions , 1999 .

[49]  Thomas A. Longstaff,et al.  A common language for computer security incidents , 1998 .

[50]  Ulf Lindqvist,et al.  Detecting computer and network misuse through the production-based expert system toolset (P-BEST) , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[51]  Stefan Axelsson On a Difficulty of Intrusion Detection , 1999, Recent Advances in Intrusion Detection.

[52]  Marc Dacier,et al.  Intrusion detection , 1999, Comput. Networks.

[53]  Eugene H. Spafford,et al.  An Analysis of Some Software Vulnerabilities , 1998 .

[54]  Udo W. Pooch,et al.  Cooperating security managers: a peer-based intrusion detection system , 1996, IEEE Netw..

[55]  Wang Hou-kuan Artificial Neural Networks for Misuse Detection , 2001 .

[56]  J. Noelle McAuliffe,et al.  Is your computer being misused? A survey of current intrusion detection system technology , 1990, [1990] Proceedings of the Sixth Annual Computer Security Applications Conference.

[57]  Alfonso Valdes,et al.  Live Traffic Analysis of TCP/IP Gateways , 1998, NDSS.

[58]  Carla Marceau,et al.  Intrusion detection for distributed applications , 1999, CACM.

[59]  Philip K. Chan,et al.  Learning Patterns from Unix Process Execution Traces for Intrusion Detection , 1997 .

[60]  Thomas Henry Ptacek,et al.  Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection , 1998 .

[61]  James Llinas,et al.  An introduction to multisensor data fusion , 1997, Proc. IEEE.

[62]  TERRAN LANE,et al.  Temporal sequence learning and data reduction for anomaly detection , 1999, TSEC.

[63]  Biswanath Mukherjee,et al.  DIDS (distributed intrusion detection system)—motivation, architecture, and an early prototype , 1997 .

[64]  Dan Farmer,et al.  Improving the Security of Your Site by Breaking Into it , 2000 .

[65]  Steven Cheung,et al.  The threat from the net [Internet security] , 1997 .

[66]  Gary Ford,et al.  Detecting Signs of Intrusion. , 1997 .

[67]  David E. Goldberg,et al.  Genetic Algorithms in Search Optimization and Machine Learning , 1988 .

[68]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[69]  Eugene H. Spafford,et al.  Applying Genetic Programming to Intrusion Detection , 1995 .

[70]  Shyhtsun Felix Wu,et al.  Intrusion Detection for an On-Going Attack , 1999, Recent Advances in Intrusion Detection.

[71]  Helen Meyer,et al.  Is network intrusion detection software being used correctly , 1998 .

[72]  Terrance Goan A cop on the beat: collecting and appraising intrusion evidence , 1999, CACM.

[73]  Peter G. Neumann,et al.  EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances , 1997, CCS 2002.

[74]  Marc Dacier,et al.  Towards a taxonomy of intrusion-detection systems , 1999, Comput. Networks.

[75]  Stephanie Forrest,et al.  Principles of a computer immune system , 1998, NSPW '97.

[76]  Seppo Puuronen,et al.  Anomaly Intrusion Detection Systems: Handling Temporal Relations Between Events , 1999, Recent Advances in Intrusion Detection.

[77]  Rayford B. Vaughn A PRACTICAL APPROACH TO SUFFICIENT INFOSEC , 1998 .

[78]  Peter G. Neumann,et al.  Experience with EMERALD to Date , 1999, Workshop on Intrusion Detection and Network Monitoring.

[79]  J. Arndt Network security in distributed systems using CORBA , 1998 .

[80]  Sushil Jajodia,et al.  Trusted recovery , 1999, CACM.

[81]  Biswanath Mukherjee,et al.  A network security monitor , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[82]  Robert K. Cunningham,et al.  Evaluating Intrusion Detection Systems Without Attacking Your Friends: The 1998 DARPA Intrusion Detection Evaluation , 1999 .

[83]  Anup K. Ghosh,et al.  Detecting anomalous and unknown intrusions against programs , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[84]  Stephanie Forrest,et al.  A sense of self for Unix processes , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[85]  H. S. Teng,et al.  Security audit trail analysis using inductively generated predictive rules , 1990, Sixth Conference on Artificial Intelligence for Applications.

[86]  今井 亨,et al.  米国BBN Systems and Technologies社海外派遣報告 , 1997 .

[87]  Matt Bishop,et al.  Attack class: address spoofing , 1997 .

[88]  Louette R. Johnson Lutjens Research , 2006 .

[89]  M. Toure,et al.  An interdisciplinary approach for adding knowledge to computer security systems , 1994, 1994 Proceedings of IEEE International Carnahan Conference on Security Technology.

[90]  Marc Dacier,et al.  Intrusion Detection Using Variable-Length Audit Trail Patterns , 2000, Recent Advances in Intrusion Detection.

[91]  Jeffrey S. Smith,et al.  Discrete-event simulation for the design and evaluation of physical protection systems , 1998, 1998 Winter Simulation Conference. Proceedings (Cat. No.98CH36274).