论文信息 - Foundations for Intrusion Detection?

Foundations for Intrusion Detection?

Intrusion detection technologies have well-known shortcomings, such as a very high false alarm rate and the ability to detect only a limited class of attacks on a limited set of system components. Specialized attack types on unique system components cannot be detected, and neither can application-specific attacks. Even generic attacks on operating systems and networks cannot be reliably detected. Moreover, today's technology does only poorly at detecting new attack types, whereas much effort goes into developing signatures indicative of known attacks.

Teresa F. Lunt

[1] Marc Dacier,et al. Fixed- vs. Variable-Length Patterns for Detecting Suspicious Process Behavior , 1998, J. Comput. Secur..

[2] Stephanie Forrest,et al. Infect Recognize Destroy , 1996 .

[3] Karl N. Levitt,et al. Execution monitoring of security-critical programs in distributed systems: a specification-based approach , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[4] Stephanie Forrest,et al. Intrusion Detection Using Sequences of System Calls , 1998, J. Comput. Secur..

[5] Giovanni Vigna,et al. NetSTAT: A Network-based Intrusion Detection System , 1999, J. Comput. Secur..

[6] Richard A. Kemmerer,et al. State Transition Analysis: A Rule-Based Intrusion Detection Approach , 1995, IEEE Trans. Software Eng..

[7] Stefan Axelsson,et al. The base-rate fallacy and its implications for the difficulty of intrusion detection , 1999, CCS '99.