Results 1 -
3 of
3
Insertion, evasion, and denial of service: Eluding network intrusion detection
, 1998
"... \Not everything that is counted counts, and not everything that counts can be counted." ..."
Abstract
-
Cited by 246 (0 self)
- Add to MetaCart
\Not everything that is counted counts, and not everything that counts can be counted."
A toolkit for modeling and compressing audit data
, 1998
"... System administrators face trade-o s concerning the volume of audit data to collect and retain. Not all approaches have easily quanti ed costs, but lossless compression o ers an adjustable trade-o of storage for compute time. Compression techniques designed into the data format can complicate softwa ..."
Abstract
-
Cited by 3 (0 self)
- Add to MetaCart
System administrators face trade-o s concerning the volume of audit data to collect and retain. Not all approaches have easily quanti ed costs, but lossless compression o ers an adjustable trade-o of storage for compute time. Compression techniques designed into the data format can complicate software that consumes the data, and are not adjustable to suit the needs of diverse sites. General-purpose compression tools permit some adjustment, but cannot exploit sophisticated models of the data. The toolkit described here simpli es tailoring compression tools to the properties of the data at any time after the data format is speci ed. Using the toolkit, a few days of work de ning models can achieve compression 13 % better than gzip on an existing commercial audit format, with many known properties of the data remaining to be exploited by re nements of the models for still better compression. A customized compression tool could also be designed to permit recovery of data from a compressed stream without decompressing the entire stream. 1
Combining multiple intrusion detection and response technologies in an active networking based architecture
- In Proc. of17th DFN-Arbeitstagung über Kommunikationsnetze
, 2003
"... Abstract: With the ever growing number of hosts connected to the Internet, representing potential sources of malicious attacks, and increasing sophistication of attacking techniques and automated attacking tools, network intrusion detection and response has evolved into a very active field of resear ..."
Abstract
-
Cited by 1 (1 self)
- Add to MetaCart
Abstract: With the ever growing number of hosts connected to the Internet, representing potential sources of malicious attacks, and increasing sophistication of attacking techniques and automated attacking tools, network intrusion detection and response has evolved into a very active field of research in recent years and a wide variety of approaches has been developed [LFG + 00, NN01]. However, isolated operation of specific intrusion detection and defense technologies generally exhibits only the specific strengths and drawbacks of one particular approach. In order to allow for a co-ordinated combination of existing and emerging security technologies (e.g. signature based detection, anomaly detection, DDoS response mechanisms, honeypots, etc.) we propose a flexible intrusion detection and response framework called FIDRAN [HJS03] that is based on active networking technology. Principal findings so far are that active networking proves to be a well suited technology for intrusion detection and response, that the load of intrusion detection can be distributed among multiple systems with this approach, and that the overhead stays in acceptable ranges. 1
