Intrusion and Intrusion Detection

Intrusion and Intrusion Detection (2001)

Cached

Download Links

[www.ece.cmu.edu]
[www.icir.org]
[www.cs.unc.edu]

Other Repositories/Bibliography

DBLP

by John Mchugh

Venue:	International Journal of Information Security
Citations:	35 - 0 self

BibTeX

@ARTICLE{Mchugh01intrusionand,
    author = {John Mchugh},
    title = {Intrusion and Intrusion Detection},
    journal = {International Journal of Information Security},
    year = {2001},
    volume = {1},
    pages = {14--35}
}

Years of Citing Articles

Bookmark

OpenURL

Abstract

Abstract. Assurance technologies for computer security have failed to have significant impacts in the marketplace, with the result that most of the computers connected to the internet are vulnerable to attack. This paper looks at the problem of malicious users from both a historical and practical standpoint. It traces the history of intrusion and intrusion detection from the early 1970s to the present day, beginning with a historical overview. The paper describes the two primary intrusion detection techniques, anomaly detection and signature-based misuse detection, in some detail and describes a number of contemporary research and commercial intrusion detection systems. It ends with a brief discussion of the problems associated with evaluating intrusion detection systems and a discussion of the difficulties associated with making further progress in the field. With respect to the latter, it notes that, like many fields, intrusion detection has been based on a combination of intuition and brute-force techniques. We suspect that these have carried the field as far as they can and that further significant progress will depend on the development of an underlying theoretical basis for the field.

Citations

677	Snort - lightweight intrusion detection for networks - Roesch - 1999
340	A Secure Environment for Untrusted Helper Applications - Goldberg, Wagner, et al. - 1996
279	Detecting intrusions using system calls: Alternative data models - Warrender, Forrest, et al. - 1999
221	An Intrusion Detection Model - Denning - 1987
214	A data mining framework for building intrusion detection models - Lee, Stolfo, et al. - 1999
204	Network intrusion detection - Mukherjee, Heberlein, et al. - 1994
149	Execution Monitoring of Security-Critical Programs in Distributed Systems: A SpecificationBased Approach - Ko, Ruschitzka, et al. - 1997
123	A network security monitor - HEBERLEIN, DIAS, et al. - 1990
115	The 1999 DARPA off-line intrusion detection evaluation - Lippmann, Haines, et al.
113	USTAT: A real-time intrusion detection system for Unix - Ilgun
107	A neural network component for an intrusion detection system - Debar, Becker, et al. - 1992
98	NetSTAT: a network-based intrusion detection system - VIGNA, KEMMERER - 1999
95	STATL: An Attack Language for State-Based Intrusion Detection - Eckmann, Vigna, et al. - 2002
91	State of the practice of intrusion detection technologies - ALLEN, CHRISTIE, et al. - 2000
77	NetSTAT: a network-based intrusion detection approach - VIGNA, KEMMERER - 1998
72	Expert systems in intrusion detection: A case study - Sebring, Shellhouse, et al.
67	Software Vulnerability Analysis - Krsul - 1998
59	NADIR “An automated system for detection network intrusion and misuse” , Cpmputers and Security - Jackson, Stallings, et al.
54	A methodology for testing intrusion detection systems - PUKETZA, ZHANG, et al. - 1996
53	A Tour of the Worm - Seeley
38	Computer Viruses - Cohen - 1986
26	Bro: A system for detecting network intruders in real-time - Paxon - 1998
24	Security Controls for Computer Systems. (U): Report of Defense Science Board Task Force on Computer Security. The Rand Corporation for the Office of the Director of Defense Research and Engineering - Ware - 1970
21	Architecture design of a scalable intrusion detection system for the emerging network infrastructure - Jou, Gong, et al. - 1997
20	Subversion: The neglected aspect of computer security. Unpublished master’s thesis, Naval Postgraduate School - Myers, P - 1980
20	A software platform for testing intrusion detection systems - PUKETZA, CHUNG, et al. - 1997
17	IDIOT— user guide - CROSBIE, DOLE, et al. - 1996
17	DERBI: Diagnosis, Explanation and Recovery from Computer Break-ins - Tyson - 2001
14	Using rule-based activity descriptions to evaluate intrusiondetection systems - Alessandri - 2000
13	System design document: Next-generation intrusion detection expert system - Jagannathan, Lunt, et al. - 1993
12	A preliminary attempt to apply detection and estimation theory to intrusion detection - Axelsson - 2000
10	ord, \The design of a system integrity monitor: Tripwire - Kim, Spa - 1993
9	The Shockwave Rider - Brunner - 1975
8	RFC 1288: The Finger user information protocol - Zimmerman - 1991
6	Computer security threat monitoring and surveillance - JP - 1980
6	Signal Detection Theory and ROC Analysis - JP - 1975
4	Intrusion Detection Systems: A Taxomomy and Survey - Axelsson - 2000
4	The computer watch data reduction tool - Dowel, Ramstedt - 1990
2	Testing Intrusion Detection Systems, Presentation to Groupe OSSIR - Debar - 1999
2	An intrusion detection model - DE - 1997
2	Dealing with False Positives in Intrusion Detection,” presented at Recent - Julisch - 2000
1	Computer security technology planning study, Vol. I - JP - 1972
1	Windows of vulnerability: A case study analysis - WA, WL, et al. - 2000
1	Security problems in the TCP/IP protocol suite. Comput Commun Rev 19(2):32–48 - SM - 1989
1	Cert security improvement modules. Available online at http://www.cert.org/security-improvement - CERT - 2000
1	Inc (2000) Cisco secure intrusion detection system overview. Available online at http://www.cisco.com/ univercd/cc/td/doc/product/iaabu/csids/csids1/csidsug/ overview.htm - Systems
1	Wespi A, Lampart S - Debar, Dacier - 1998
1	Jagannathan R, Lunt TF, Neumann PG - DE, DL - 1987
1	Spanguolo L - Durst, Champion, et al. - 1999
1	MJ (2000) Better logging through formality: Applying formal specification techniques to improve audit logs and log consumers - Flack, Atallah