NDLI: Specification-based anomaly detection: a new approach for detecting network intrusions

Please wait, while we are loading the content...

Authenticated encryption in SSH: provably fixing the SSH binary packet protocol

A temporal key management scheme for secure broadcasting of XML documents

Defending against redirect attacks in mobile IP

Asynchronous verifiable secret sharing and proactive cryptosystems

Efficient packet marking for large-scale IP traceback

Silicon physical random functions

Query-flood DoS attacks in gnutella

Scalable, graph-based network vulnerability analysis

Constructing attack scenarios through correlation of intrusion alerts

The verification of an industrial payment protocol: the SET purchase phase

A key-management scheme for distributed sensor networks

Almost entirely correct mixing with applications to voting

Authenticated-encryption with associated-data

Sensor-based intrusion detection for intra-domain distance-vector routing

Securing passwords against dictionary attacks

Tarzan: a peer-to-peer anonymizing network layer

Runtime verification of authorization hook placement for the linux security modules framework

Mimicry attacks on host-based intrusion detection systems

Design and implementation of the idemix anonymous credential system

Efficient, DoS-resistant, secure key exchange for internet protocols

DRM: doesn't really mean digital copyright management

Generic implementations of elliptic curve cryptography using partial reduction

Code red worm propagation modeling and analysis

Policy algebras for access control the predicate case

A reputation-based approach for choosing reliable resources in peer-to-peer networks

MOPS: an infrastructure for examining security properties of software

Specification-based anomaly detection: a new approach for detecting network intrusions

Specification-based anomaly detection: a new approach for detecting network intrusions

Content Provider	ACM Digital Library
Author	Zhou, S. Frullo, J. Sekar, R. Tiwari, A. Shanbhag, T. Gupta, A. Yang, H.
Abstract	Unlike signature or misuse based intrusion detection techniques, anomaly detection is capable of detecting novel attacks. However, the use of anomaly detection in practice is hampered by a high rate of false alarms. Specification-based techniques have been shown to produce a low rate of false alarms, but are not as effective as anomaly detection in detecting novel attacks, especially when it comes to network probing and denial-of-service attacks. This paper presents a new approach that combines specification-based and anomaly-based intrusion detection, mitigating the weaknesses of the two approaches while magnifying their strengths. Our approach begins with state-machine specifications of network protocols, and augments these state machines with information about statistics that need to be maintained to detect anomalies. We present a specification language in which all of this information can be captured in a succinct manner. We demonstrate the effectiveness of the approach on the 1999 Lincoln Labs intrusion detection evaluation data, where we are able to detect all of the probing and denial-of-service attacks with a low rate of false alarms (less than 10 per day). Whereas feature selection was a crucial step that required a great deal of expertise and insight in the case of previous anomaly detection approaches, we show that the use of protocol specifications in our approach simplifies this problem. Moreover, the machine learning component of our approach is robust enough to operate without human supervision, and fast enough that no sampling techniques need to be employed. As further evidence of effectiveness, we present results of applying our approach to detect stealthy email viruses in an intranet environment.
Starting Page	265
Ending Page	274
Page Count	10
File Format	PDF
ISBN	1581136129
DOI	10.1145/586110.586146
Language	English
Publisher	Association for Computing Machinery (ACM)
Publisher Date	2002-11-18
Publisher Place	New York
Access Restriction	Subscribed
Subject Keyword	Intrusion detection Network monitoring Anomaly detection
Content Type	Text
Resource Type	Article

Central Library (ISO-9001:2015 Certified)
Indian Institute of Technology Kharagpur
Kharagpur, West Bengal, India | PIN - 721302

See location in the Map
03222 282435
Mail: support@ndl.gov.in

Sl.	Authority	Responsibilities	Communication Details
1	Ministry of Education (GoI), Department of Higher Education	Sanctioning Authority	https://www.education.gov.in/ict-initiatives
2	Indian Institute of Technology Kharagpur	Host Institute of the Project: The host institute of the project is responsible for providing infrastructure support and hosting the project	https://www.iitkgp.ac.in
3	National Digital Library of India Office, Indian Institute of Technology Kharagpur	The administrative and infrastructural headquarters of the project	Dr. B. Sutradhar bsutra@ndl.gov.in
4	Project PI / Joint PI	Principal Investigator and Joint Principal Investigators of the project	Dr. B. Sutradhar bsutra@ndl.gov.in Prof. Saswat Chakrabarti will be added soon
5	Website/Portal (Helpdesk)	Queries regarding NDLI and its services	support@ndl.gov.in
6	Contents and Copyright Issues	Queries related to content curation and copyright issues	content@ndl.gov.in
7	National Digital Library of India Club (NDLI Club)	Queries related to NDLI Club formation, support, user awareness program, seminar/symposium, collaboration, social media, promotion, and outreach	clubsupport@ndl.gov.in
8	Digital Preservation Centre (DPC)	Assistance with digitizing and archiving copyright-free printed books	dpc@ndl.gov.in
9	IDR Setup or Support	Queries related to establishment and support of Institutional Digital Repository (IDR) and IDR workshops	idr@ndl.gov.in