State of the Practice of Intrusion Detection Technologies
Appendix B Bibliography
Please note that some references have
suffixes (e.g., B25-1 or R23-b). If the suffix is a number, you can find all
of the references in the series on the same Web site. If the suffix is a
letter, the sources are associated with each other but are found in different
locations. If a reference such as R25 is cited and R25-1, R25-2, etc. exist in
the bibliography, then the citation refers to the entire group.
In the course of preparing this report, some bibliographic
references were deleted or combined with others. Please
note that in some cases this created a gap in the numeric
sequence found in the references (e.g., B19, B20, B23).
This report contains many Web references. The intrusion
detection field changes rapidly and much information is
posted first (and often only) on the Web. Many of these
references either become out of date, are modified, or
disappear altogether from the original site. If you have
questions or comments about information in this report,
please send email to security-improvement@cert.org.
[B1]
DARPA. Intrusion Detection PI Meeting December 1998¾Agenda. (1998).
DARPA. Intrusion Detection PI Meeting February 1998¾Agenda and Presentations. (1998).
[B3]
Sobirey, Michael. Michael Sobirey's ID Systems Page. http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html (1999). [B4]
Stocksdale, Gregory. (National Security Agency). SANS/NSA Intrusion Detection Tools Inventory. http://www.digitalguards.com (1998).
[B5]
DARPA & Air Intelligence Agency. CSAP21¾Information Protection into the 21st Century. http://www.darpa.mil/iso/ia/ssd/FutureTech/sld001.htm (1998).
[B6]
Stocksdale, Gregory. (National Security Agency). NSA Glossary of Terms in Security and Intrusion Detection. http://www.digitalguards.com (1999).
[B7]
Puketza, Nicholas, et al. "A Software Platform for Testing Intrusion Detection Systems." IEEE Software 14, 5: 43-51. "http://seclab.cs.ucdavis.edu">http://seclab.cs.ucdavis.edu (1997).
[B8]
Heberlein, L. Todd & Bishop, Matt. "Attack Class: Address Spoofing." Proceedings of The 19th National Information Security Conference http://seclab.cs.ucdavis.edu (1996).
[B9]
Puketza, Nicholas J., et al. (University of California, Davis). "A Methodology for Testing Intrusion Detection Systems." IEEE Transactions on Software Engineering, Vol. 22, #10 (SE-22) (October 1996): 719-729.
[B10]
Kahn, Clifford, et al. A Common ID Framework (1998).
[B11]
Network Associates Security Labs. Evading Intrusion Detection¾Executive Summary. http://www.nai.com/us/index.asp (1999).
[B12]
Peter Davis & Associates. Intrusion Detection Systems. http://www.pdaconsulting.com/ids.htm (1997).
[B13]
Hurwitz Group, Inc. Information Security: Assessing Risks and Detecting Intrusions (http://www.summitonline.com/security/papers/hurwitz3.html, 1998).
[B14]
Computer Security Institute. Tough Questions for IDS Vendors (1998).
[B15]
Power, Richard. "CSI Round Table: Experts Discuss Present and Future Directions for ID Systems." Computer Security Journal XIV, 1 (1999).
[B16]
Debar, H., et al. (IBM Zurich). An Experimentation Workbench for Intrusion Detection Systems (RZ2998). Zurich, Switzerland: IBM Research Division, March 1998. [return to top] [B18]
Taber, Mark. "The Sams Crack Level Index," Ch. 26 "Levels of Attack." Maximum Security: A Hacker's Guide to Protecting Your Internet Site and Network. http://www.damocles.com (1999).
[B19]
Van Doorn, Leendert. (Vrije Universiteit, Amsterdam). Computer Break-ins: A Case Study. http://www.alw.nih.gov/Security/FIRST/papers/general/holland.ps (1999).
[B20]
Chung, M., et al. (University of California, Davis). "Simulating Concurrent Intrusions for Testing Intrusion Detection Systems: Parallelizing Intrusions," 173-183. Proceedings of the 1995 National Information Systems Security Conference. Baltimore, MD, October 10-13, 1995. [B23]
Bace, Rebecca. (Infidel, Inc.). An Introduction to Intrusion Detection and Assessment (1999).
[B24]
Internet Security Systems, Inc. Real-Time Attack Recognition and Response: A Solution for Tightening Network Security (1999). [B25]
Internet Security Systems, Inc. Network- vs. Host-based Intrusion Detection. (1998).
[B26-a]
Cohen, Fred. 50 Ways to Defeat Your Intrusion Detection System. http://all.net/index.html (1999).
[B26-b]
Ptacek, Thomas H. & Newsham, Timothy N. (Secure Networks, Inc.) Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection http://www.snort.org [B27]
Cohen, Fred. Anatomy of a Successful Sophisticated Attack. http://all.net/index.html (1999).
[B28]
Cheswick, Bill. (AT&T Bell Laboratories). An Evening With Berford in Which a Cracker is Lured, Endured and Studied. http://jhunix.hcf.jhu.edu (1999).
[B29]
MIT Lincoln Laboratory. DARPA Intrusion Detection Evaluation (1999).
[B30]
Zissman, Marc A. & Lippmann, Richard P. (MIT Lincoln Laboratory). "Intrusion Detection System Evaluation." IA Newsletter 2,2 (Fall 1998): 6-7.
[B31]
Tobin, Donald L., Jr. (University of Idaho). "Detecting Intrusions Cooperatively Across Multiple Domains." IA Newsletter 2,2 (Fall 1998): 10.
[B33-1]
Levitt, Karl. (University of California, Davis). "Executive Summary." Proceedings of the 4th Workshop on Future Direction in Computer Misuse and Anomaly Detection (CMAD IV). Monterey, CA, Nov. 12-14, 1996 http://seclab.cs.ucdavis.edu/cmad/4-1996/exec_summ.html).
[B33-2]
Sharps, Jennifer. (University of California, Davis). "Session 1: Policy-Driven Intrusion Detection and the Insider Threat." Proceedings of the 4th Workshop on Future Direction in Computer Misuse and Anomaly Detection (CMAD IV). Monterey, CA, Nov. 12-14, 1996 (http://seclab.cs.ucdavis.edu/cmad/4-1996/session1.html).
[B33-3]
Levitt, Karl. (University of California, Davis). "Session 2: Intrusion Detection Technology for Small-Scale Systems." Proceedings of the 4th Workshop on Future Direction in Computer Misuse and Anomaly Detection (CMAD IV). Monterey, CA, Nov. 12-14, 1996 (http://seclab.cs.ucdavis.edu/cmad/4-1996/session2.html).
[B33-4]
Wee, Christopher & Heberlein, Todd. (University of California, Davis). "Session 3: New Attacks and New Twists on Existing Attacks." Proceedings of the 4th Workshop on Future Direction in Computer Misuse and Anomaly Detection (CMAD IV). Monterey, CA, Nov. 12-14, 1996 (http://seclab.cs.ucdavis.edu/cmad/4-1996/session3.html).
[B33-5]
Spafford, Gene. (University of California, Davis). "Session 4: Intrusion Detection in the Large." Proceedings of the 4th Workshop on Future Direction in Computer Misuse and Anomaly Detection (CMAD IV). Monterey, CA, Nov. 12-14, 1996 (http://seclab.cs.ucdavis.edu/cmad/4-1996/session4.html).
[B33-6]
Schaefer, Marv & Levitt, Karl. (University of California, Davis). "Session 5: New Environments for Intrusion Detection." Proceedings of the 4th Workshop on Future Direction in Computer Misuse and Anomaly Detection (CMAD IV). Monterey, CA, Nov. 12-14, 1996 (http://seclab.cs.ucdavis.edu/cmad/4-1996/session5.html)
[B33-7]
Bace, Becky. (University of California, Davis). "Session 6: Tools for Investigative Support." Proceedings of the 4th Workshop on Future Direction in Computer Misuse and Anomaly Detection (CMAD IV). Monterey, CA, Nov. 12-14, 1996 (http://seclab.cs.ucdavis.edu/cmad/4-1996/session6.html).
[B33-8]
Gragg, Susan. (University of California, Davis). "Session 7: New Ideas." Proceedings of the 4th Workshop on Future Direction in Computer Misuse and Anomaly Detection (CMAD IV). Monterey, CA, Nov. 12-14, 1996 (http://seclab.cs.ucdavis.edu/cmad/4-1996/session7.html).
[B34]
Anderson, James P. Computer Security Threat Monitoring and Surveillance. Fort Washington, PA: James P. Anderson Co., 1980.
[B35]
Horizon. "Defeating Sniffers and Intrusion Detection Systems." Phrack Magazine 8, 54 (Dec. 25, 1998): article 10 of 12. http://pulhas.org/phrack/54/P54-10.html.
[B37]
Ranum, Marcus J. Security on Internet Time http://www.clark.net (1997).
[B38]
Durst, Robert, et al. "Testing and Evaluating Computer Intrusion Detection Systems." Communications of the ACM 42, 7 (July 1999): 53-61.
[B41]
Mansur, Doug L. (Lawrence Livermore National Laboratory). Current Trends in the Threat to Computers: From Simple Hacking to Cyber Terrorism http://doe-is.llnl.gov/SecRes/DOETools/99001latalk.pdf (1998).
[B42-1]
Erlinger, Michael, et al. Intrusion Detection Exchange Format (idwg) http://www.ietf.org/html.charters/idwg-charter.html (1999).
[B42-2]
Erlinger, Mike & Staniford-Chen, Stuart. IDWG Charter http://www.zurich.ibm.com (1998).
[B42-3]
Hoffman, Paul. (Internet Mail Consortium). A Novice's Guide to the IETF http://www.imc.org/novice-ietf.html (1999).
[B43]
Cohen, Fred. Simulating Network Security http://all.net/index.html (1999).
[B44]
Cohen, Fred. Returning Fire http://all.net/index.html (1999).
[B45-a]
ICSA.net. About ICSA http://www.icsa.net/about_icsa/ (1999).
[B45-b]
SANS Institute Online. SANS Institute Online¾Home Page http://www.sans.org/newlook/home.htm (1999).
[B45-d]
The Internet Engineering Task Force (IETF). Overview of the IETF. http://www.ietf.org/overview.html (1999).
[B45-e]
Staniford-Chen, Stuart. Common Intrusion Detection Framework (CIDF) http://seclab.cs.ucdavis.edu (1998).
[B45-f]
Security Research Alliance. Security Research Alliance¾Overview (http://www.securityresearch.com/overviewmain.htm) 1999.
[B47]
Jajodia, S.; McCollum, C.D.; & Ammann, P. "Trusted Recovery." Communications of the ACM 42, 7 (July 1999): 71-75.
[B48]
Spafford, E.H. & Weeber, S.A. "Software Forensics: Can We Track Code to Its Authors?" 641-650. Proceedings of the 15th National Computer Security Conference. Oct 13-16, 1992. (Coast TR 91-01). http://www.cs.purdue.edu.
[B49]
Kerstetter, Jim. Low-Flying Hackers Pose Growing Threat
http://www.zdnet.com/pcweek/stories/news/0,4153,360254,00.html (1998).
[B50]
Robbins, Judd. An Explanation of Computer Forensics (1999).
[B51]
Denning, Dorothy E. Who's Stealing Your Information? http://www.infosecuritymag.com (1999).
[B52]
Cohen, Fred. Attack and Defense Strategies http://all.net/index.html (1999).
[B53]
Ranum, Marcus J. "Is Network Intrusion Detection Software Being Used Correctly?" Security Management 42, 8 (August 1998): 124-126.
[B54]
Irwin, Vicki & Northcutt, Stephen. (Naval Surface Warfare Center, Dalgren). Shadow: Internet Threat Briefing¾Stealth & Coordinated Attacks http://www.nswc.navy.mil/ISSEC/CID/coordinated.ppt (1999).
[B55-a]
Naval Surface Warfare Center, Dalgren. SHADOW Indications Technical Analysis¾Coordinated Attacks and Probes http://www.nswc.navy.mil/ISSEC/CID/co-ordinated_analysis.txt (1998).
[B55-b]
Northcutt, Stephen. (Naval Surface Warfare Center, Dahlgren). "Intrusion Detection: Shadow Style¾Step by Step Guide." SANS Institute Report (November 1988).
[B57]
Amoroso, Edward & Kwapniewski, Richard. (AT&T Laboratories). "A Selection Criteria for Intrusion Detection Systems." Proceedings of the 14th Annual Computer Security Applications Conference. Pheonix, AZ, Dec. 7-11, 1998. Los Alamitos, CA: IEEE Computer Society Press, 1998.
[B58-1]
Hosmer, Chet; Feldman, John; & Giordano, Joe. Advancing Crime Scene Computer Forensic Techniques (1999).
[B58-2]
Hosmer, Chet. Announcing the Formation of New High Technology Software Company (1998).
[return to top] [B59-a1]
Fyodor. The Art of Port Scanning (see also [B129]). http://www.insecure.org/nmap/nmap_doc.html (1997).
[B59-a2]
Fyodor. Nmap Network Security Scanner Man Page http://www.insecure.org/nmap/nmap_manpage.html (1999).
[B59-b1]
Harrison, Ann. New Generation of Scanning Tools Mask Source of Attack.
http://www.computerworld.com (1999).
[B59-b2]
Harrison, Ann. When Good Scanners Go Bad http://www.computerworld.com (1999).
[B59-c]
Beyond Security. NMap Port Scanner (1999).
[B61]
Fyoder. Remote OS Detection via TCP/IP Stack Fingerprinting (1998). [B62-a]
Privacy.net. Privacy Analysis of Your Internet Connection¾How It Works http://privacy.net/analyze/analyzehow.asp (1999).
[B62-b]
Oakes, Chris. Cracking Tools Get Smarter http://www.wired.com/news/news/technology/story/18219.html (1999).
[B63]
Neikter, Carl-Fredrik. Netbus Pro 2.01. http://netbus.org/features.html. 1999.
(Note: Since this page is no longer available, we've removed the link to it. December 2002.) [B64-a]
LaMonaca, Mike. (University of Pennsylvania). Back Orifice "Remote Administration Tool" http://www.rescomp.upenn.edu/docs/hype/old/bo.html (1999).
[B64-b1]
Glave, James. Back Orifice a Pain in the...?. http://www.wired.com/news/technology/0,1282,14092,00.html (1998).
[B64-b2]
McKay, Niall. Coming Soon: Back Orifice 2000. http://www.wired.com/news/technology/0,1282,20493,00.html (1999).
[B65-a]
Loscocco, Peter A., et al. (National Security Agency). The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments http://www.jya.com/paperF1.htm (1998). [B65-b]
Loscocco, Peter A.et al. (National Security Agency). The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments (Slides) (1998).
[B66]
CERT/CC. CERT Advisory CA-95.06 http://www.cert.org/advisories/CA-95.06.satan.html (1995).
[B67]
Brackney, Richard. "Cyber-Intrusion Response," 413-415. Proceedings of the 17th IEEE Symposium on Reliable Distribution Systems. West Lafayette, IN, Oct. 20-23, 1990. Los Alamitos, CA: IEEE Computer Society Press, 1998.
[B68]
Ranum, Marcus. (Network Flight Recorder). "Some Tips on Network Forensics." Computer Security Institute, 198 (September 1999): 1-8.
[return to top] [B69]
Cohen, Fred. Providing for Responsibility in a Global Information Infrastructure http://www.all.net/journal/ntb/responsible.html (1999).
[B70]
Zagar, Mario, et al. Data Compression Reference Center http://www.rasip.fer.hr/research/compress/index.html (1999).
[B71]
Jensen, Lars Peter & Koch, Peter. (Aalborg University, Denmark). An Ecological Man-Machine Interface for Temporal Visualization http://www.acm.org/pubs/articles/proceedings/uist/169891/p235-jensen/p235-jensen.pdf (1992).
[B72]
Sawyer, James T.; Minsk, Brian; & Bisantz, Ann M. (Georgia Institute of Technology). Coupling User Models and System Models: A Modeling Framework for Fault Diagnosis in Complex Systems http://www.eng.buffalo.edu/~bisantz/pubs/um96pap.html (1996).
[B73]
Mitchell, Christine M. (Georgia Institute of Technology). Models for the Design of Human Interaction with Complex Dynamic Systems (http://www.isye.gatech.edu/~cm/papers/model_requirement.10.96.html, 1996).
[B74]
Maynard, Terrill D. Year 2000 Computer Remediation: Assessing Risk Levels in Foreign Outsourcing http://www.sans.org (1999).
[B75]
Rowe, Neil C. & Schiavo, Sandra. An Intelligent Tutor for Intrusion Detection on Computer Systems (1999).
[B76]
Northcutt, Steven. Network Intrusion Detection. Indianapolis, IN: New Riders, 1999.
[B77-a]
Dockery, Mike & Zajac, John. "Responding to Electronic Evidence Requests." Electronic Evidence Journal 1, 1 (October 1, 1996): 1-4. http://evidence.finder.com/dockery/FTP/eej10196.pdf.
[B77-b]
Ferraiolo, Karen. (Arca Systems, Inc.). Tutorial: The Systems Security Engineering Capability Maturity Model http://csrc.nist.gov/nissc/1998/proceedings/tutorB5.pdf (1998).
[B78]
Shumway, Russell M. "Common Sense¾An Alternative Approach to Web Security." Proceedings of the 21st National Information Systems Security Conference. Arlington, VA, Oct. 5-8, 1998. http://csrc.nist.gov/nissc/1998/proceedings/paperD8.pdf.
[B79]
Vaughn, Dr. Rayford B., Jr. (Mississippi State University). "A Practical Approach to Sufficient INFOSEC." Proceedings of the 21st National Information Systems Security Conference. Arlington, VA, Oct. 5-8, 1998. http://csrc.nist.gov/nissc/1998/proceedings/paperA1.pdf.
[B80]
Ruiu, Dragos. Cautionary Tales: Stealth Coordinated Attack HOWTO
http://www.nswc.navy.mil/ISSEC/CID/Stealth_Coordinated_Attack.html (1999).
[B81]
De Wolf, Hans. The Jargon File http://web.bilkent.edu.tr/Online/Jargon30/JARGON.HTML (1999).
[B82]
Radcliff, Deborah. The Danger Within: Internal Employees¾Not Outside Hackers¾Can Be a Time Bomb Waiting to Blow http://www.idg.net/crd_security_16529.html (1998).
[B83]
Network Associates Technology, Inc. Next Generation Intrusion Detection in High-Speed Networks http://www.nai.com/media/pdf/nai_labs/ids.pdf (1999).
[B84]
Mitchell, Tom. Machine Learning. New York, NY: MacGraw-Hill, 1997.
[B85]
Goldberg, David E. Genetic Algorithms in Search, Optimization, and Machine Learning. New York, NY: Addison-Wesley, 1989.
[B86]
CERT/CC. CERT Summary CS-99-02 . http://www.cert.org (1999).
[B87]
Personal Communication between S. Forrest and J. McHugh.
[B88-1]
Hinden, Robert. (Nokia). IP Next Generation (IPng) http://playground.sun.com/pub/ipng/html/ipng-main.html (1999).
[B88-2]
Deering, Steve & Hinden, Bob. Statement on IPv6 Address Privacy http://playground.sun.com/pub/ipng/html/ipv6-address-privacy.html (1999).
[B88-3]
Hinden, Robert M. IP Next Generation Overview http://playground.sun.com/pub/ipng/html/INET-IPng-Paper.html (1995).
[B89]
Amoroso, Edward. Intrusion Detection. Sparta, NJ: Intrusion.Net Books, 1999.
[B91]
Briney, Andy. Parker's Plan. Norwood, MA: Information Security.
[B92]
CERT/CC. CERT Advisory CA-95.06 http://www.cert.org/advisories/CA-98.01.smurf.html (1998).
[B93]
PR Newswire Association, Inc. "Plugging the Holes in eCommerce Leads to 135% Growth in the Intrusion Detection and Vulnerability Assessment Software Market," PRNewswire. August 10, 1999.
[B94]
Computer Security Institute. 3rd Annual CSI/FBI Computer Crime and Security Survey. March 1998.
[B95]
Northcutt, Steven. "Evaluating Intrusion Detection Systems Without Attacking Your Friends," 86. Network Intrusion Detection. Indianapolis, IN: New Riders, 1999.
[B96]
Stallings, William. IPv6: The New Internet Protocol http://www.comsoc.org (1999).
[B97]
Arndt, Jonas & Österdahl, Torbjörn. Network Security in Distributed Systems Using CORBA http://www.etek.chalmers.se/~e3torb/CORBASecurity.pdf (1998). [B98]
Firth, Robert, et al. Detecting Signs of Intrusion. (CMU/SEI-SIM-001). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 1997. http://www.cert.org/.
[B99]
CERT/CC. CERT Incident Note IN-99-01 on sscan http://www.cert.org/incident_notes/IN-99-01.html (1999).
[B100]
Sitaker, Kragen. How to Find Security Holes http://www.dnaco.net/~kragen/security-holes.html (1999). [B102]
Fish & Richardson P.C. The Emerging Law of Computer Networks¾Finding Out What's There: Technical and Legal Aspects of Discovery (1998).
[return to top] [B103]
Computers and Law Class. (University at Buffalo School of Law). Discovery of Computer Data http://wings.buffalo.edu (1996).
[B104]
Swartwood, Dan T. & Heffernan, Richard. Trends in Intellectual Property Loss, Survey Report http://www.asisonline.org (1998).
[B105]
Gula, Ron. Broadening the Scope of Penetration Testing Techniques http://www.securityfocus.com. [B106]
Network Security Solutions Ltd. Techniques Adopted by `System Crackers' when Attempting to Break into Corporate or Sensitive Private Networks http://www.clark.net (1998). [B107]
Farmer, Dan & Venema, Wietse. Improving the Security of Your Site by Breaking Into It http://www.clark.net (1999). [B108-1]
Spitzner, Lance. Know Your Enemy http://www.enteract.com/~lspitz/enemy.html (1999).
[B108-2]
Spitzner, Lance. Know Your Enemy: II http://www.enteract.com/~lspitz/enemy2.html (1999).
[B108-3]
Spitzner, Lance. Know Your Enemy: III http://www.enteract.com/~lspitz/enemy3.html (1999).
[B108-4]
Spitzner, Lance. How to Build a Honeypot http://www.enteract.com/~lspitz/honeypot.html (1999).
[B109]
Wingfield, Nick. Java, ActiveX Security Elusive http://news.cnet.com/ (1997).
[B110]
McGraw, Gary. Java's 2's Verifier Becomes Confused by German Student's Security Attack http://www.javaworld.com/javaworld/jw-04-1999/jw-04-flaw.html (1999).
[B111]
Elgin, Ben. Risky Business http://www.zdnet.com/devhead/stories/articles/0,4413,1600421,00.html (1997).
[B112]
Coffee, Peter. Java, ActiveX Under a Microscope
http://www.zdnet.com/devhead/stories/articles/0,4413,1600418,00.html (1996).
[B113]
McLain, Fred. The Exploder Control Frequently Asked Questions http://www.halcyon.com/mclain/ActiveX/Exploder/FAQ.htm (1997).
[B114]
Seminerio, Maria. Hackers Claim ActiveX Can Be Used to Pilfer Money Online
http://www.zdnet.com/devhead/stories/articles/0,4413,1600422,00.html (1997).
[B115-1]
Guttman, Barbara & Bagwill, Robert. NIST Special Publication¾Internet Security Policy: A Technical Guide. http://csrc.nist.gov/isptg/ (1997).
[B115-2]
Guttman, Barbara & Bagwill, Robert. NIST Special Publication¾Internet Security Policy: A Technical Guide¾II. http://csrc.nist.gov/isptg/pdf/00CoverPage.pdf (1997).
[B115-3]
Guttman, Barbara & Bagwill, Robert. NIST Special Publication¾Internet Security Policy: A Technical Guide¾III. http://csrc.nist.gov/isptg/pdf/01Introduction.pdf (1997).
[B115-4]
Guttman, Barbara & Bagwill, Robert. NIST Special Publication¾Internet Security Policy: A Technical Guide¾IV. http://csrc.nist.gov/isptg/pdf/01TOC.pdf (1997).
[B115-5]
Guttman, Barbara & Bagwill, Robert. NIST Special Publication¾Internet Security Policy: A Technical Guide¾V. http://csrc.nist.gov/isptg/pdf/02GeneralPolicy.pdf (1997).
[B116]
Kochmar, John, et al. Preparing to Detect Signs of Intrusion. (CMU/SEI-SIM-005). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 1998. http://www.cert.org/.
[B117]
CERT/CC. Establish a Policy and Set of Procedures that Prepare Your Organization to Detect Signs of Intrusion. http://www.cert.org/ (1998).
[B118]
Vranesevich, John. How to Become a Hacker Profiler. http://www.antionline.com (1999).
[B119]
Kendall, Kristopher. "A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems." BS/MS Thesis, Massachusetts Institute of Technology, June 1999.
[B120]
Lippmann, R.P. et al. "MIT Lincoln Laboratory Offline Component of DARPA 1998 Intrusion Detection Evaluation." Presentation at MIT Lincoln Laboratory PI Meeting, December 14, 1998. [B121]
Graf, I. et al. "Results of DARPA 1998 Offline Intrusion Detection Evaluation." Presentation at MIT Lincoln Laboratory PI Meeting, December 15, 1998. [B123]
Kossakowski, Peter, et al. Responding to Intrusions. (CMU/SEI-SIM-006). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 1998. http://www.cert.org/.
[B124]
White, G.; Fisch, E.; & Pooch, U. "Cooperating Security Managers: A Peer-Based Intrusion Detection System." IEEE Network 10, 1 (Jan/Feb 1996): 20-23.
[B125]
Toure, Maodo. (Université Paul Sabatier). "An Interdisciplinary Approach for Adding Knowledge to Computer Security Systems," 158-168. Proceedings of the IEEE International Carnahan Conference on Security Technology. Albuquerque, NM, Oct. 12-14, 1994. New York, NY: IEEE, 1994.
[B126]
Proctor, Paul. (SAIC). "Audit Reduction and Misuse Detection in Heterogeneous Environments." Proceedings of the 10th Annual Computer Security Applications Conference. Orlando, FL, Dec. 5-9, 1994. Los Alamitos, CA: IEEE Computer Society Press, 1995.
[B127]
Escamilla, Terry. Intrusion Detection: Network Security Beyond the Firewall. New York, NY: Wiley Computer Publishing, 1998.
[B129]
Fyodor. Nmap¾The Network Mapper. http://www.insecure.org/nmap/ (1999).
[B130]
CERT/CC. Security for Information Technology Service Contracts. (CMU/SEI-SIM-003). Available WWW: <http://www.cert.org/ (1998).
[B131]
Cresson-Wood, Charles. Information Security Policies Made Easy: A Comprehensive Set of Information Security Policies. Sausalito, CA: Baseline Software, 1997.
[B132]
Hart, Rod; Morgan, Darren; & Tran, Hai. (James Madison University). "An Introduction to Automated Intrusion Detection Approaches." Information Management and Computer Security 7, 2 (1999): 76-82.
[B133]
Brock, Jack L., Jr. (Governmentwide and Defense Information Systems). NRC's Intrusion Detection and Response Capabilities (AIMD-99-273R). Washington, DC: United States General Accounting Office, August 1999.
[return to top] [B134]
Power, Richard. "Issues and Trends: 1999 CSI/FBI Computer Crime and Security Survey." Computer Security Journal XV, 2 (1999). [B135]
Firth, Robert, et al. An Approach for Selecting and Specifying Tools for Information Survivability. (CMU/SEI-97-TR-009). Pittsburgh, Pa.: Software Engineering Institute, Carnegie Mellon University, 1997.
[B136]
Riley, Gary. CLIPS: A Tool for Building Expert Systems. http://www.ghg.net/clips/CLIPS.html (1999).
[B137]
ICSA.net. About the Intrusion Detection Systems Consortium. http://www.icsa.net/html/communities/ids/membership/index.shtml (1999).
[B138]
Check Point Software Technologies, Ltd. OPSEC Alliance Solutions Center. http://www.checkpoint.com/opsec/ (1998).
[B139]
Moritz, Ron, et al. CCIAPI: Common Content Inspection Application Programming Interface www.stardust.com/cciapi/docs/010799/CCIAPIScopeDraft3011.doc (1999).
[B140]
Adaptive Network Security Alliance, Inc. The Adaptive Network Security Alliance: Industry Leaders Teaming to Improve Enterprise Security. http://ansa.iss.net/ (1998).
[B142]
SEMPER. IDWG Mail Archive. http://www.semper.org/idwg-public (1999).
[B143]
Howard, John D. & Longstaff, Thomas A. A Common Language for Computer Security Incidents (SAND98-8667). Albuquerque, NM & Livermore, CA: Sandia National Laboratories, October 1998. [B144]
Lippmann, Richard P. et al. "Evaluating Intrusion Detection Systems: The 1998 DARPA Off-Line Intrusion Detection Evaluation." Proceedings of the DARPA Information Survivability Conference and Exposition (DISCEX 2000). Hilton Head, SC, Jan. 25-27, 2000. Los Alamitos, CA: IEEE Computer Society Press, 2000.
[B145]
Lemos, Robert. "ActiveX, Java Holes a Product of Internet Time." (1997).
[B146]
Hall, David L. & Llinas, James. "An Introduction to Multisensor Data Fusion." Proceedings of the IEEE 85, 1 (January 1997): 6-10.
Commercial
[C1]
Power, Richard & Farrow, Rik. CSI Intrusion Detection System Resource (1998).
Ranum, Marcus J., et al. (Network Flight Recorder, Inc.). Implementing a Generalized Tool for Network Monitoring (1997).
[C2-2]
Network Flight Recorder, Inc. The Network Flight Recorder in Action! http://www.nfr.net/products/technology.html (1997).
[C2-3]
Ranum, Marcus J. (Network Flight Recorder, Inc.). Intrusion Detection: Challenges and Myths (1998).
[C3-1]
Foote, Steven. (Hurwitz Group). How Anti-hacker Software Could Have Kept Me Out of Your Company. (1998).
[C3-2]
Netect. HackerShield¾Features and Benefits http://www.netect.com (1998).
[C4-1]
En Garde Systems, Inc. En Garde Systems Inc. is Proud to Announce T-sight, the First Advanced Intrusion Investigation and Response Tool for Windows NT (1998)
En Garde Systems, Inc. T-sight: Major Features List (1998).
[C4-3]
En Garde Systems, Inc. T-sight RealTime¾Main Window (1999)
IBM. SecureWay FirstSecure. http://www.ibm.com (1999).
[C5-2]
IBM. IBM Integrated Security Solutions: Comprehensive Security Solutions for Enabling e-business http://www-4.ibm.com (1999).
[C6-1]
Mimestar, Inc. SecureNet PRO Data Sheet (1997).
[C6-2]
Mimestar, Inc. SecureNet PRO: The Complete Network Security Solution (1997).
[C6-3]
Mimestar, Inc. SecureNet PRO Frequently Asked Questions (1997).
[C7]
Touch Technologies, Inc. INTOUCH INSA¾Network Security Agent http://www.ttisms.com/tti/nsa_www.html (1996).
[C8]
Harris Communications. Stake Out I.D. (1999).
[C9-1]
Digital Security InfoCenter. POLYCENTER Security Intrusion Detector (1996).
[C9-2]
Digital. POLYCENTER Security Intrusion Detector for Digital UNIX, Version 1.2A (1995).
[C10-1]
HP OpenView. Features and Benefits of Node Sentry (1999).
[C10-2]
HP OpenView. HP OpenView Node Sentry Product Brief (1999).
[C11]
ODS Networks, Inc. CDMS: Computer Misuse Detection System http://www.ods.com/security/products/cmds.shtml (1999). [return to top] [C12-4]
[C13-1]
Van Ryan, Jane. SAIC's Center for Information Security Technology Releases CMDS Verson 3.5 (1998).
[C13-2]
Proctor, Paul E. (SAIC). Computer Misuse Detection System (CMDS) Concepts (1996).
[C14]
Net Nanny Software International Inc. BioPassword: Undeniably Identified¾An Overview of Our Patented Keystroke Dynamic Technology (1998).
[C15-a1]
Internet Security Systems. Real Secure (1999).
[C15-a2]
Internet Security Systems. RealSecure System Requirements (1999).
[C15-a3]
Internet Security Systems. RealSecure Attack Signatures
http://www.iss.net (1998).
[C15-a4]
Internet Security Systems. Real-Time Attack Recognition and Response: A Solution for Tightening Network Security (1999).
[C15-b]
Lucent Technologies, Inc. Netork Intrusion Detection in Action http://www.lucent.com (1998).
[C16]
Computer Associates. SessionWall-3 http://www.abirnet.com/products.html (1999).
[C17-1]
AXENT Technologies, Inc. NetProwler¾Advanced Network Intrusion Detection (1999).
[C17-2]
AXENT Technologies, Inc. Netprowler http://www.axent.com (1998).
[C17-3]
AXENT Technologies, Inc. Netprowler¾II (1998).
[C18]
Security Dynamics. Kane Security Monitor (1999).
[C20-1]
Cisco. NetRanger http://www.cisco.com/warp/public/778/security/netranger/ (1999).
[C20-2]
Cisco. The NetRanger Intrusion Detection System
http://www.cisco.com (1998).
[C20-3]
Cisco. NetRanger Intrusion Detection System http://www.cisco.com (1998).
[C20-4]
Cisco. NetRanger¾General Concepts http://www.cisco.com (1998).
[C21-1]
Network Associates, Inc. CyberCop Monitor http://www.nai.com/us/index.asp (1999).
[C21-2]
Network Associates, Inc. CyberCop Scanner http://www.nai.com (1999).
[C21-3]
Network Associates, Inc. CyberCop Sting http://www.nai.com (1999).
[C21-4]
Network Associates, Inc. CyberCop CASL http://www.nai.com (1999).
[C21-a]
Network Associates, Inc. Next Generation Intrusion Detection in High Speed Networks http://www.nai.com/media/pdf/nai_labs/ids.pdf (1999).
[C21-b]
Network General Corporation. A Network Visibility Guide¾Protecting Your Network: The Choice Between Active and Static Security Technologies http://www.3dg.com/cybercop/ccvg/ccvg1.html (1997).
[C21-c]
Network General Corporation. CyberCop Datasheet http://www.3dg.com/cybercop/p_s/data1.html (1997).
[C22-a1]
Tripwire Security Systems, Inc. The History of Tripwire (1998).
[C22-a2]
Tripwire Security Systems, Inc. Tripwire, Inc.: Company Information http://www.tripwiresecurity.com (1998).
[C22-a3]
Tripwire Security Systems, Inc. Tripwire Academic Source Release 1.3.1 (1998).
[C22-a4]
Tripwire Security Systems, Inc. Tripwire 2.0 for Unix (1998).
[C22-a5]
Tripwire Security Systems, Inc. Tripwire 2.0 for Windows NT http://www.tripwiresecurity.com/products/2_0NT.html (1998).
[C22-a6]
Tripwire Security Systems, Inc. Tripwire 2.x Enhancements over Tripwire ASR 1.3 (1998).
[C22-a7]
Kim, Gene & McHugh, John. File Integrity Assessment (1999).
[return to top] [C22-b]
Cohen, Frederick B. Re: Intrusion Detection, Tripwire, etc. http://www.geek-girl.com/ids/0602.html (1995).
[C23-a]
LOpht Heavy Industries, Inc. Antisniff¾Overview (1999).
[C23-b]
Harrison, Ann. Security Think Tank Releases Sniffer Tool http://www.computerworld.com (1999).
[C24]
Roesch, Martin. The Snort Page. http://www.clark.net/~roesch/security.html (1999). News Items
[N1]
Reuters. White House Threatens to
Punish Hackers http://news.cnet.com (1999).
Festa, Paul. (CNET News.com). Senate, FBI Sites Down on Hack Attacks http://news.cnet.com (1999).
[N3]
Reuters. Some NASA Systems Easy Prey for Hackers http://news.cnet.com/ (1999).
[N4]
Reuters. White House Shuts down Web Site
http://news.cnet.com (1999).
[N5]
Shankland, Stephen. (CNET News.com). U.S. Weapons Labs Shut Down Classified Networks http://news.cnet.com (1999).
[N6]
Reuters. NATO Site, Email Suffers Hacks http://news.cnet.com (1999).
[N7]
Festa, Paul. (CNET News.com). Defense Department Fights off Hackers http://news.cnet.com (1999).
[N8]
Clark, Tim. (CNET News.com). Navy Fights New Hack http://news.cnet.com/ (1998).
[N9]
"Cyber-theft of Sensitive U.S. Files Traced to Russia." Chicago Sun-Times. October 7, 1999.
[N10]
Verton, Daniel. Cyberattacks Against DOD up 300 Percent this Year . (1999).
[N11]
Kerber, Ross. (The Boston Globe). A Handle on Hackers (1999).
[N12]
Yasin, Rutrell. Rise in Intrusions Sparks Concern http://www.internetwk.com/story/INW19991130S0007 (1999).
Research
[R1-a]
Lunt, Teresa F. (SRI International). Detecting Intruders in Computer System (1993).
Lunt, Teresa F., et al. (SRI International). A Real-Time Intrusion Detection Expert System (IDES) http://www2.csl.sri.com/nides.index5.html (1992).
[R1-c]
Anderson, Debra; Frivold, Thane; & Valdes, Alfonso. (SRI International). Next-Generation Intrusion Detection Expert System (NIDES), A Summary (SRI-CSL-95-07). Menlo Park, CA: Computer Science Laboratory, SRI International, May 1995. http://www.sdl.sri.com/nides.index5.html.
[R1-d]
Anderson, Debra, et al. (SRI International). Detecting Unusual Program Behavior Using the Statistical Component of the Next-Generation Intrusion Detection Expert System (NIDES) (SRI-CSL-95-06). Menlo Park, CA: Computer Science Laboratory, SRI International, May 1995. http://www.sdl.sri.com/nides/index5.html.
[R2-a]
Porras, Phillip A. Neumann, Peter G. (SRI International). EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances (1999).
[R2-b]
Porras, Phillip A. & Neumann, Peter G. (SRI International). EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances (1997).
[R2-c]
Computer Science Laboratory. (SRI International). History of Intrusion Detection at SRI/CSL (1997).
[R2-d]
Porras, Phillip A. & Neumann, Peter G. (SRI International). EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances. http://www2.csl.sri.com/emerald/downloads.html (1998).
[R2-e]
Porras, Phillip A. & Valdes, Alfonso. (SRI International). "Live Traffic Analysis of TCP/IP Gateways." Proceedings of the 1998 Internet Society Symposium on Network and Distributed System Security. March 1998. http://www.sdl.sri.com/emerald/downloads.html.
[R2-f]
Neumann, Peter G. & Porras, Phillip A. (SRI International). "Experience with EMERALD to Date." Proceedings of the 1st USENIX Workshop on Intrusion Detection and Network Monitoring. Santa Clara, CA, Apr. 11-12, 1999. http://www.sdl.sri.com/emerald/downloads.html.
[R3]
Kemmerer, Richard A. (University of California, Santa Barbara). NSTAT: A Model-Based Real-Time Network Intrusion Detection System (TRCS97-18). November 1997. [R4]
Kemmerer, Richard A., et al. (University of California, Santa Barbara). STAT Projects. http://www.cs.ucsb.edu/~kemm/netstat.html/projects.html (1999).
[R5]
Ilgun, Koral; Kemmerer, Richard A.; & Porras, Phillip A. (University of California, Santa Barbara). "State Transition Analysis: A Rule-Based Intrusion Detection Approach." IEEE Transactions on Software Engineering Vol. 21, #3 (SE-21) (March 1995): 1-22. http://www.cs.ucsb.edu
[R6-a]
Bass, Tim. (The Silk Road Group Ltd). Intrusion Detection Systems & Multisensor Data Fusion: Creating Cyberspace Situational Awareness¾Introduction (1999).
[R6-b]
Bass, Tim. (The Silk Road Group Ltd). "Multisensor Data Fusion for Next Generation Distributed Intrusion Detection Systems." Proceedings of the 1999 IRIS National Symposium on Sensor and Data Fusion. May 24-27, 1999.
[R6-c]
Bass, Tim & Gruber, Dave. "A Glimpse into the Future of ID." ;login: The USENIX Association Magazine (July 1999).
[R7]
Kumar, Sandeep & Spafford, Eugene. H. (Purdue University). An Application of Pattern Matching in Intrusion Detection (CSD-TR-94-013). West Lafayette, IN: COAST Laboratory, Purdue University, 1994. http://www.cs.purdue.edu/.
[return to top] [R8]
Kumar, Sandeep & Spafford, Eugene H. (Purdue University). A Pattern Matching Model for Misuse Intrusion Detection (Coast TR 95-06). http://www.cs.purdue.edu (1994).
[R9]
Porras, Phil, et al. (University of California, Davis). The Common Intrusion Detection Framework Architecture . http://seclab.cs.ucdavis.edu (1999).
[R10]
Sanchez, Luis A.; Kent, Stephen T.; & DiBlasio, Marguerite I. (BBN Systems and Technologies). External Routing Intrusion Detection Systems (ERIDS)¾1998 Project Summary . http://www.darpa.mil (1998).
[R11]
Cheung, Steven, et al. (University of California, Davis). The Design of GrIDS: A Graph-Based Intrusion Detection System (CSE-99-2). Davis, CA: Department of Computer Science, University of California at Davis, 1999. http://seclab.cs.ucdavis.edu.
[R12-a]
Staniford-Chen, S., et al. (University of California, Davis). "GrIDS¾A Graph-Based Intrusion Detection System for Large Networks." Proceedings of the 19th National Information Systems Security Conference . http://seclab.cs.ucdavis.edu (1996).
[R13]
Loyall, Joe. (GTE). "Toolkit for Creating Adaptable Distributed Applications." Proceedings of the DARPA Intrusion Detection Meeting. Dec. 15-17, 1998. http://www.dist-systems.bbn.com/projects/OIT.
[R14]
Levitt, Karl N. (University of California, Davis). "Global Guard." Proceedings of the DARPA Intrusion Detection PI Meeting. Lexington, MA, Dec. 15-17, 1998.
[R15]
Stolfo, Sal. (Columbia University). "The JAM Project & Evaluation Update." Proceedings of the DARPA Intrusion Detection PI Meeting. Lexington, MA, Dec. 15-17, 1998.
[R16]
Lee, Wenke & Stolfo, Salvatore J. (Columbia University). Data Mining Approaches for Intrusion Detection. http://www.cs.columbia.edu/~sal/hpapers/USENIX/usenix.html (1999).
[R17]
Lee, Wenke; Stolfo, Salvatore J.; & Chan, Philip K. "Learning Patterns from Unix Process Execution Traces for Intrusion Detection" Proceedings of AAAI Workshop: AI approaches to Fraud Detection and Risk Management. AAAI Press, July 1997.
[R18]
Cohen, William W. (AT&T Laboratories). Learning Trees and Rules with Set-Valued Features (1996). [R19]
Cohen, William W. (AT&T Bell Laboratories). "Fast Effective Rule Induction." Proceedings of the 12th International Conference on Machine Learning. Lake Tahoe, CA, 1995. [R20]
Heberlein, L. Todd, et al. (University of California, Davis). "A Network Security Monitor," 296-304. Proceedings of the 1990 IEEE Symposium on Research in Security and Privacy. Oakland, CA, May 7-9, 1990.
[R21]
Snapp, Steven R., et al. (University of California, Davis). "DIDS (Distributed Intrusion Detection System)¾Motivation, Architecture, and an Early Prototype," 167-176. Proceedings of the 14th National Computer Security Conference. Washington, DC, Oct. 1991. [R22-1]
Crosbie, Mark & Spafford, Gene. (Purdue University). Active Defense of a Computer System Using Autonomous Agents. (CSD-TR-95-008) West Lafayette, IN: COAST Laboratory, Purdue University, 1995. http://www.cs.purdue.edu.
[R22-2]
Crosbie, Mark & Spafford, Gene. (Purdue University). "Applying Genetic Programming to Intrusion Detection." Proceedings of the AAAI Fall Symposium on Genetic Programming. Cambridge, MA, Nov. 10-12, 1995. Menlo Park, CA: AAAI Press, 1995.
[R23]
Garvey, T.; & Lunt, T. (SRI International). "Model-Based Intrusion Detection," 374-385. Proceedings of the 14th National Computer Security Conference. Washington, DC, Oct. 1991.
[R24-a]
Lawrence Livermore National Laboratory Computer Security Technology Center. NID Introduction (1998).
[R24-b]
Lawrence Livermore National Laboratory Computer Security Technology Center. NID Distribution Site (1999).
[R25-1]
Maxion, Roy A. (Carnegie Mellon University). Invictus: Detection of Unanticipated Anomalies in Evolutionary Environments . http://www.cs.cmu.edu/~maxion/invictus (1999) .
[R25-2]
Maxion, Roy A. (Carnegie Mellon University). Cinnamon: Synthetic Data Generation . http://www.cs.cmu.edu/~maxion/invictus/cinnamon.html (1999) .
[R25-3]
Maxion, Roy A. (Carnegie Mellon University). Harbinger: Anomaly Detection Techniques . http://www.cs.cmu.edu/~maxion/invictus/harbinger.html (1999) .
[R25-4]
Maxion, Roy A. (Carnegie Mellon University). Invictus: Toward Dependable Systems . http://www.cs.cmu.edu/~maxion/invictus/InvQuad.jpg (1999) .
[R27]
Mé, Ludovic. (Supélec). Genetic Algorithms, an Alternative Tool for Security Audit Trail Analysis. (http://www.supelec-rennes.fr) (1995).
[R28]
Teng, Henry S.; Chen, Kaihu; & Lu, Stephen C-Y. "Security Audit Trail Analysis using Inductively Generated Predictive Rules," 24-29 vol.1. Proceedings of the 6th Conference on Artificial Intelligence Applications. Santa Barbara, CA, May 5-9, 1990. Los Alamitos, CA: IEEE Computer Society Press, 1990.
[R29]
Frincke, D., et al. (University of Idaho). A Framework for Cooperative Intrusion Detection.
[R30]
Vigna, Giovanni & Kemmerer, Richard A. (University of California, Santa Barbara). "NetSTAT: A Network-Based Intrusion Detection Approach." Proceedings of the 14th Annual Computer Security Applications Conference. Scottsdale, AZ, Dec. 1998. http://www.cs.ucsb.edu/~kemm/netstat.html/documents.html.
[R31]
Paxson, Vern. (Lawrence Berkeley National Laboratory). "Bro: A System for Detecting Network Intruders in Real-Time," Proceedings of 7th USENIX Security Symposium. San Antonio, TX, January 1998.
Kuykendall, David R. DIDS¾Re: Intro; Question . http://www.geek-girl.com/ids/0790.html (1996).
[R33]
Lindqvist, Ulf & Porras, Phillip A. "Detecting Computer and Network Misuse Through the Production-Based Expert System Toolset (P-BEST)." Proceedings of the 1999 IEEE Symposium on Security and Privacy. Oakland, CA, May 9-12, 1999. http://www2.csl.sri.com/emerald/pbest-sp99-cr.pdf.
[R34]
Bradley, Kirk A., et al. (University of California, Davis). Detecting Disruptive Routers: A Distributed Network Monitoring Approach. http://seclab.cs.ucdavis.edu/papers/oakland98-paper.pdf (1998).
[R35]
Irwin, Vicki; Northcutt, Stephen; & Ralph, Bill. (Naval Surface Warfare Center). Building a Network Monitoring and Analysis Capability¾Step by Step. (1998).
[return to top] [R37]
Floyd, Sally, et al. (Lawrence Berkeley National Laboratory). LBNL's Network Research Group. http://ftp.ee.lbl.gov/ (1998).
[R38]
Network Flight Recorder, Inc. Step-by-Step Network Monitoring Using NFR (1998).
[R39]
Stocksdale, Greg. CIDER Documents. http://www.digitalguards.com (1999).
[R40-1]
Baccala, Brent. "TCPdump." Connected: An Internet Encyclopedia, 3rd ed. (http://www.freesoft.org/CIE/Topics/55.htm).
[R40-2]
Baccala, Brent. "TCPdump(1)." Connected: An Internet Encyclopedia, 3rd ed. http://www.freesoft.org/CIE/Topics/56.htm.
[R41]
White, Gregory B.; Fisch, Eric A.; & Pooch, Udo W. "Cooperating Security Managers: A Peer-Based Intrusion Detection System." IEEE Network (January/February 1996): 20-23.
[R42]
Eliot, Lance B. (Eliot & Associates). "Typing your ID via AI." AI Expert (January 1995):9-10.
[R43]
Toure, Maodo. (Université Paul Sabatier). "An Interdisciplinary Approach for Adding Knowledge to Computer Security Systems," 158-168. Proceedings of the IEEE International Carnahan Conference on Security Technology. Albuquerque, NM, Oct. 12-14, 1994. New York, NY: IEEE, 1994.
[R44]
Safford, Dave; Schales, Doug; & Hess, Dave. (Texas A&M University). Texas A&M Network Security Package Overview. ftp://coast.cs.purdue.edu/pub/tools/unix/netlog/TAMU/OVERVIEW (1993).
[R45]
Proctor, Paul. (SAIC). "Audit Reduction and Misuse Detection in Heterogeneous Environments." Proceedings of the 10th Annual Computer Security Applications Conference. Orlando, FL, Dec. 5-9, 1994. Los Alamitos, CA: IEEE Computer Society Press, 1995.
[R46-a]
Bonifácio, J. M., Jr., et al. "An Adaptive Intrusion Detection System Using Neural Networks." Proceedings of the IFIP World Computer Congress¾Security in Information Systems (IFIP-SEC `98). Viena, Austria, August/September 1998. http://www.icmsc.sc.usp.br/~andre/papers.html.
[R46-b]
Bonifácio, José Maurício, Jr., et al. "Neural Networks Applied in Intrusion Detection Systems." Proceedings of the IEEE World Congress on Computational Intelligence (WCCI `98). Anchorage, AK, May 1998. http://www.icmsc.sc.usp.br/~andre/papers.html.
[R47]
Forrest, Stephanie; Hofmeyr, Steven A.; & Somayaji, Anil (University of New Mexico). "Computer Immunology." Communications of the ACM 40, 10 (1997): 86-96. http://www.cs.unm.edu/~forrest/papers.html.
[R48]
Forrest, Stephanie, et al. "A Sense of Self for Unix Processes," 120-128. Proceedings of the 1996 IEEE Symposium on Security and Privacy. Los Alamitos, CA: IEEE Computer Society Press, 1996. http://www.cs.unm.edu/~forrest/papers.html.
[R49]
D'haeseleer, Patrik; Forrest, Stephanie; & Helman, Paul. (University of New Mexico). A Distributed Approach to Anomaly Detection. http://www.cs.unm.edu/~forrest/papers.html (1997).
[R50]
Somayaji, Anil; Hofmeyr, Steven; &Forrest, Stephanie. (University of New Mexico). "Principles of a Computer Immune System," 75-82. Proceedings of the 1997 New Security Paradigms Workshop. 1998. http://www.cs.unm.edu/~forrest/papers.html.
[R51-a]
Goan, Terrance. (Stottler Henke Associates, Inc.). "A Cop on the Beat: Collecting and Appraising Intrusion Evidence." Communications of the ACM 42, 7 (July 1999): 46-52.
[R51-b]
Goan, Terrance. (Stottler Henke Associates, Inc.). ICE: Intelligent Correlation of Evidence for Intrusion Detection (183).
[R52-a]
University of Idaho. Hummer Project Intrusion Detection System (1999).
[R52-b]
Evans, Jason & Frincke, Deborah. (University of Idaho). Trust Mechanisms for Hummingbird. www1.acm.org/crossroads/xrds2-4/humming.html (1996).
[R53-1]
Stolfo, Salvatore J.; Backenroth, Adam; & Chan, Phil. The JAM Project. http://www.cs.columbia.edu/~sal/JAM/PROJECT/ (1999).
[R53-2]
Stolfo, Salvatore J. (Columbia University). Fraud and Intrusion Detection for Financial Information Systems. http://www.cs.columbia.edu/~sal/JAM/PROJECT/EYR1997.html (1998).
[R54-1]
Spafford, Gene, et al. (Purdue University). Autonomous Agents for Intrusion Detection . http://www.cs.purdue.edu/ (1999).
[R54-2]
Spafford, Eugene & Zamboni, Diego (Purdue University). Release of the Alpha Version of the AAFID Prototype. http://www.cs.purdue.edu/coast/projects/aafid-announce.html (1998).
[R54-3]
Balasubramaniyan, Jai, et al. (Purdue University). An Architecture for Intrusion Detection Using Autonomous Agents (Coast TR 98-05). West Lafayette, IN: COAST Laboratory, Purdue University, 1998. http://www.cs.purdue.edu/.
[R55]
Lane, Terran & Brodley, Carla E. (Purdue University). "Temporal Sequence Learning and Data Reduction for Anomaly Detection." Proceedings of the 5th Conference on Computer and Communications Security. San Francisco, CA. http://www.acm.org/pubs/articles/proceedings/commsec/288090/p150-lane/p150-lane.pdf (1998).
[R56]
Jordan, Sabina E., et al. "Discrete-Event Simulation for the Design and Evaluation of Physical Protection Systems." Proceedings of the 1998 Winter Simulation Conference.
http://www.acm.org/pubs/articles/proceedings/simulation/293172/p899-jordan/p899-jordan.pdf (1998).
[R57-1]
Cohen, Fred. Distributed Coordinated Attacks¾Background . http://all.net/books/dca/background.html (1996).
[R57-2]
Cohen, Fred. DCA's¾A Class of Attacks. http://all.net/books/dca/class.html (1996).
[R57-3]
Cohen, Fred. Characteristics of DCAs . http://all.net/books/dca/character.html (1996).
[R57-4]
Cohen, Fred. Defenses Against DCAs . http://all.net/books/dca/defenses.html (1996).
[R57-5]
Cohen, Fred. A Mathematical Characterization of DCAs http://all.net/books/dca/math.html (1996).
[R57-6]
Cohen, Fred. Distributed Coordinated Attacks¾Summary, Conclusions, and Further Work . http://all.net/books/dca/summary.html (1996).
[R58]
Cohen, Fred. Simulating Cyber Attacks, Defenses, and Consequences. http://all.net/journal/ntb/simulate/simulate.html (1999).
[R59]
Moran, Douglas B. (SRI International). Future Directions for Intrusion Detection. (1996).
[R60]
Stillerman, Matthew; Marceau, Carla; & Stillman, Maureen. (Odyssey Research Associates). "Intrusion Detection for Distributed Applications." Communications of the ACM 42, 7 (July 1999): 62-69.
[R61]
Ghosh, Anup K.; Wanken, James; & Charron, Frank. (Reliable Software Technologies). "Detecting Anomalous and Unknown Intrusions Against Programs," 259-267. Proceedings of the 14th Annual Computer Security Applications Conference. Phoenix, AZ, Dec. 7-11, 1998. Los Alamitos, CA: IEEE Computer Society Press, 1999.
[R62]
Helmer, Guy G., et al. "Intelligent Agents for Intrusion Detection," 121-124. Proceedings of the 1998 IEEE Information Technology Conference, Environment for the Future. Syracuse, NY, Sept. 1-3, 1998. New York, NY: IEEE, 1998.
[R63]
Ye, Nong; Giordano, Joseph; Feldman, John; & Zhong, Qiu. "Information Fusion Techniques for Network Intrusion Detection," 117-120. Proceedings of 1998 IEEE Information Technology Conference, Environment for the Future. Syracuse, NY, Sept. 1-3, 1998. New York, NY: IEEE, 1998
[R64]
Vert, Greg; Frinke, Deborah A.; & McConnell, Jesse C. (University of Idaho). A Visual Mathematical Model for Intrusion Detection (1998).
[R65]
Ho, Yuan; Frinke, Deborah; & Tobin, Donald, Jr. (University of Idaho). Planning, Petri Nets, and Intrusion Detection (1998).
[R66]
Frinke, Deborah, et al. (University of Idaho). Research Issues in Cooperative Intrusion Detection Between Multiple Domains.
[return to top] [R67]
Hofmeyr, Steven A.; Forrest, Stephanie; & Somayaji, Anil. (University of New Mexico). "Intrusion Detection Using Sequences of System Calls." Journal of Computer Society 6, 3 (1998): 151-180.
[R68-a]
Spafford, Gene, et al. (Purdue University). Audit Trail Reduction . (http://www.cs.purdue.edu/coast/projects/audit-trails-reduce.html) (1999).
[R68-b]
Spafford, Gene, et al. (Purdue University). Audit Trails Format . (http://www.cs.purdue.edu/coast/projects/audit-trails-format.html) (1998).
[R69]
Braden, Bob. (ISI). NNStat. (1993).
[R70]
Cannady, James. (Nova Southeastern University). "Artificial Neural Networks for Misuse Detection." Proceedings of the 21st National Information Systems Security Conference. Arlington, VA, Oct. 5-8, 1998. http://csrc.nist.gov/nissc/1998/proceedings/paperF13.pdf.
[R71]
Krsul, Ivan; Spafford, Eugene; & Tripunitata, Mahesh. (Purdue University). "An Analysis of Some Software Vulnerabilities." Proceedings of the 21st National Information Systems Security Conference. Arlington, VA, Oct. 5-8, 1998. http://csrc.nist.gov/nissc/1998/proceedings/paperD6.pdf.
[R72]
Stutz, John & Cheeseman, Peter. (NASA Ames Research Center). A Short Exposition on Bayesian Inference and Probability (1994).
[R73]
Varshney, P. Distributed Detection and Data Fusion. New York, NY: Springer Verlag, 1996.
[R74]
Ilgun, Koral; Kemmerer, Richard A.; & Porras, Phillip A. "State-Transition Analysis: A Rule-Based Intrusion Detection Approach." IEEE Transactions on Software Engineering XX, Y (1995): 1-20. http://www.cs.ucsb.edu.
[R75]
Höglund, Albert. (Nokia Research Center). A UNIX Anomaly Detection System Using Self-Organising Maps.
http://www.zurich.ibm.com/pub/Other/RAID/Prog_RAID98/Full_Papers/hoglund_slides.html/index.htm (1998).
[R77-a]
Axelsson, Stefan. (Chalmers University, Sweden). "The Base-Rate Fallacy and its Implications for the Difficulty of Intrusion Detection." Proceedings of the 6th ACM Conference on Computer and Communications Security, Kent Ridge Digital Labs, Singapore, Nov. 1-4, 1999. ACM, 1999.
[R77-b]
Axelsson, Stefan. (Chalmers University, Sweden). "On a Difficulty of Intrusion Detection." Proceedings of the 2nd International Workshop on Recent Advances in Intrusion Detection (RAID `99). West Lafayette, IN, Sept. 7-9, 1999.
[R78]
McGraw, Gary. (Reliable Software Technologies). "Why Monitoring Mobile Code is Harder than It Sounds." ;login: The USENIX Association Magazine (September 1999): 18-20.
[R79]
Amoroso, Edward. (AT&T Labs). "Design and Integration Principles for Large Scale Infrastructure Protection." ;login: The USENIX Association Magazine (September 1999): 20-21.
[R80]
Yuill, Jim, et al. "Intrusion Detection for an On-Going Attack." Proceedings of the 2nd International Workshop on Recent Advances in Intrusion Detection (RAID `99). West Lafayette, IN, Sept. 7-9, 1999. http://www.cerias.purdue.edu.
[R81]
Mansfield, Glenn, et al. "Towards Trapping Wily Intruders in the Large." Proceedings of the 2nd International Workshop on Recent Advances in Intrusion Detection (RAID `99). West Lafayette, IN, Sept. 7-9, 1999. http://www.cerias.purdue.edu/raid/proceedings/1999/more/mansfiel.pdf . [R82]
Bis