| Title | Date Added | Company | |
|---|---|---|---|
 |
Adaptive Alert Throttling for Intrusion Detection Systems | 2008-01-01 | University of Nottingham |
| Each time an intrusion detection system raises an alert it must make some attempt to communicate the information to an operator. This communication channel can easily become the target of a denial of service attack because, like all communication channels, it has a fixed capacity. If this channel can become overwhelmed with bogus data, an attacker can quickly achieve complete neutralisation of intrusion detection capability. Although these types of attack are very hard to stop completely, the aim is to present techniques that improve alert throughput and capacity to such an extent that the resources required to successfully mount the attack become prohibitive.
Tags: Security Tools, Intrusion Detection Systems |
|||
|
A Game Theoretic Analysis of Intrusion Detection in Access Control Systems | 2008-01-01 | University of Illinois |
| This paper presents a game-theoretic analysis of intrusion detection in access control systems. A security game between the attacker and the intrusion detection system is investigated both in finite and continuous-kernel versions, where in the latter case players are associated with specific cost functions. The distributed virtual sensor network based on software agents with imperfect detection capabilities is also captured within the model introduced. This model is then extended to take the dynamic characteristics of the sensor network into account. Properties of the resulting dynamic system and repeated games between the players are discussed both analytically and numerically.
Tags: Security Tools, Intrusion Detection Systems |
|||
|
Fast and Scalable Pattern Matching for Network Intrusion Detection Systems | 2008-01-01 | Stanford University |
| High-speed packet content inspection and filtering devices rely on a fast multi-pattern matching algorithm which is used to detect predefined keywords or signatures in the packets. Multi-pattern matching is known to require intensive memory accesses and is often a performance bottleneck. Hence specialized hardware-accelerated algorithms are required for line-speed packet processing. This paper presents hardware-implementable pattern matching algorithm for content filtering applications, which is scalable in terms of speed, the number of patterns and the pattern length. The algorithm is based on a memory efficient multi-hashing data structure called Bloom filter. The paper uses embedded on-chip memory blocks in FPGA/VLSI chips to construct Bloom filters which can suppress a large fraction of memory accesses and speed up string matching.
Tags: Security Tools, Intrusion Detection Systems |
|||
|
Policy-Controlled Event Management for Distributed Intrusion Detection | 2008-01-01 | University of Cambridge |
| A powerful strategy in intrusion detection is the separation of surveillance mechanisms from a site's policy for processing observed events. The Bro intrusion detection system has been using the notion of policy-neutral events as the basic building blocks for the formulation of a site's security policy since its conception. A recent addition to the system is the ability to exchange events with other Bro peers to allow distributed detection. This paper extends Bro's existing event model to fulfill the requirements of scalable policy-controlled distributed event management, including mechanisms for event publication, subscription, processing, propagation, and correlation.
Tags: Security Tools, Intrusion Detection Systems |
|||
|
Real Time Data Mining-Based Intrusion Detection | 2008-01-01 | North Carolina State University |
| This paper presents an overview of the research in real time data mining-based Intrusion Detection Systems (IDSs). It focuses on issues related to deploying a data mining-based IDS in a real time environment. The paper describes the approaches to address three types of issues: accuracy, efficiency, and usability. To improve accuracy, data mining programs are used to analyze audit data and extract features that can distinguish normal activities from intrusions; it use artificial anomalies along with normal and/or intrusion data to produce more effective misuse and anomaly detection models. To improve efficiency, the computational costs of features are analyzed and a multiple-model cost-based approach is used to produce detection models with low cost and high accuracy.
Tags: Security Tools, Intrusion Detection Systems |
|||
|
A Reconfigurable Architecture for Network Intrusion Detection Using Principal Component Analysis | 2008-01-01 | Northwestern University |
| This paper develops architecture for Principal Component Analysis (PCA) to be used as an outlier detection method for high-speed Network Intrusion Detection Systems (NIDS). PCA is a common statistical method used in multivariate optimization problems in order to reduce the dimensionality of data while retaining a large fraction of the data characteristic. First, PCA is used to project the training set onto eigenspace vectors representing the mean of the data. These eigenspace vectors are then used to predict malicious connections in a workload containing normal and attack behavior. This simulations show that the architecture correctly classifies attacks with detection rates exceeding 99% and false alarms rates as low as 1.95%.
Tags: Security Tools, Intrusion Detection Systems |
|||
|
Enriching Intrusion Alerts Through Multi-Host Causality | 2008-01-01 | University of Michigan |
| Current intrusion detection systems point out suspicious states or events but do not show how the suspicious state or events relate to other states or events in the system. This paper shows how to enrich an IDS alert with information about how those alerts causally lead to or result from other events in the system. By enriching IDS alerts with this type of causal information, one can leverage existing IDS alerts to learn more about the suspected attack. Backward causal graphs can be used to find which host allowed a multi-hop attack (such as a worm) to enter a local network; forward causal graphs can be used to find the other hosts that were affected by the multi-hop attack.
Tags: Security Tools, Intrusion Detection Systems |
|||
|
Applying Fast String Matching to Intrusion Detection | 2008-01-01 | University of California |
| The performance of signature-based network intrusion detection tools is dominated by the string matching of packets against many signatures. This paper studies how the popular intrusion detection system Snort can be best optimized to utilize different string matching algorithms. The paper analyzes the performance of Snort's current string matching algorithm, Boyer-Moore, and several alternate algorithms. The paper shows that no single algorithm is fastest in the context of a real Snort rule set. Instead, the paper develops a hybrid system that utilizes three different search algorithms, including one new algorithm presented in this paper. The result is a system that matches many common packets 5 times faster with an average speedup of 50%.
Tags: Security Tools, Intrusion Detection Systems |
|||
|
Honeycomb - Creating Intrusion Detection Signatures Using Honeypots | 2008-01-01 | University of Cambridge |
| This paper describes a system for automated generation of attack signatures for network intrusion detection systems. The system applies pattern-matching techniques and protocol conformance checks on multiple levels in the protocol hierarchy to network traffic captured a honeypot system. This paper presents results of running the system on an unprotected cable modem connection for 24 hours. The system successfully created precise traffic signatures that otherwise would have required the skills and time of a security officer to inspect the traffic manually.
Tags: Security Tools, Intrusion Detection Systems |
|||
|
Attribution and Aggregation of Network Flows for Security Analysis | 2008-01-01 | Dartmouth College |
| This paper describes a network flow analyzer that is capable of attribution and aggregation of different flows into single activity events for the purposes of identifying suspicious and illegitimate behaviors. Flows are correlated with security events using the Process Query System (PQS) infrastructure. This paper shows results from initial experiments and describes plans for extending the effort. The correlation of networks flows with security events appears to have high potential for aggregating disparate network and host activity and for classifying network activity as either benign or suspicious.
Tags: Security Management, Security Tools |
Cutting-edge technology from premium sponsors
Oracle Technology Solutions for Midsize Businesses
Oracle's Vision for an Enterprise Performance Management System
Improve employee productivity with an out-of-the-box employee portal
- ZDNet.com |
- ZDNet Japan |
- ZDNet.de |
- CNET UK |
- CNET.de |
- Tech Republic |
- BNET |
- MP3.com |
- activeTechPros |
- ZDNet UK |
- ZDNet Korea |
- ZDNet France |
- CNET Australia |
- CNET France |
- Download.com |
- Builder |
- GameSpot
- ZDNet Australia |
- ZDNet Taiwan |
- CNET |
- CNET Taiwan |
- News.com |
- Silicon.com |
- TV.com |
- GameSpot Korea
News |
Insight |
Reviews |
TechGuides |
Jobs |
Blogs |
Videos |
Community |
Downloads |
IT Library |
Copyright © 2008 CNET Networks, Inc., a CBS Company. All rights reserved. Privacy Policy.
