Chapter PDF
References
Allen J, Christie A, Fithen W, McHugh J, Pickel J, Stone E (2000) State of the Practice of Intrusion Detection Technologies. Available via Software Engineering Institute. http://www.sei.cmu.edu/publications/documents/99.reports/99tr028/99tr028abstract.html. Cited 9 January 2007
Axelsson S (2000) The Base-Rate Fallacy and the Difficulty of Intrusion Detection. ACM Transactions on Information and System Security 3(3), 186-205
BASE (2007) Basic Analysis and Security Engine (BASE) Project. Available via BASE Project. http://base.secureideas.net/. Cited 25 April 2007
Brugger ST, and Chow J (2005) An Assessment of the DARPA IDS Evaluation Dataset Using Snort. Available via UCDAVIS department of Computer Science. http://www.cs.ucdavis.edu/research/tech-reports/2007/CSE-2007-1.pdf. Cited 2 May 2007
Bugtraq (2007a) Microsoft IIS 5.0 ”Translate: f” Source Disclosure Vulnerability. Available via Security Focus. http://www.securityfocus.com/bid/1578. Cited 9 June 2007
Bugtraq (2007b) Microsoft IISWebDAV HTTP Request Source Code Disclosure Vulnerability. Available via Security Focus. http://www.securityfocus.com/bid/14764. Cited 9 June 2007
Caswell B and Roesch M (2004) Snort: The open source network intrusion detection system. Available via Snort. http://www.snort.org/. Cited 3 October 2007
Chapple M (2003) Evaluating and Tuning an Intrusion Detection System. Available online: SearchSecurity.com. http://searchsecurity.techtarget.com. Cited 1 November 2006
Chyssler T, Burschka S, Semling M, Lingvall T and Burbeck K (2004) Alarm Reduction and Correlation in Intrusion Detection Systems. Available via The Department of Computer and Information Science Linkopings Universitet. http://www.ida.liu.se/ rtslab/publications/2004/Chyssler04 DIMVA.pdf. Cited 15 June 2007
GCIA (2008) GIAC Certified Intrusion Analyst (GCIA). Available via Global Information Assurance Certification. http://www.giac.org/certifications/security/gcia.php. Cited 8 May 2007
Koziol J (2003) Intrusion Detection with Snort, 2Rev edition. Sams Publishing, United States of America
Kruegel C and Robertson W (2004) Alert Verification: Determining the Success of Intrusion Attempts, Proc. First Workshop the Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA 2004). Available via Department of Computer Science, University of California, Santa Barbara. http://www.cs.ucsb.edu/ wkr/publications/dimva04verification.pdf. Cited 19 May 2007
Lippmann RP, Haines JW, Fried DJ, Korba J and Das KJ (2000) The 1999 DARPA off-line intrusion detection evaluatio. Computer Networks 34:579–595
Mahoney MV and Chan PK (2003) An Analysis of the 1999 DARPA/Lincoln Laboratory Evaluation Data for Network Anomaly Detection. In Recent Advances in Intrusion Detection (RAID2003), Lecture Notes in Computer Science, Springer-Verlag 2820:220–237
McHugh J (2000) Intrusion Detection Systems: A Critique of the 1998 and 1999 DARPA Intrusion Detection System Evaluations as Performed by Lincoln Laboratory. ACM Transactions on Information and System Security 3(4), 262-294
Mell P, Hu V, Lippmann R, Haines J and ZissmanM(2003) An Overview of Issues in Testing Intrusion Detection Systems. NISTIR 7007. Available via National Institute of Standards and Technology. http://csrc.nist.gov/publications/nistir/nistir-7007.pdf. Cited 7 July 2007
Patton S, Yurcik W and Doss D (2001) An Archilles’ Heel in Signature-Based IDS: Squealing False Positives in SNORT. Recent Advanced in Intrusion Detection (RAID), Univ. of California-Davis.
Ritter J (2006) Ngrep - network grep. Available via SourceForge.net. http://ngrep.sourceforge.net. Cited 30 June 2007
Snort (2007a) Event Thresholding. Available via Snort. http://www.snort.org/docs/snort htmanuals/htmanual 2.4/node22.html. Cited 1 July 2007
Snort (2007b) WEB-IIS view source via translate header. Available via Snort. http://snort.org/pub-bin/sigs.cgi?sid=1042. Cited 9 June 2007
Snort (2007c) WEB-MISC robots.txt access. Available via Snort. http://www.snort.org/pub-bin/sigs.cgi?sid=1:1852. Cited 9 June 2007
Snort (2007d) ICMP L3retriever Ping. Available via Snort. http://www.snort.org/pub-bin/sigs.cgi?sid=1:466. Cited 13 June 2007
Tjhai GC, Papadaki M, Furnell SM and Clarke NL (2008) The problem of false alarms: Evaluation with Snort and DARPA 1999 Dataset. Submitted to TrustBus 2008, Turin, Italy, 1-5 September 2008
Web Server Talk (2005) L3Retriever false positives. Available via Web Server Talk. http://www.webservertalk.com/message893082.html. Cited 12 July 2007
WebDAV (2001) WebDAV Overview. Available via Sambar Server Documentation. http://www.sambar.com/syshelp/webdav.htm. Cited 20 June 2007
Zhou A, Blustein J, and Zincir-Heywood N (2004) Improving Intrusion Detection Systems Through Heuristic Evaluation. 17th Annual Canadian Conference on Electrical and Computer Engineering. http://users.cs.dal.ca/ jamie/pubs/PDF/Zhou+CCECE04.pdf. Cited 25 June 2007
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 IFIP International Federation for Information Processing
About this paper
Cite this paper
Tjhai, G., Papadaki, M., Furnell, S., Clarke, N. (2008). Investigating the problem of IDS false alarms: An experimental study using Snort. In: Jajodia, S., Samarati, P., Cimato, S. (eds) Proceedings of The Ifip Tc 11 23rd International Information Security Conference. SEC 2008. IFIP – The International Federation for Information Processing, vol 278. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-09699-5_17
Download citation
DOI: https://doi.org/10.1007/978-0-387-09699-5_17
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-09698-8
Online ISBN: 978-0-387-09699-5
eBook Packages: Computer ScienceComputer Science (R0)