Skip to main content
SpringerLink
Log in

Encapsulation of User’s Intent: A New Proactive Intrusion Assessment Paradigm

  • Chapter
Managing Cyber Threats

Part of the book series: Massive Computing ((MACO,volume 5))

  • 1859 Accesses

Abstract

Few practical implementations of anomaly detection systems are currently known. Major hindrances in this regard are poor accuracy of detection and excessive false positives. While some of the reasons may be attributed to theory and technology, a major factor that is overlooked is the user. We propose a novel approach that brings the user into the loop by querying him for his session intent in a proactive manner. This encapsulated intent serves the purpose of a certificate based on which more accurate intrusion detection decisions can be made.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Alkhalifa, Z., Nair, V. S. S., Krishnamurthy, N., and Abraham, J. A. (1999). Design and evaluation of system-level checks for on-line control flow error detection. IEEE Transactions of Parallel and Distributed Systems, 10(6).

    Google Scholar 

  2. Chari, Suresh and Cheng, Pau-Chen (2002). Bluebox: A policy-driven host-based intrusion detection system. Network and Distributed System Security Symposium (NDSS’02).

    Google Scholar 

  3. Clyde, A.R. (Sept. 1987). Insider threat identification systems. Proc. 10th National Computer Security Conf.

    Google Scholar 

  4. Debar, H., Dacier, M., Wespi, A., and Lampart, S. (1997). An experimentation workbench for intrusion detections systems. Research Report, IBM, Zurich Research Laboratory.

    Google Scholar 

  5. Denning, D.E. (1987). An intrusion-detection model. IEEE Transactions on Software Engineering, SE-13(2):222–232.

    Google Scholar 

  6. Ferraiolo, D. and Kuhn, R. (1992). Role based access control. 15th National Computer Security Conference.

    Google Scholar 

  7. Ghosh, A. K., Schwartzbart, Aaron, and Schatz, Michael (1999). Learning program behavior profiles for intrusion detection. 1st USENIX Workshop on Intrusion Detection and Network Modeling.

    Google Scholar 

  8. Hochberg, J., Jackson, K., Stallings, C, McClary, I, DuBois, D., and Ford, J. (1993). NADIR: An automated system for detecting network intrusions and misuse. Computers & Security, 12(3):253–248.

    Article  Google Scholar 

  9. Ilgun, K., Kemmerer, R.A., and Porras, PA. (1995). State transition analysis: A rule-based intrusion detection approach. IEEE Trans. on Software Eng., 21(3): 181–199.

    Article  Google Scholar 

  10. Ko, C, Ruschitzka, M., and Levitt, K. (May 1997). Execution monitoring of security-critical programs in distributed systems: A specification-based approach. 1997 IEEE Symp. on Security & Privacy, pages 134–144.

    Google Scholar 

  11. Krings, A.W., Harrison, S., Hanebutte, N., Taylor, C, and McQueen, M. (2001). Attack recognition based on kernel attack signatures, to appear in Proc. 2001 Internations Symposium on Information Systems and Engineering, (ISE’2001).

    Google Scholar 

  12. Kumar, S. and Spafford, E.H. (October 1994). A pattern matching model for misuse intrusion detection. Proceedings of the 17th National Computer Security Conf, pages 11–21.

    Google Scholar 

  13. Lane, Terran and Brodley, Carla E. (1997). Sequence matching and learning in anomaly detection for computer security. AAAI-97 Workshop on AI Approaches to Fraud Detection and Risk Management, pages 43–49.

    Google Scholar 

  14. Lunt, T.F. (1993). A survey of intrusion detection techniques. Computers and Security, 12:405–418.

    Article  Google Scholar 

  15. Maxion, Roy A. and Tan, Kymie M. C. (2000). Benchmarking anomaly-based detection systems. Int’l Conf. Dependable Systems and Networks, pages 623–630.

    Google Scholar 

  16. Maxion, Roy A. and Townsend, Tahlia N. (2002). Masquerade detection using truncated command lines. Int’l Conf. Dependable Systems and Networks, pages 219–228.

    Google Scholar 

  17. McConnell, J., Frincke, D., Tobin, D., Marconi, J, and Polla, D. (1998). A framework for cooperative intrusion detection. 21st National Information Systems Security Conference, pages 361–373.

    Google Scholar 

  18. Namjoo, M. (1982). Techniques for concurrent testing of VLSI processor operation. Proc. International Test Conference, pages 461–468.

    Google Scholar 

  19. Porras, P.A. and Neumann, P.G. (Oct. 1997). EMERALD: Event monitoring enabling responses to anomalous live disturbances. National Information Systems Security Conf., pages 353–365.

    Google Scholar 

  20. Pradhan, D.K. (1996). Fault tolerant computer system design. Prentice-Hall.

    Google Scholar 

  21. Roesch, M. (1999). Snort: Lightweight intrusion detection for networks. USENIX LISA Conference.

    Google Scholar 

  22. Schuette, M.A. and Shen, J.P. (1987). Processor control flow monitoring using signatured instruction streams. IEEE Transactions on Computers, C-36(3):264–276.

    Google Scholar 

  23. Snapp, S.R., Smaha, S.E., Grance, T, and Teal, D.M. (June 1992). The DIDS Distributed intrusion detection system prototype. USENIX, 1992 Technical Conference, pages 227–233.

    Google Scholar 

  24. Spafford, Eugene H. and Zamboni, Diego (2000). Intrusion detection using autonomous agents. Computer Networks, 34(4):547–570.

    Article  Google Scholar 

  25. Spyrou, T. and Darzentas, J. (1996). Intention modeling: Approximating computer user intentions for detection and prediction of intrusions. Information Systems Security, pages 319–335.

    Google Scholar 

  26. Staniford-Chen, S., Cheung, S., Crawford, R., Dilger, M., Frank, J., Hoagland, J., Levitt, K., Wee, C, Yip, R., and Zerkle, D. (1996). GrIDS — A graph-based intrusion detection system for large networks. 19th National Information Systems Security Conference.

    Google Scholar 

  27. Upadhyaya, S., Chinchani, R., and Kwiat, K. (2001). An analytical framework for rea-soning about intrusions. 20th IEEE Symposium on Reliable Distributed Systems, pages 99–108.

    Google Scholar 

  28. Upadhyaya, S.J. and Ramamurthy, B. (1994). Concurrent process monitoring with no reference signatures. IEEE Transactions on Computers, 43(4):475–480.

    Article  Google Scholar 

  29. Wagner, David and Dean, Drew (2001). Intrusion detection via static analysis. IEEE Security and Privacy Conference.

    Google Scholar 

  30. Wagner, David and Soto, Paolo (2002). Mimicry attacks on host-based intrusion detection systems. ACM CSS.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, University at Buffalo, Buffalo

    Shambhu Upadhyaya, Ramkumar Chinchani & Kiran Mantha

  2. Air Force Research Laboratory, USA

    Kevin Kwiat

Authors
  1. Shambhu Upadhyaya
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ramkumar Chinchani
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kiran Mantha
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Kevin Kwiat
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. University of Minnesota, USA

    Vipin Kumar , Jaideep Srivastava  & Aleksandar Lazarevic ,  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer Science+Business Media, Inc.

About this chapter

Cite this chapter

Upadhyaya, S., Chinchani, R., Mantha, K., Kwiat, K. (2005). Encapsulation of User’s Intent: A New Proactive Intrusion Assessment Paradigm. In: Kumar, V., Srivastava, J., Lazarevic, A. (eds) Managing Cyber Threats. Massive Computing, vol 5. Springer, Boston, MA. https://doi.org/10.1007/0-387-24230-9_8

Download citation

  • DOI: https://doi.org/10.1007/0-387-24230-9_8

  • Publisher Name: Springer, Boston, MA

  • Print ISBN: 978-0-387-24226-2

  • Online ISBN: 978-0-387-24230-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation