Abstract
Few practical implementations of anomaly detection systems are currently known. Major hindrances in this regard are poor accuracy of detection and excessive false positives. While some of the reasons may be attributed to theory and technology, a major factor that is overlooked is the user. We propose a novel approach that brings the user into the loop by querying him for his session intent in a proactive manner. This encapsulated intent serves the purpose of a certificate based on which more accurate intrusion detection decisions can be made.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Alkhalifa, Z., Nair, V. S. S., Krishnamurthy, N., and Abraham, J. A. (1999). Design and evaluation of system-level checks for on-line control flow error detection. IEEE Transactions of Parallel and Distributed Systems, 10(6).
Chari, Suresh and Cheng, Pau-Chen (2002). Bluebox: A policy-driven host-based intrusion detection system. Network and Distributed System Security Symposium (NDSS’02).
Clyde, A.R. (Sept. 1987). Insider threat identification systems. Proc. 10th National Computer Security Conf.
Debar, H., Dacier, M., Wespi, A., and Lampart, S. (1997). An experimentation workbench for intrusion detections systems. Research Report, IBM, Zurich Research Laboratory.
Denning, D.E. (1987). An intrusion-detection model. IEEE Transactions on Software Engineering, SE-13(2):222–232.
Ferraiolo, D. and Kuhn, R. (1992). Role based access control. 15th National Computer Security Conference.
Ghosh, A. K., Schwartzbart, Aaron, and Schatz, Michael (1999). Learning program behavior profiles for intrusion detection. 1st USENIX Workshop on Intrusion Detection and Network Modeling.
Hochberg, J., Jackson, K., Stallings, C, McClary, I, DuBois, D., and Ford, J. (1993). NADIR: An automated system for detecting network intrusions and misuse. Computers & Security, 12(3):253–248.
Ilgun, K., Kemmerer, R.A., and Porras, PA. (1995). State transition analysis: A rule-based intrusion detection approach. IEEE Trans. on Software Eng., 21(3): 181–199.
Ko, C, Ruschitzka, M., and Levitt, K. (May 1997). Execution monitoring of security-critical programs in distributed systems: A specification-based approach. 1997 IEEE Symp. on Security & Privacy, pages 134–144.
Krings, A.W., Harrison, S., Hanebutte, N., Taylor, C, and McQueen, M. (2001). Attack recognition based on kernel attack signatures, to appear in Proc. 2001 Internations Symposium on Information Systems and Engineering, (ISE’2001).
Kumar, S. and Spafford, E.H. (October 1994). A pattern matching model for misuse intrusion detection. Proceedings of the 17th National Computer Security Conf, pages 11–21.
Lane, Terran and Brodley, Carla E. (1997). Sequence matching and learning in anomaly detection for computer security. AAAI-97 Workshop on AI Approaches to Fraud Detection and Risk Management, pages 43–49.
Lunt, T.F. (1993). A survey of intrusion detection techniques. Computers and Security, 12:405–418.
Maxion, Roy A. and Tan, Kymie M. C. (2000). Benchmarking anomaly-based detection systems. Int’l Conf. Dependable Systems and Networks, pages 623–630.
Maxion, Roy A. and Townsend, Tahlia N. (2002). Masquerade detection using truncated command lines. Int’l Conf. Dependable Systems and Networks, pages 219–228.
McConnell, J., Frincke, D., Tobin, D., Marconi, J, and Polla, D. (1998). A framework for cooperative intrusion detection. 21st National Information Systems Security Conference, pages 361–373.
Namjoo, M. (1982). Techniques for concurrent testing of VLSI processor operation. Proc. International Test Conference, pages 461–468.
Porras, P.A. and Neumann, P.G. (Oct. 1997). EMERALD: Event monitoring enabling responses to anomalous live disturbances. National Information Systems Security Conf., pages 353–365.
Pradhan, D.K. (1996). Fault tolerant computer system design. Prentice-Hall.
Roesch, M. (1999). Snort: Lightweight intrusion detection for networks. USENIX LISA Conference.
Schuette, M.A. and Shen, J.P. (1987). Processor control flow monitoring using signatured instruction streams. IEEE Transactions on Computers, C-36(3):264–276.
Snapp, S.R., Smaha, S.E., Grance, T, and Teal, D.M. (June 1992). The DIDS Distributed intrusion detection system prototype. USENIX, 1992 Technical Conference, pages 227–233.
Spafford, Eugene H. and Zamboni, Diego (2000). Intrusion detection using autonomous agents. Computer Networks, 34(4):547–570.
Spyrou, T. and Darzentas, J. (1996). Intention modeling: Approximating computer user intentions for detection and prediction of intrusions. Information Systems Security, pages 319–335.
Staniford-Chen, S., Cheung, S., Crawford, R., Dilger, M., Frank, J., Hoagland, J., Levitt, K., Wee, C, Yip, R., and Zerkle, D. (1996). GrIDS — A graph-based intrusion detection system for large networks. 19th National Information Systems Security Conference.
Upadhyaya, S., Chinchani, R., and Kwiat, K. (2001). An analytical framework for rea-soning about intrusions. 20th IEEE Symposium on Reliable Distributed Systems, pages 99–108.
Upadhyaya, S.J. and Ramamurthy, B. (1994). Concurrent process monitoring with no reference signatures. IEEE Transactions on Computers, 43(4):475–480.
Wagner, David and Dean, Drew (2001). Intrusion detection via static analysis. IEEE Security and Privacy Conference.
Wagner, David and Soto, Paolo (2002). Mimicry attacks on host-based intrusion detection systems. ACM CSS.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer Science+Business Media, Inc.
About this chapter
Cite this chapter
Upadhyaya, S., Chinchani, R., Mantha, K., Kwiat, K. (2005). Encapsulation of User’s Intent: A New Proactive Intrusion Assessment Paradigm. In: Kumar, V., Srivastava, J., Lazarevic, A. (eds) Managing Cyber Threats. Massive Computing, vol 5. Springer, Boston, MA. https://doi.org/10.1007/0-387-24230-9_8
Download citation
DOI: https://doi.org/10.1007/0-387-24230-9_8
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-24226-2
Online ISBN: 978-0-387-24230-9
eBook Packages: Computer ScienceComputer Science (R0)