Skip to main content
SpringerLink
Log in

Attack Evidence Detection, Recovery, and Signature Extraction with ADenoIdS

  • Conference paper
Telecommunications and Networking - ICT 2004 (ICT 2004)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3124))

Included in the following conference series:

  • 848 Accesses

Abstract

This paper presents the ADenoIdS intrusion detection system (IDS). ADenoIdS takes some architectural inspiration from the human immune system and automates intrusion recovery and attack signature extraction. These features are enabled through attack evidence detection. This IDS is initially designed to deal with application attacks, extracting signature for remote buffer overflow attacks. ADenoIdS is described in this paper and experimental results are also presented. These results show that ADenoIdS can discard false-positives and extract signatures which match the attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Garfinkel, S., Spafford, G.: Practical UNIX & Internet Security, 2nd edn. O’Reilly and Associates, Sebastopol (1996)

    Google Scholar 

  2. Pethia, R.: Computer Security. Cert Coordidantion Center, Available on the web at http://www.cert.org/congressional_testimony/Pethia_testimony_Mar9.html (2000)

  3. Bace, R.: Intrusion Detection, 1st edn. Macmillan Technical Publishing, Basingstoke (2000)

    Google Scholar 

  4. Hofmeyr, S., Forrest, S.: Architecture for an Artificial Immune System. Evolutionary Computation 8, 443–473 (2000)

    Article  Google Scholar 

  5. Dasgupta, D.: Immunity-Based Intrusion Detection System: A General Framework. In: Proceedings of the 22nd National Information System Security Conference, pp. 147–160 (1999)

    Google Scholar 

  6. Kim, J., Bentley, P.: An Artificial Immune Model for Network Intrusion Detection. In: Proceedings of the 7th European Congress on Intelligent Techniques and Soft Computing (1999)

    Google Scholar 

  7. Kephart, J.: A Biologically Inspired Immune System for Computers. In: Artificial Life IV: Proceedings of the Fourth International Workshop on the Synthesis and Simulation of Living Systems, pp. 130–139 (1994)

    Google Scholar 

  8. CERT Coordination Center: CERT Summaries 1995-2003, Available on the web at http://www.cert.org/summaries (2004)

  9. de Castro, L.N., Timmis, J.: Artificial Immune Systems: A New Computational Intelligence Approach, 1st edn. Springer, Heidelberg (2002)

    MATH  Google Scholar 

  10. Haile, J., McMillen, R.: Snort-inline tool, Available on the web at http://project.honeynet.org/papers/honeynet/tools (2004)

  11. Kim, J., Bentley, P.: Evaluating Negative Selection in an Artificial Immune System for Network Intrusion Detection. In: Proceedings of the Genetic and Evolutionary Computation Conference, pp. 1330–1337 (2001)

    Google Scholar 

  12. Provos, N.: Improving Host Security with System Call Policies. In: Proceedings of the 12th USENIX Security Symposium (2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. State University of Mato Grosso do Sul (UEMS), Dourados, MS, Brazil

    F. S. de Paula

  2. Computing Institute, State University of Campinas, Campinas, SP, Brazil

    F. S. de Paula & P. L. de Geus

Authors
  1. F. S. de Paula
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. P. L. de Geus
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Departamento de Computacao, Universida de Federal do Ceará, Campus do Pici - Bloco 910, 60455-760, Fortaleza, Ceará, Brazil

    José Neuman de Souza

  2. Cisco Systems, Inc., 10 West Tasman Drive, Bldg O/2, CA 95134, San Jose, USA

    Petre Dini

  3. IUT, University of Haute Alsace, 34, rue du Grillenbreit, 68008, Colmar, France

    Pascal Lorenz

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

de Paula, F.S., de Geus, P.L. (2004). Attack Evidence Detection, Recovery, and Signature Extraction with ADenoIdS . In: de Souza, J.N., Dini, P., Lorenz, P. (eds) Telecommunications and Networking - ICT 2004. ICT 2004. Lecture Notes in Computer Science, vol 3124. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-27824-5_141

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-27824-5_141

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-22571-3

  • Online ISBN: 978-3-540-27824-5

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation