Korba, 2000 - Google Patents
Windows NT attacks for the evaluation of intrusion detection systemsKorba, 2000
View PDF- Document ID
- 8021943544529780908
- Author
- Korba J
- Publication year
External Links
Snippet
The 1999 DARPA Off-Line Intrusion Detection Evaluation provided a standard corpus for evaluating intrusion detection systems. It improved on the 1998 evaluation by providing training data containing no attacks to train anomaly detection systems, scoring systems on …
- 238000011156 evaluation 0 title abstract description 161
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/34—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation; Recording or statistical evaluation of user activity, e.g. usability assessment
- G06F11/3466—Performance evaluation by tracing or monitoring
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2201/00—Indexing scheme relating to error detection, to error correction, and to monitoring
- G06F2201/875—Monitoring of systems including the internet
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/316—User authentication by observing the pattern of computer usage, e.g. typical user behaviour
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3604—Software analysis for verifying properties of programs
- G06F11/3612—Software analysis for verifying properties of programs by runtime analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Pennington et al. | Storage-based intrusion detection: Watching storage activity for suspicious behavior | |
| Kendall | A database of computer attacks for the evaluation of intrusion detection systems | |
| Schmidt et al. | Logging and log management: the authoritative guide to understanding the concepts surrounding logging and log management | |
| Scambray et al. | Hacking exposed: network security secrets & solutions | |
| US9055093B2 (en) | Method, system and computer program product for detecting at least one of security threats and undesirable computer files | |
| US7065657B1 (en) | Extensible intrusion detection system | |
| US8578490B2 (en) | System and method for using timestamps to detect attacks | |
| US6826697B1 (en) | System and method for detecting buffer overflow attacks | |
| US7032114B1 (en) | System and method for using signatures to detect computer intrusions | |
| Korba | Windows NT attacks for the evaluation of intrusion detection systems | |
| Lindqvist et al. | eXpert-BSM: A host-based intrusion detection solution for Sun Solaris | |
| WO2001016709A1 (en) | System and method for using timestamps to detect attacks | |
| Vigna et al. | Host-based intrusion detection | |
| Haines et al. | 1999 DARPA intrusion detection evaluation: Design and procedures | |
| Das | Attack development for intrusion detector evaluation | |
| Chen et al. | POSTER: Construct macOS Cyber Range for Red/Blue Teams | |
| Helmer | Intelligent multi-agent system for intrusion detection and countermeasures | |
| Mookhey et al. | Linux: Security, Audit and Control Features | |
| Wang et al. | Analyzing Security Vulnerabilities and Attacks | |
| Sheldon | Forensic analysis of Windows systems | |
| Lohanathan et al. | Live Response Training Range mit Velociraptor | |
| Pennington et al. | Storage-based Intrusion Detection: Watching Storage Activity For Suspicious Behavior (CMU-CS-02-179) | |
| Frazier | Creating a Security Laboratory Environment for Education, Research and Outreach | |
| De Maio | On the evolution of digital evidence: novel approaches for cyber investigation | |
| Handler | Oversights Add Up: MySQL Buffer Overflow |