Recent Advances in Intrusion Detection: 6th International Symposium, RAID 2003, Pittsburgh, PA, USA, September 8-10, 2003, ProceedingsGiovanni Vigna, Erland Jonsson, Christopher Kruegel This book constitutes the refereed proceedings of the 6th International Symposium on Recent Advances in Intrusion Detection, RAID 2003, held in Pittsburgh, PA, USA in September 2003. The 13 revised full papers presented were carefully reviewed and selected from 44 submissions. The papers are organized in topical sections on network infrastructure, anomaly detection, modeling and specification, and IDS sensors. |
Contents
1 | |
TopologyBased Detection of Anomalous BGP Messages | 17 |
Anomaly Detection I | 35 |
An Approach for Detecting Selfpropagating Email | 55 |
Correlation | 73 |
An Application of Chronicles | 94 |
Modeling and Specification | 113 |
Using SpecificationBased Intrusion Detection for Automated Response | 136 |
IDS Sensors | 155 |
Using Decision Trees to Improve SignatureBased Intrusion Detection | 173 |
Ambiguity Resolution via Passive OS Fingerprinting | 192 |
Two Sophisticated Techniques to Improve HMMBased Intrusion | 207 |
An Analysis of the 1999 DARPALincoln Laboratory Evaluation Data | 220 |
Other editions - View all
Common terms and phrases
alert correlation algorithm analysis anomaly detection approach attack scenarios behavior border router buffer overflow buffer overflow attack bytes chronicle models chronicle recognition client clustering Computer connection constraints cost DAML+OIL DARPA decision tree defined Denial of Service detector domain attributes email traffic evaluation experiment false alarms Fanout feature FreeBSD Granger Causality graph header rules host hyper alert identify IDEVAL IEEE implementation input element instance Internet intrusion detection systems IP address language Linux malicious matching module network intrusion detection neurons NIDS node normal number of rules ontology operating system optimal packets parameters performance PID control processor propagation protocol response actions routing scenario analysis Section Security Self-Organizing Maps sensor sequence server signature simulation Snort specific Syn Flood system call Target Alert taxonomy techniques timestamp training data set USENIX variable virus viruses