Recent Advances in Intrusion Detection

1. Front Matter

   Pages I-X

   PDF

2. Stepping Stone Detection

   1. Detecting Long Connection Chains of Interactive Terminal Sessions

      • Kwong H. Yung

      Pages 1-16

   2. Multiscale Stepping-Stone Detection: Detecting Pairs of Jittered Interactive Streams by Exploiting Maximum Tolerable Delay

      • David L. Donoho, Ana Georgina Flesia, Umesh Shankar, Vern Paxson, Jason Coit, Stuart Staniford

      Pages 17-35

   3. Detecting Malicious Software by Monitoring Anomalous Windows Registry Accesses

      • Frank Apap, Andrew Honig, Shlomo Hershkop, Eleazar Eskin, Sal Stolfo

      Pages 36-53

3. Anomaly Detection

   1. Undermining an Anomaly-Based Intrusion Detection System Using Common Exploits

      • Kymie M. C. Tan, Kevin S. Killourhy, Roy A. Maxion

      Pages 54-73

4. Correlation

   1. Analyzing Intensive Intrusion Alerts via Correlation

      • Peng Ning, Yun Cui, Douglas S. Reeves

      Pages 74-94

   2. A Mission-Impact-Based Approach to INFOSEC Alarm Correlation

      • Phillip A. Porras, Martin W. Fong, Alfonso Valdes

      Pages 95-114

   3. M2D2: A Formal Data Model for IDS Alert Correlation

      • Benjamin Morin, Ludovic Mé, Hervé Debar, Mireille Ducassé

      Pages 115-137

5. Legal Aspects / Intrusion Tolerance

   1. Development of a Legal Framework for Intrusion Detection

      • Steven R. Johnston

      Pages 138-157

   2. Learning Unknown Attacks — A Start

      • James E. Just, James C. Reynolds, Larry A. Clough, Melissa Danforth, Karl N. Levitt, Ryan Maglich et al.

      Pages 158-176

6. Assessment of Intrusion Detection Systems

   1. Evaluation of the Diagnostic Capabilities of Commercial Intrusion Detection Systems

      • Hervé Debar, Benjamin Morin

      Pages 177-198

   2. A Stochastic Model for Intrusions

      • Robert P. Goldman

      Pages 199-218

   3. Attacks against Computer Network: Formal Grammar-Based Framework and Simulation Tool

      • Vladimir Gorodetski, Igor Kotenko

      Pages 219-238

   4. Capacity Verification for High Speed Network Intrusion Detection Systems

      • Mike Hall, Kevin Wiley

      Pages 239-251

7. Adaptive Intrusion Detection Systems

   1. Performance Adaptation in Real-Time Intrusion Detection Systems

      • Wenke Lee, João B. D. Cabrera, Ashley Thomas, Niranjan Balwalli, Sunmeet Saluja, Yi Zhang

      Pages 252-273

8. Intrusion Detection Analysis

   1. Accurate Buffer Overflow Detection via Abstract Pay load Execution

      • Thomas Toth, Christopher Kruegel

      Pages 274-291

   2. Introducing Reference Flow Control for Detecting Intrusion Symptoms at the OS Level

      • Jacob Zimmermann, Ludovic Mé, Christophe Bidan

      Pages 292-306

   3. The Effect of Identifying Vulnerabilities and Patching Software on the Utility of Network Intrusion Detection

      • Richard Lippmann, Seth Webster, Douglas Stetson

      Pages 307-326

9. Back Matter

   Pages 327-327

   PDF

On behalf of the program committee, it is our pleasure to present to you the proceedings of the Fifth Symposium on Recent Advances in Intrusion Detection (RAID). Since its ?rst edition in 1998, RAID has established itself as the main annual intrusion detection event, attracting researchers, practitioners, and v- dors from all over the world. The RAID 2002 program committee received 81 submissions (64 full papers and 17 extended abstracts) from 20 countries. This is about 50% more than last year. All submissions were carefully reviewed by at least three program comm- tee members or additional intrusion-detection experts according to the criteria ofscienti?cnovelty,importancetothe?eld,andtechnicalquality.Finalselection took place at a meeting held on May 15–16, 2002, in Oakland, USA. Sixteen full papers were selected for presentation and publication in the conference proc- dings. In addition, three extended abstracts of work in progress were selected for presentation. The program included both fundamental research and practical issues. The seven sessions were devoted to the following topics: anomaly detection, steppi- stonedetection,correlationofintrusion-detectionalarms,assessmentofintrusi- detectionsystems,intrusiontolerance,legalaspects,adaptiveintrusion-detection systems, and intrusion-detection analysis. RAID 2002 also hosted a panel on “Cybercrime,” a topic of major concern for both security experts and the public. Marcus J. Ranum, the founder of Network Flight Recorder, Inc., delivered a keynote speech entitled “Challenges for the Future of Intrusion Detection”.

• Anomaly Detection
• Audit Control
• Authentication
• Cryptanalysis
• Distributed Intrusion
• Intrusion Detection
• Intrusion Detection Systems
• Monitor
• Performance
• Privacy
• RAID
• Registry
• Security
• Session
• Windows

• IBM Zurich Research Laboratory, Rüschlikon, Switzerland

  Andreas Wespi

• Department of Computer Science, University of California at Santa Barbara, Santa Barbara, USA

  Giovanni Vigna

• Centro Serra, University of Pisa, Pisa, Italy

  Luca Deri

Policies and ethics