|
[1]M. Attig and J. Lockwood. “A Framework for Rule Processing in Reconfigurable Network Systems”, Field-Programmable Custom Computing Machines, 2005. FCCM 2005. 13th Annual IEEE Symposium, April 2005. [2]D. Barbara, N. Wu, and S. Jajodia. “Detecting Novel Network Intrusions Using Bayes Estimators”, SIAM International Conf. Data Mining, 2001. [3]P. T. Chen, C. S. Laih, F. Pouget, and M. Dacier. “Comparative Survey of Local Honeypot Sensors to Assist Network Forensics”. Systematic Approaches to Digital Forensic Engineering, 2005. First International Workshop, SADFE, June 2005. [4]S. Cheung, U. Lindqvist, and M. W. Fong. “Modeling Multistep Cyber Attacks for Scenario Recognition”. In Proceedings of the Third DARPA Information Survivability Conference and Exposition (DISCEX III), Washington, D.C, April 2003. [5]M. Christodorescu, and S. Jha. “Static Analysis of Executables to Detect Malicious Patterns” USENIX Security Symposium, 2003. [6]F. Cuppens and A. Miege. “Alert Correlation in a Cooperative Intrusion Detection Framework”. In Proceedings of the 2002 IEEE Symposium on Security and Privacy, Oakland, CA, May 2002. [7]K. J. Farn, A. Fung, and A. C. Lin. “Recommendation of Information Sharing, and Analysis Center” Proceedings of IEEE 37th Annual 2003 International Carnahan Conference on 14-16, Oct. 2003. [8]R. P. Goldman, W. Heimerdinger, and S. A. Harp. “Information Modeling for Intrusion Report Aggregation”. In DARPA Information Survivability Conference and Exposition (DISCEX II), June 2001. [9]H. Hajji. “Statistical Analysis of Network Traffic for Adaptive Faults Detection”, Neural Networks, IEEE Transactions on, Sept. 2005. [10]Y. Liao, and V. R. Vemuri. “Using Text Categorization Techniques for Intrusion Detection”, 11th USENIX Security Symposium, August 5-9, 2002. [11]C. C. Lin, H. K. Wong, and T. C. Wu. “Enhancing Interoperability of Security Operation Center to Heterogeneous Intrusion Detection Systems”. Security Technology, CCST '05. 39th Annual 2005 International Carnahan Conference on 11-14, Oct. 2005. [12]B. Morin and H. Debar. “An Application of Chronicles”. In Proceedings of the 6th International Symposium on Recent Advances in Intrusion Detection (RAID 2003), Pittsburgh, PA, Sept. 2003. [13]D. Newman, K. M. Manalo, and E. Tittel. “Intrusion Detection Overview”, June 2004. [14]P. Ning, Y. Cui, and D. S. Reeves. “Constructing Attack Scenarios through Correlation of Intrusion Alerts”. In 9th ACM Conference on Computer and Communications Security, Nov. 2002. [15]P. Ning, D. Xu, C. G. Healey, and R. S. Amant. “Building Attack Scenarios through Integration of Complementary Alert Correlation Methods” Network and Distributed System Security Symposium Conference Proceedings, 2004. [16]S. Noel, E. Robertson, and S. Jajodia. “Correlating Intrusion Events and Building Attack Scenarios through Attack Graph Distances”. 20th Annual Computer Security Applications Conference, Dec. 2004. [17]S. K. Park, K. Y. Kim, J. S. Jang, and B. N. Noh. ”Supporting interoperability to heterogeneous IDS in secure networking framework” Inf. Security Res. Div., Electron. & Telecommun. Res. Inst., Taejeon, South Korea. [18]P. A. Porras, M.W. Fong, and A. Valdes. “A Mission-Impact- Based approach to INFOSEC alarm correlation”. In Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection (RAID), October 2002. [19]X. Qin, and W. Lee. “Attack Plan Recognition and Prediction using Causal Networks” Computer Security Applications Conference, 20th Annual Publication., 2004. [20]X. Qin, and W. Lee. “Statistical Causality Analysis of INFOSEC Alert Data”. In Proceedings of the 6th International Symposium on Recent Advances in Intrusion Detection (RAID 2003), Pittsburgh, PA, Sept. 2003. [21]S. Singh, and S. Kandula. “Argus A Distributed Network-Intrusion Detection System”, Intl. System Administration and Networking Conf., 2002. [22]Y. Tang, and S. Chen. “Defending against Internet Worms: A Signature-Based Approach”, INFOCOM 2005. 24th Annual Joint Conference of the IEEE Computer and Communications SOCieties. Proceedings IEEE Volume 2, March 2005 [23]Y. Tang, H. P. Hu, X. Lu, and J. Wang. “HonIDS: Enhancing Honeypot System with Intrusion Detection Models”. Information Assurance, Fourth IEEE International Workshop, April 2006. [24]L. Teo, Y. A. Sun, and G. J. Ahn. “Defeating Internet Attacks Using Risk Awareness and Active Honeypots” Information Assurance Workshop, Proceedings. Second IEEE International, 2004. [25]J. F. Tian, J. L. Wang, X. H. Yang, and R. L. Li. “A Study of Intrusion Signature Based on Honeypot”. Parallel and Distributed Computing, Applications and Technologies, 2005. [26]A. Valdes and K. Skinner. “Probabilistic alert correlation”. In Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection (RAID), Oct. 2001. [27]F. Valeur, G. Vigna, C. Kruegel, R. A. Kemmerer, “Comprehensive Approach to Intrusion Detection Alert Correlation”, Dependable and Secure Computing, IEEE Transactions on. On page(s): 146- 169, Volume: 1, Issue: 3, July-Sept. 2004. [28]Y. S. Wu, B. Foo, Y. Mei, and S. Bagchi. “Collaborative intrusion detection system (CIDS): a framework for accurate and efficient IDS “, Computer Security Applications Conference, 2003. Proceedings. 19th Annual, Page(s):234-244, 2003. [29]D. Xu and P. Ning. “Alert Correlation through Triggering Events and Common Resources”. In Proceedings of the 20th Annual Computer Security Applications Conference (ACSAC'04), 2004. [30]A. T. Zhou, J. Blustein, and N. Zincir-Heywood. “Improving Intrusion Detection Systems through Heuristic Evaluation;” Electrical and Computer Engineering, Canadian Conference on Volume 3, 2-5, Page(s):1641-1644, Vol.3, May 2004. [31]“Basic Analysis and Security Engine”, http://secureideas.sourceforge.net/. [32]“Developments of the Honeyd Virtual Honeypot” , http://www.honeyd.org/. [33]“Intrusion Detection, Honeypots” , http://www.Honeypots.net/. [34]“Security Operation Center Concepts & Implementation”, http://www.iv2-technologies.com/~rbidou/SOCConceptAndImplementation.pdf. [35]“Snort 2.1 Intrusion Detection Second Edition” [36]“Taiwan Network Security Testbed”, http://twanst.icsc.ncku.edu.tw/. [37]“TCPDUMP public repository”, http://sourceforge.net/projects/libpcap/. [38]“Lincoln Laboratory Scenario (DDoS) 2.0.2 DMZ Tcpdump file”, http://www.ll.mit.edu/IST/ideval/data/2000/LLS_DDOS_2.0.2/ data_and_labeling/tcpdump_dmz/LLS_DDOS_2.0.2-dmz.dump.gz [39]“attack Dump file” http://www.cs.ucdavis.edu/ %7Ewu/tcpdump/MINOS_worm_traces/
|