Bro is a powerful, but largely unknown open source network intrusion detection system. Based on a sound design, Bro achieves its main goals–separating policy from mechanisms …
This paper describes a system for automated generation of attack signatures for network intrusion detection systems. Our system applies pattern-matching techniques and protocol …
C Leita, K Mermoud, M Dacier - 21st Annual Computer Security …, 2005 - ieeexplore.ieee.org
Honeyd (N. Provos, 2004) is a popular tool developed by Niels Provos that offers a simple way to emulate services offered by several machines on a single PC. It is a so called low …
Application-level protocol analyzers are important components in tools such as intrusion detection systems, firewalls, and network monitors. Currently, protocol analyzers are written …
Identifying new intrusions and developing effective signatures that detect them is essential for protecting computer networks. We present Nemean, a system for automatic generation of …
This paper presents the lessons learned from an empirical analysis of attackers behaviours based on the deployment on the Internet of a high-interaction honeypot for more than 1 year …
MY Su, GJ Yu, CY Lin - Computers & security, 2009 - Elsevier
None of the previously proposed Network Intrusion Detection Systems (NIDSs), which are subject to fuzzy association rules, can meet real-time requirements because they all apply …
A Somayaji, S Forrest - 9th USENIX security symposium (USENIX …, 2000 - usenix.org
Automated intrusion response is an important unsolved problem in computer security. A system called pH (for process homeostasis) is described which can successfully detect and …
ST Eckmann, G Vigna… - Journal of computer …, 2002 - content.iospress.com
STATL is an extensible state/transition-based attack description language designed to support intrusion detection. The language allows one to describe computer penetrations as …