Bibliography for ECS 289L
Alexander, D. S., Arbaugh, W. A., Keromytis, A. D., and Smith, J. M. (1999). "Security in Active Networks." .
Anderson, D., Frivold, T., and Valdes, A. (1995). "Next Generation Intrusion Detection Expert System (NIDES): A Summary." SRI-CSL-95-07, SRI International, Menlo Park, CA.
Anderson, D., Frivold, T., Tamaru, A., and Valdes, A. (1994). "Next Generation Intrusion Detection Expert System (NIDES) Software Design, Product Specification, and Version Description Documentation." A002 and A005, SRI International, Menlo Park, CA.
Anderson, D., Lunt, T. F., Javitz, H., Tamaru, A., and Valdes, A. (1993). "SAFEGUARD FINAL REPORT: Detecting Unusual Program Behavior Using the NIDES Statistical Component." , SRI International, Menlo Park, CA.
Baldwin, R. W. (1991). "Kuang: Rule-Based Security Checking. " In Kolstad, Rob, Daemons and dragons: the COPS security auditor. (tutorial) UNIX Review 9(3).
Buschkes, R., Borning, M., and Kesdogan, D. (1999). "Transaction-based Anomaly Detection." Proceedings of the Workshop on Intrusion Detection and Network Monitoring, Santa Clara, CA.
Cheung, S., Crawford, R., Dilger, M., Frank, J., Hoagland, J., Levitt, K., Rowe, J., Staniford-Chen, S., Yip, R., and Zerkle, D. (1999). "The Design of GrIDS: A Graph-Based Intrusion Detection System." CSE-99-2, Computer Science Department, University of California, Davis, Davis, CA.
Cohen, F. (1996). "A Note on Distributed Coordinated Attacks." , Management Analytics.
Denning, D. E. (1986). "An Intrusion-Detection Model." , Oakland, CA, 118-131.
Dowell, C., and Ramstedt, P. (1990). "The Computerwatch Data Reduction Tool." Proceedings of the 13th National Computer Security Conference, Washington, D.C., 99-108.
Farmer, D. (1995). "SATAN: Security Administrator's Tool for Analyzing Networks." http://www.fish.com/~zen/satan/satan.html.
Feiertag, R. (1999). "A Common Intrusion Specification Language (CISL)." http://gost.isi.edu/projects/crisis/cidf/cisl_current.txt, 61.
Felten, E. W., Balfanz, D., Dean, D., and Wallach, D. S. (1997). "Web Spoofing: An Internet Con Game." Proceedings of the 20th National Information Systems Security Conference, Baltimore, MD, 95-103.
Forrest, S., Hofmeyr, S. A., Somayaji, A., and Longstaff, T. A. (1996). "A Sense of Self for Unix Processes." Proceedings of the 1996 IEEE Symposium on Security and Privacy, Oakland, CA, 120-128.
Guha, B., and Mukherjee, B. (1996). "Network security via reverse engineering of TCP code: vulnerability analysis and proposed solutions." Proceedings of the IEEE INFOCOM '96. Fifteenth Annual Joint Conference of the IEEE Computer Societies. Networking the Next Generation, San Francisco, CA, 603-610.
Heberlein, L. T., and Bishop, M. (1996). "Attack Class: Address Spoofing." The 19th National Information Systems Security Conference.
Jagannathan, R., Lunt, T., Anderson, D., Dod, C., Gilham, F., Jalali, C., Javitz, H., Neumann, P., Tamaru, A., and Valdes, A. (1993). "System Design Document: Next-Generation Intrusion Detection Expert System (NIDES)." , SRI International, Menlo Park, CA.
Javitz, H. S., and Valdes, A. (1991). "The SRI IDES Statistical Anomaly Detector." Proceedings of the 1991 IEEE Symposium on Security and Privacy, Oakland, CA, 280-289.
Javitz, H. S., and Valdes, A. (1993). "The NIDES Statistical Component: Description and Justification." , SRI International, Menlo Park, CA.
Ko, C., Ruschitzka, M., and Levitt, M. (1997). "Execution Monitoring of Security-Critical Programs in a Distributed System: A Specification-based Approach." Proceedings of the 1997 IEEE Symposium on Security and Privacy, Oakland, CA, 134-144.
Kosoresow, A. P., and Hofmeyr, S. A. (1997). "Intrusion Detection via System Call Traces." IEEE Software, 14(5), 35-42.
Kumar, S., and Spafford, E. H. (1994). "A Pattern-Matching Model for Intrusion Detection." Proceedings of the National Computer Security Conference, Baltimore, MD, 11-21.
Lane, T., and Brodley, C. E. (1997). "Sequence Matching and Learning in Anomaly Detection for Computer Security." AI Approaches to Fraud Detection and Risk Management, AAAI.
Lankewicz, L., and Benard, M. (1991). "Real-time Anomaly Detection Using a Nonparametric Pattern Recognition Award." Proceedings of the Seventh Annual Computer Security Applications Conference, San Antonio, TX, 80-89.
Liepins, G. E., and Vaccaro, H. S. (1989). "Anomaly Detection: Purpose and Framework." Proceedings of the 12th National Computer Security Conference, Baltimore, MD, 495-504.
Lindqvist, U., and Jonsson, E. (1997). "How to Systematically Classify Computer Security Intrusions." Proceedings of the 1997 IEEE Symposium on Security and Privacy, Oakland, CA, 154-163.
Lindqvist, U., and Porras, P. A. (1999). "Detecting Computer and Network Misuse Through the Production-Based Expert System Toolset (P-BEST)." Proceedings of the 1999 IEEE Symposium on Security and Privacy, Oakland, CA.
Lunt, T. F. (1988). "Automated Audit Trail Analysis and Intrusion Detection: A Survey." Proceedings of the 11th National Computer Security Conference, 17.
Lunt, T. F., and Jagannathan, R. (1988). "A Prototype Real-Time Intrusion-Detection Expert System." Proceedings of the 1988 IEEE Symposium on Security and Privacy, Oakland, CA, 59-66.
Lunt, T. F., Tamaru, A., Gilham, F., Jagannathan, R., Jalali, C., Neumann, P. G., Javitz, H. S., Valdes, A., and Garvey, T. D. (1992). "A Real-Time Intrusion-Detection Expert System (IDES)." , SRI International, Menlo Park, CA.
McLean, J. (1994). "A General Theory of Composition for Trace Sets Closed Under Selective Interleaving Functions." Proceedings of the 1994 IEEE Symposium on Research in Security and Privacy, 79-93.
Moyer, M. J., Rao, J. R., and Rohatgi, P. (1999). "A Survey of Security Issues in Multicast Communications." .
Mukherjee, B., Heberlein, L. T., and Levitt, K. N. (1994). "Network Intrusion Detection." IEEE Network, 8(3), 26-41.
Nachenberg, C. (1997). "Computer Virus-Antivirus Coevolution." Communications of the ACM, 40(1), 46-51.
Neumann, P. G., and Porras, P. A. (1999). "Experience with EMERALD to DATE." First USENIX Workshop on Intrusion Detection and Network Monitoring, Santa Clara, CA, 73-80.
Paxson, V. (1998). "Bro: A System for Detecting Network Intruders in Real-Time." Proceedings of the 7th USENIX Security Symposium, San Antonio, TX, 1-18.
Porras, P. A., and Neumann, P. G. (1996). "EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances." .
Ptacek, T. H., and Newsham, T. N. (1998). "Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection." , Secure Networks, Inc.
Puketza, N., Chung, M., Olsson, R. A., and Mukherjee, B. (1997). "A software platform for testing intrusion detection systems." IEEE Software, 14(5), 43-51.
Ranum, M. J., Landfield, K., Stolarchuk, M., Sienkiewicz, M., Lambeth, A., and Wall, E. (1997). "Implementing a Generalized Toll For Network Monitoring." Proceedings of the 11th Systems Administration Conference (LISA '97), San Diego, CA.
Spafford, E. H. (1988). "The Internet Worm Program: An Analysis." CSD-TR-823, Purdue University, West Lafayette, IN.
Staniford-Chen, S. G. (1995). "Distributed Tracing of Intruders," M. S. Thesis, University of California, Davis, CA.
Staniford-Chen, S., and Heberlein, L. T. (1995). "Holding intruders accountable on the Internet." Proceedings of the 1995 IEEE Symposium on Security and Privacy, Oakland, CA, 39-49.
Syverson, P. F., Goldschlag, D. M., and Reed, M. G. (1997). "Anonymous Connections and Onion Routing." 1997 IEEE Symposium on Security and Privacy, Oakland, CA, 44-54.
Tan, K. M. C., and Collie, B. S. (1997). "Detection and Classification of TCP/IP Network Services." Proceedings of the Thirteenth Annual Computer Security Applications Conference, San Diego, CA, 99-107.
Vigna, G., and Kemmerer, R. A. (1999). "NetSTAT: A Network-based Intrusion Detection Approach." Journal of Computer Security, in press.
Walker, K. M., Sterne, D. F., Badger, M. L., Petkac, M. J., Shermann, D. L., and Oostendorp, K. A. (1996). "Confining Root Programs with Domain and Type Enforcement (DTE)." 6th USENIX UNIX Security Symposium, San Jose, CA.
Zerkle, D., and Levitt, K. (1996). "NetKuang - A Multi-Host Configuration Vulnerability Checker." Proceedings of the 6th USENIX Security Symposium, San Jose, California, 195-204.