Analysis and Results of the 1999 DARPA Off-Line Intrusion Detection Evaluation

Lippmann, Richard P.; Haines, J.W.; Fried, David J.; Korba, Jonathan; Das, Kumar

doi:10.1007/3-540-39945-3_11

Cited by 167 publications

(73 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Hence, the proposed IDS operates at the packet level and not at the connection level as other models do [13,14]. Indeed, the design of the feature set is a crucial issue that has been thoroughly addressed in the literature [15].…”

Section: The Visual Inspection Of Traffic In Modern Ids'smentioning

confidence: 99%

Auto-Associative Neural Techniques for Intrusion Detection Systems

Herrero

Corchado

Gastaldo

et al. 2007

2007 IEEE International Symposium on Industrial Electronics

View full text Add to dashboard Cite

Section: The Visual Inspection Of Traffic In Modern Ids'smentioning

confidence: 99%

Auto-Associative Neural Techniques for Intrusion Detection Systems

Herrero

Corchado

Gastaldo

et al. 2007

2007 IEEE International Symposium on Industrial Electronics

View full text Add to dashboard Cite

“…The compression component processes an n-dimensional vector that has been previously assembled by a "packet processing" module, which extracts numerical features associated with each network packet. Hence, unlike other models which operate at the connection level [8], [9], the proposed IDS operates at the packet level. The design of the feature set is a crucial issue that has been thoroughly addressed in the literature [10].…”

Section: Visual Inspection Of Traffic In Modern Ids'smentioning

confidence: 99%

IDS Based on Bio-inspired Models

Gastaldo

Picasso

Zunino

et al. 2007

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Unsupervised projection approaches can support Intrusion Detection Systems for computer network security. The involved technologies assist a network manager in detecting anomalies and potential threats by an intuitive display of the progression of network traffic. Projection methods operate as smart compression tools and map raw, high-dimensional traffic data into 2-D or 3-D spaces for subsequent graphical display. The paper compares three projection methods, namely, Cooperative Maximum Likelihood Hebbian Learning, Auto-Associative Back-Propagation networks and Principal Component Analysis. Empirical tests on anomalous situations related to the Simple Network Management Protocol (SNMP) confirm the validity of the projection-based approach. One of these anomalous situations (the SNMP community search) is faced by these projection models for the first time. This work also highlights the importance of the time-information dependence in the identification of anomalous situations in the case of the applied methods.

show abstract

“…The alerts have to be generated by running various sensors on the data. The 1999 dataset [10], which we used for this work, has many known shortcomings. Firstly, it is evidently and hopelessly outdated.…”

Section: Problem Statement and State Of The Artmentioning

confidence: 99%

On the Use of Different Statistical Tests for Alert Correlation – Short Paper

Maggi

Zanero

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract.In this paper we analyze the use of different types of statistical tests for the correlation of anomaly detection alerts. We show that the Granger Causality Test, one of the few proposals that can be extended to the anomaly detection domain, strongly depends on good choices of a parameter which proves to be both sensitive and difficult to estimate. We propose a different approach based on a set of simpler statistical tests, and we prove that our criteria work well on a simplified correlation task, without requiring complex configuration parameters.

show abstract

Analysis and Results of the 1999 DARPA Off-Line Intrusion Detection Evaluation

Cited by 167 publications

References 7 publications

Auto-Associative Neural Techniques for Intrusion Detection Systems

Auto-Associative Neural Techniques for Intrusion Detection Systems

IDS Based on Bio-inspired Models

On the Use of Different Statistical Tests for Alert Correlation – Short Paper

Contact Info

Product

Resources

About