Index. Index 2D-PCA 222

Transcription

1 274 Index Index 2D-PCA 222 A abrupt change detection 96 Adaptive Resonance Theory (ART) 48, 143, 223, 239 Ad-Hoc Network 92 Anomaly-based Network Intrusion Detection System (A-NIDS) 94-95, 97, 102, 104, 109, 111, 117 anomaly detection 8, 13, 30, 40-41, 43-46, 49, 70-71, 75, 96-97, , , 140, 143, 153, , 187, , 207, 209, , , 238, 240 Anomaly Level Exposure 107, 121 Application Level Network (ALN) 78, 81, 93 application logging 3, 27 Artificial Intelligence (AI) 30, 96, 120, , 192, 218 Artificial Neural Network (ANN) , 223 Audit Data 2, 24, 29, 32, 36, 96, 192 Auto-Reclosing 40, 42, 49, 51, 54, 61, 68, 71, 75 B Back Orifice software 49 Back Propagation (BP) 223 Bayes Decision Rule 46 Bayesian Belief Networks 48, 69 Bayesian methodology 172 behavioral aliasing 45 Blaster.worm 113 Botnets Broadcast Algorithms broadcast service buffer overflow attacks 47, 197 Byzantine agreement protocol 47 C Centralized intrusion detection system 43 Cisco Systems Net Ranger 43 Classification 2, 23, 25, 36-37, 45-46, 71-72, , , 125, 137, 140, 143, 148, 158, 173, 189, 193, 201, , , , 230, 234, 240 Client-Server Model 81, 93 clustering analysis 138, collection strategy collection structure 15 Command and Control (C&C) Server 138, 142, 144 Common Criteria 7, 27 Common Intrusion Detection Framework (CIDF) 34, 44 Competitive Learning Network (CLN) 179, Computer Crime and Security Surveys 95, 118 computer monitoring 3, 8 Computer Security Institute (CSI) 95, 118 correlation matrix

2 COTS-products 3 CPU cycles 22 crossover error rate (CER) 58, 61, 65 Curse of Dimensionality 169, 171, 173, 194 CyberSafe Centrax 43 D Danger Theory 47 data collection 1-9, 13-25, 28-29, 32, 34-37, 42 data collection infrastructure 15, 22 debug registers 14 Defense Advanced Projects Agency (DARPA) 35, 104, 119, 169, 171, , , , 197, 220, , 238, 240 demilitarized zone (DMZ) 101 denial of service (DoS) 41-42, 44-45, 49-51, 75-76, 117, 123, 129, , 148, 150, 153, 158, 164, 166, 180, 197 desktop modem 95 Detection Appliance 43 detection engine 5, 14, 44, 145 detection policy 5, 12 Detection Rate (DR) 3, , 170, , , 208, dimensionality reduction , 176, , 181, dimension reduction 169, 171, 174, 178, 181, 184, 186, , 223, 229 distance-based function 212 distributed denial of service attacks (DDoS) 41-42, 49, 51, 68, 75, 103, , 166 distributed hash tables (DHTs) 77, 80-82, 85, 92 Domain Name System (DNS) , 137, 140 dynamic applications 3 Dynamic patching E eigenvector , embedded systems 25 end-to-end delay 54, 56, 58-61, entropy , , , 115, , 192 Euclidean distance evasion methods 45 Execution Time (ET) 2-3, 6, 8, 12-13, 15, 23-25, 41, 96, 98, 102, 104, 125, 146, 153, 159, , 175, , , , , 213, exposure of anomaly 106 Exposure Threshold 96, 101, , 112, , 121 F false negative rate (FNR) 58, 61, 64-65, 135, 137 False Positive (FP) 42, 45, 52, 58, 61, 64, 68, 122, , , , 193, 195, 201, , 210, 212, , 219 false positive rate (FPR) 58, 61, 64-65, 135, 137, 210, 212, Feature Space 169, 171, 173, 175, 182, 188, 190, 222, financial fraud 45 firewall 41, 50-51, 73, 79, 95, 101, 165 Fixed SST Subspaces (FS) 195, 197, 200 flooding attacks 146, , fuzzy logic 96, 172, 191 G general purpose registers 14 Genetic Algorithm (GA) 70, 172, 191, 217, 219, 223, 238 goal-oriented logging 8, 32 granularity of log trigger 9, 12, 37 H Hash Function 93 helper library 17-18, 21 Hidden Markov Model (HMM) 70, high speed networks 96 histogram 15,

3 Honeypot 45, 48, 69, 72, 125 host based intrusion detection system (HIDS) 43, 47-48, 101 I impossible path execution (IPE) Improved Competitive Learning Network (ICLN) 179, 183, 185 Incident Response Support System (IRSS) 46, 69 Independent Component Analysis (ICA) 191, 222, 239 Information Security Management System (ISMS) 47 information value 169, , 180, 187 insider attack 31, 95 Institute of Standards and Technology 29, 146, 191 internet banking security 45 Internet Engineering Task Force (IETF) 79, 91, 146, 165 Internet Security Systems Real Secure 43 interpreter insertion Inter-Quartile Range (IQR) 103 intrusion detection and intrusion prevention (ID/IP) 1-5, 8, 13, 15-16, 20, 23-25, 29-31, 33-36, 40-41, 43-50, 61, 68-85, 89-92, 94, 96-97, , , , , , , , 134, , 140, , , 156, , , , 180, , 212, , , 229, 231, Intrusion Detection and Response System (IDRS) 170 Intrusion Detection Message Exchange Format (IDMEF) 79 Intrusion Detection Systems (IDS) 2-5, 7, 12, 15, 17, 19-20, 22-24, 29, 33-36, 40-46, 48-58, 61, 63-68, 75, 78, 81, 92, 101, 104, , 156, 158, 164, 166, , 173, 223, 229, 235, 238, 240 Intrusion Detection Working Group (IDWG) 79, 91 Intrusion Prevention Systems (IPS) 40-42, 44-48, 69, 71 in-vehicle network 25 inverse document frequency (idf) 203 IP Multimedia Subsystem (IMS) 49, 73, 164 Ipsweep 113, 115 J JXTA framework 81 K Kademlia network 81, Kadsim K-Bucket 82, 93 KDD-CUP , 207, 209, 211, 214 Kernel density function keystroke monitoring 41 Key-Value Pair 93 K-Nearest Neighbor (KNN) , , , 236, 238, 241 Komondor test network 89 L learning by example paradigms 96 limited scalability 42, 67 Local Area Network (LAN) 44-45, 55, 73, 94-97, 103, 111, 118, 120, 137, 155, 170 location relative environment 15, 17 location relative monitored asset 15, 20 log control 6, 9, log record 4, 7, 36 log trigger 5-6, 9-10, 12-13, 18, 21, 37 long-time traffic slot (LTTS) , , 121 M malign traffic 95, 110 malware 35, 92, 125, , 132, 137, 139, Mass Spectral Imaging (MSI)

4 McAfee Entercept 46 Method of Remaining Elements (MRE) 94, 96, , 111, , 120 mission-critical applications 95 misuse detection 2, 32, 153 MIT-DARPA dataset 95, 97, 118 mobile ad hoc network (MANET) 44, 71 mobile nodes 45 mobile telecommunications 46 modify compiler 9-10 modify linker 9-10 Modular Weighted PCA (MWPCA) 222 monitoring policy 10 multicast tree 86, 88 Multi Layer Perceptron (MLP) 221, 223 multi-resolution techniques 40 N Neptune 113, 115 network based intrusion detection system (NIDS) 43-45, 77-78, 94-95, , 112, 117, , 159 Network Flight Recorder Intrusion 43 Network Ice Black Ice Defender 43 network probes 96 Network Security 41, 43-44, 68, 70, 73, 78, , 140, 164, 166, , 191, 194, 221, 237 Network Security Wizard Dragon IDS 43 neural networks 41, 44-45, 70-71, 96, 144, 172, , 223, 237, 240 Next Generation Networks (NGN) 145, 166 Nmap 113, 115, 129 Node IDentifier (NodeID) 80-81, 83, 87 Number of Dimensions (ND) 28, 30, 32-35, 71-72, , 164, 169, 171, 176, 179, , , 192, 214, 237, 239 O Open Software 48 Open Source Security Information Management (OSSIM) 47 operating systems (OSs) 3, 14, 17-19, 21-23, 26-27, 31-33, 35, 47, 81, , 201, 203, 208, 211 Optimized Network Engineering Tools (OPNET) 52, 67 OS interface 17-18, 21 OS kernel 17-19, Outlying Subspace Front (OSF) , , 208, 211 output device 4, 6 Overlay Network 77-78, 81, 91, 93 P packet losses 83, partial keyword searches 85 Peer-to-Peer (P2P) Networks 77-78, 80-81, 85, 91, 93, 123, 125, 139, 142, 144 performance counters 14, 19 perl 112 Ping of Death 50, 113, 116 PortScan 104, 111, 113, 115 Portsweep 113, 115 predictive pattern generation 41 Preventive Information Security Management (PrISM) 47 Principal Component Analysis (PCA) 171, , 182, , 226, privileged execution 19 probes 49, 79, 96, 104, 113 processing overhead 10 processing time 171, 173, 178, 182 PROMIS system 81 Proportional Uncertainty (PU) 94-95, , , 108, 110, 115, 121 Q Quality of Service (QoS) 48, 143, 145 R Radial Basis Function Neural Network (RBFNN) 223, 237 Receiver Operating Characteristic (ROC) 161, ,

5 replication 83-84, 87-88, 91, 93 rewrite executable 9-10 rootkits 19 routing protocols 44 runtime compilation S SANS consensus project 3, 32 Sasser worm 113 secure architecture and fault-resilient engine (SAFE) 47 Security Information and Event Management Systems (SIEM) 3 security log 3, 29, 36 Security Operation Center (SOC) 151, 163 Self Organizing features Map (SOM) 173, 179, 183, , 191 sequence matching 41 Service Delivery Platform (SDP) 49 Session Initiation Protocol (SIP) 45, 48, 72, , , Shannon s uncertainty measure 97 short-time traffic slot (STTS) , , 121 signal processing techniques 96 Signature Based Detection 43, 76 Signature-based NIDS (S-NIDS) 95, 102, 117 similarity metrics 46 Singular Value Decomposition (SVD) 173 SIP-based security architecture 151, 164 SIP security 153, , SIP Security Engine Evaluation 159 SMTP server 82 Smurf 50, , 223, 239 snare 19, 29 Snort 43, 45, 47-48, 78, 92, 95, 102, 119, Spamwatch 81 Sparse Subspace Template (SST) , 200 SQL Injection Attacks (SQLIAs) 46, 71 state of lockout 61 state transition analysis 41 Storage Area Networks (SAN) 26, 31-33, 46, 138, 141 storage mechanisms 14 Stream Projected Outlier detector (SPOT) 193, , 205, , 212, Supervised SST Subspaces (SS) 195, Support Vector Machine (SVM) 71, 173, 223 Symantec Net Prowler 43 SYN-flood attacks 41-42, 49-51, 68, T TCP/IP packets 20, 50, 61, 85, 111, , , 144, 180, 196 term frequency (tf) 202 ternary content addressable memory (TCAM) 47 Threat Modeling 8 traffic profiling 94, 96, 117 transaction user (TU) 144, 146, 167 Transport Control Protocol (TCP) 20, 50, 61, 85, 111, , , 144, 180, 196 Tripwire 43 Trojans 170 U UDP packets 85 unitary cardinality , , UNIX 10, 13, 20, 26-28, 30-31, 33, 129 unstable network Unsupervised SST Subspaces (US) 68, 142, 146, 195, 197, 200 User Agent Clients (UACs) 155, 167 User Agent Servers (UASs) 155, 167 V virtual machines 128, 130 Voice over IP (VoIP) 45, 48, 72, 145, 151, 164,

6 W web connected applications 3 Weighted PCA (WPCA) 220 weights matrix Welchia.worm 113 white data 175, 190 whiteness property 175 Wide Area Network (WAN) 45, 170 worms 44-45, 51, 80, 89, 97, 103, 111, 113, 120, 143, 170 X XOR metric 82,