Jan. 3rd
|
Introduction
|
none
|
Jan. 8th & 10th
|
Early Approaches
|
Anderson (1980), Computer
Security Threat Monitoring and Surveillance
Denning (1986), An Intrusion
Detection Model
Smaha (1988), Haystack: An
Intrusion Detection System
Vaccaro & Liepins (1989), Detection of Anomalous
Computer Session Activity
|
Jan. 15th & 17th
|
Firewalls
|
Cheswick (1990), The
Design of a Secure Internet Gateway
Bellovin & Cheswick (1994), Network Firewalls
Andreasson (2006), IP
Filtering Introduction
|
Jan. 22nd & 24th
|
Signature-based Network IDSs
|
Paxson (1998), Bro: A
System for Detecting Network Intruders in Real-Time
Roesch (1999), Snort - Lightweight
Intrusion Detection for Networks
Patton, Yurick, & Doss (2001), An Achilles' Heel in
Signature-Based IDS: Squealing False Positives in SNORT
|
Jan. 29th & 31st
|
NSM and LISYS
|
Heberlein et al. (1990), A
Network Security Monitor
Hofmeyr & Forrest (1999), Immunity
by Design: An Artificial Immune System
Kim & Bentley (2001), An
Evaluation of Negative Selection in an Artificial Immune System for
Network Intrusion Detection
Balthrop et al. (2002), Revisiting
LISYS: Parameters and Normal Behavior
|
Feb. 5th & 7th
|
DARPA IDS Evaluation
|
Lippmann et al. (2000), Analysis and Results of the 1999
DARPA Off-Line Intrusion Detection Evaluation for Detecting Network
Intruders in Real-Time
McHugh (2000), Testing Intrusion
Detection Systems: A Critique of the 1998 and 1999 DARPA Intrusion
Detection System Evaluations as Performed by Lincoln Laboratory
Axelsson (2000), The
Base-Rate Fallacy and the Difficulty of Intrusion Detection
Mahoney & Chan (2003), An
Analysis of the 1999 DARPA/Lincoln Laboratory Evaluation Data for
Network Anomaly Detection
Lippmann et al. (2000), Evaluating
Intrusion Detection Systems: The 1998 DARPA Off-line I ntrusion
Detection Evaluation (OPTIONAL)
|
Feb. 12th & 14th
|
System Calls 1
|
Forrest et al. (1996), A Sense of Self for Unix
Processes
Lee & Stolfo (1998), Data
Mining Approaches for Intrusion Detection
Warrender et al. (1999), Detecting
Intrusions Using System Calls: Alternative Data Models
|
Feb. 26th & Feb. 28th
|
System Calls 2 & Project Outlines
|
Tan & Maxion (2002), "Why
6?":
Defining the Operational Limits of stide, an Anomaly-Based Intrusion
Detector
Somayaji & Forrest (2000), Automated
Response Using System-Call Delays
|
March 5th & 7th
|
System Calls 3
|
Wagner & Dean (2001), Intrusion Detection via Static
Analysis
Wagner & Soto (2002), Mimicry
Attacks on Host-Based
Intrusion Detection Systems
Sekar et al. (2001), A Fast
Automaton-Based Method for Detecting Anomalous Program Behaviors
Kruegel & Kirda (2005), Automating
Mimicry Attacks Using Static Binary Analysis
|
Mar. 12th & 14th
|
Web and Kernel IDSs
|
(Jinfei) Kruegel et al. (2005), A
multi-model approach to the detection of web-based attacks
(Anil) Ingham et al. (2007), Learning
DFA representations of HTTP
for protecting web applications
(Rohan) Vogt et al. (2007), Cross-Site
Scripting
Prevention with Dynamic Data Tainting and Static Analysis
(Mario) Petroni et al. (2006), An
Architecture
for Specification-Based Detection of Semantic Integrity Violations in
Kernel Dynamic Data
|
Mar. 19th & 21st
|
App-specific IDSs
|
(Sonia) Twycross &
Williamson (2003), Implementing
and testing a
virus throttle
(Jennifer) Kirda et al. (2006), Behavior-based
Spyware Detection
(Aleks) Wang et al. (2006), Anagram:
A Content Anomaly Detector Resistant To Mimicry Attack
(Anil) Li & Somayaji (2005), Securing
Email Archives through User Modeling
|
Mar. 26th
|
|
Class wrap-up discussion
|
Mar. 28th
|
Project Presentations 1
|
|
Apr. 2nd
|
Project Presentations 2
|
|