Intrusion Detection Systems List and Bibliography

Intrusion Detection Systems List and Bibliography
 
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
About this document

This document is the revised version of the Intrusion Detection Systems page managed by our former colleague Michael Sobirey. Since Michael left our team in 1999 and now is working for a Security Consulting Company, he doesnt have time to update this older page.

Remarks:

  • This page doesnt contain any (file system based) integrity checkers and honeypots.
  • Comments, corrections and supplements are welcome. Please contact Sebastian Schmerl or Michael Meier.
  • Currently there are 132 Intrusion Detection and Response Systems listed on this page.
  • Last update: December 8 2007
AAFID AAIRS Abacus Project ACME! ADS AFJ AHA! IDSAID AIMS ALERT-PLUS ALVA APA ARIA ARMD ARMOR ASAX ASIM AudES
AAFID (Autonomous Agents for Intrusion Detection)
Authors:
Purdue University, West Lafayette, IN
URLs: References:
  • Spafford, E. H.; Zamboni, D.: Intrusion detection using autonomous agents, in Computer Networks, Volume 34, Issue 4, October 2000, 547-570
    Elsevier
  • Crosbie, M.; Spafford, E. H.: Applying genetic programming to intrusion detection, Proc. of the 1995 AAAI Fall Symposium on Genetic Programming, Nov. 1995
    ResearchIndex/CiteSeer
  • Crosbie, M.; Spafford, E. H.: Defending a Computer System using Autonomous Agents, Proc. of the 18th National Information Systems Security Conference, Baltimore, MD, Oct. 1995, 549 - 558
AAIRS (Adaptive Agent-based Intrusion Response System)
Authors:
  • Texas A&M University
  • United States Military Academy
References:
Ragsdale, D. J.; Carver, C. A.; Humphries, J. W.; Pooch, U. W.: Adaptation Techniques for Intrusion Detection and Intrusion Response Systems,in Proceedings of the IEEE International Conference on Systems, Man, and Cybernetics, Nashville, Tennessee, October 8-11, 2000, 2344-2349
ResearchIndex/CiteSeer
Abacus Project
Authors:
Psionic Software, Inc.
URLs:
ACME! (Advanced Counter-measure Evironment)
Authors:
University of Sao Paulo, Brazil
URLs:
ADS (Attack Detection System)
Authors:
University College Dublin, Ireland
References:
  • Kantzavelou, I.; Katsikas, S. K.: An attack detection system for secure computer systems - Outline of the solution, in Yngström, L.; Carlsen, J. (eds.): Information Security in Research and Business, Proc. of the IFIP TC11 13th International Information Security Conference (SEC97), Copenhagen, Denmark, May 1997, Chapman & Hall, London, 123 - 135
  • Kantzavelou, I.; Patel, A.: An attack detection system for secure computer systems - Design of ADS, in Katsikas, S. K.; Gritzalis, D. (eds.) Information Systems Security, Proc. of the IFIP TC11 12th International Information Security Conference (SEC96), May 1996, Samos, Greece, Chapman & Hall, London, 1996, 1 - 16
AFJ (Anzen Flight Jacket)
Authors:
Anzen Computing Inc., Washington
URLs:
AHA! IDS (Adaptive Hierarchical Agent-based Intrusion Detection System)
Authors:
  • Texas A&M University
  • United States Military Academy
References:
Ragsdale, D. J.; Carver, C. A.; Humphries, J. W.; Pooch, U. W.: Adaptation Techniques for Intrusion Detection and Intrusion Response Systems,in Proceedings of the IEEE International Conference on Systems, Man, and Cybernetics, Nashville, Tennessee, October 8-11, 2000, 2344-2349
ResearchIndex/CiteSeer
AID (Adaptive Intrusion Detection system)
Authors:
Brandenburg University of Technology Cottbus, Germany
URLs: References:
Sobirey, M.; Richter, B.; König, H.: The Intrusion Detection System AID. Architecture, and experiences in automated audit analysis, in Horster, P. (ed.): Communications and Multimedia Security II, Proc. of the IFIP TC6 / TC11 International Conference on Communications and Multimedia Security, Essen, Germany, Sept. 1996, Chapman & Hall, London, 278 - 290
AIMS (Automated Intrusion Monitoring System)
Authors:
U.S. Army
URLs:
ALERT-PLUS/ Protect 2000
Authors:
Computer Security Products Inc., Mississauga, Canada
URLs:
ALVA (Audit Log Viewer and Analyzer)
Authors:
General Electric, Schenectady, New Jersey
References:
Moitra, A.: Real-time Audit Log Viewer and Analyzer, Proc. of the 4th Workshop on Computer Security Incident Handling, (Forum of Incident Response and Security Teams - FIRST), Denver, CO, Aug. 1992
APA (Automated Penetration Analysis tool)
Authors:
University of Maryland at College Park
References:
Gupta, S.; Gligor, V. D.: Experience with a penetration analysis method and tool, Proc. of the 15th National Computer Security Conference, Baltimore, MD, Oct. 1992, 165 - 183
ARIA (Active Recognition of Invidious Assaults)
Authors:
Cylant Technology, LLC
URLs:
ARMD (Adaptable Real-time Misuse Detection)
Authors:
George Mason University, Fairfax, VA
URLs: References:
Lin, J.-L.; Wang, X. S.; Jajodia, S.: Abstraction-Based Misuse Detection: High-Level Specifications and Adaptable Strategies, In Proceedings of the Eleventh Computer Security Foundations Workshop, Rockport, MA, June 1998, 190-201
ResearchIndex/CiteSeer
ARMOR (Adaptive Risk Management, Oberservation, and Response System)
Authors:
Hiverworld, Inc. (is now nCircle Network Security, see IP360)
URLs:
ASAX (Advanced Security audit trail Analyzer on uniX)
Authors:
University of Namur, Belgium
URLs: References:
Habra, N.; Le Charlier, B.; Mounji, A.; Mathieu, I.: ASAX: Software architecture and rule-based language for universal audit trail analysis, in Deswarte, Y.; Eizenberg, G. (eds.): Proc. of the 2nd European Symposium on Research in Computer Security (ESORICS 92), Toulouse, France, Nov. 1992, 435 - 450
ResearchIndex/CiteSeer
ASIM (Automated Security Incident Measurement)
Authors:
U.S. Air Force Information Warfare Center and Trident Systems
URLs:
AudES (Audit based Expert System)
Authors:
IBM Los Angeles Scientific Center, Colorado, California
References:
Tsudik, G.; Summers, R.: AudES - an expert system for security auditing, in Proceedings of the Second AAAI Conference on Innovative Applications in Artificial Intelligence, May 1990, 71-75. reprinted in: Computer Security Journal, Vol. 6, No. 1, 89 - 93
ResearchIndex/CiteSeer
BlackICE BLARE BlueBox Bro
BlackICE
Authors:
Network ICE Corp., San Mateo, California
URLs:
BLARE
Authors:
SUPELEC, Cesson Sevigne, France
URLs: References:
  • Jacob Zimmermann, Ludovic Mé, Christophe Bidan. Experimenting with a Policy-Based HIDS Based on an Information Flow Control Model. In proceedings of the Annual Computer Security Applications Conference (ACSAC). December 2003.
  • Jacob Zimmermann, Ludovic Mé, Christophe Bidan. An Improved Reference Flow Control Model for Policy-Based Intrusion Detection. In proceedings of the 8th European Symposium on Research in Computer Security (ESORICS). October 2003.
  • Jacob Zimmermann, Ludovic Mé, Christophe Bidan. Introducing reference flow control for intrusion detection at the OS level. In proceedings of the 5th International Symposium on the Recent Advances in Intrusion Detection (RAID). Springer Verlag, LNCS 2516, October 2002.
BlueBox
Authors:
IBM Research
URLs: References:
Suresh N. Chari; Pau-Chen Cheng: BlueBoX: A Policy--driven, Host--Based Intrusion Detection system
ResearchIndex/CiteSeer
Bro
Authors:
Lawrence Berkeley National Laboratory, Berkeley, California
URLs: References:
Paxson, V.: Bro: A System for Detecting Network Intruders in Real-Time, in Proceedings of the 7th USENIX Security Symposium, San Antonio, TX, January 1998.
ResearchIndex/CiteSeer
CaptIO Centrax CERN-NSM Cisco-Secure-IDS CMDS ComputerWatch Corba Immune System CSM CyberCop-Monitor CyberTrace CyberwallPLUS
CaptIO
Authors:
Captus Networks Corp.
URLs:
Centrax
Authors:
Centrax Corp., San Diego, CA; now CyberSafe
URLs:
CERN-NSM (Network Security Monitor)
Authors:
CERN, Geneva, Switzerland
URLs:
Cisco Secure IDS
Authors:
Cisco Systems, Inc., San Jose, TX
URLs:
CMDS (Computer Misuse Detection System)
Authors:
ODS Networks, Inc. Richardson, Texas now at intrusion.com, Inc.
URLs: References:
  • Proctor, P. E.: Computer Misuse Detection System (CMDST) Concepts, SAIC Technical Paper, 1996
    publications.saic.com
  • Proctor, P. E.: Audit reduction and misuse detection in heterogeneous environments: Framework and application, in Proc. of the 10th Annual Computer Security Applications Conference, Orlando, FL, Dec. 1994, 117 - 125
ComputerWatch
Authors:
AT&T Bell Laboratories, Whippany, New Jersey
URLs: References:
Dowell, C.; Ramstedt, P.: The ComputerWatch data reduction tool, in Proc. of the 13th National Computer Security Conference, Washington, D.C., Oct. 1990, 99 - 108
Corba Immune System
Authors:
Odyssey Research Associates, Inc.
URLs:
CSM (Cooperating Security Managers)
Authors:
  • Texas A&M University, College Station, Texas
  • US Air Force Academy, Colorado Springs, Colorado
References:
  • White, G. B.; Pooch, U.: Cooperating Security Managers: distributed intrusion detection systems, Computers & Security, Vol. 15, No. 5, 1996, 441 - 450
  • White, G. B.; Fisch, E. A.; Pooch, U. W.: Cooperating Security Managers: A Peer-based Intrusion Detection System, IEEE Network Magazine, IEEE Press, Jan./Feb. 1996, 20 - 23
CyberCop Monitor
Authors:
Network Associates, Inc.
URLs:
CyberTrace
Authors:
Ryan Net Works, LLC
URLs:
CyberwallPLUS
Authors:
Network-1 Security Solutions, Inc., Waltham, MA
URLs:
DARE DEC Defense Worx NIDSDEMIDS DERBI DIDS Discovery DPEM Dragon DRISC
DARE (Distributed Assessment and REsponse)
Authors:
Fred Cohen & Associates
URLs: References:
Cohen, E. D. F.; Berg, T.; Phillips, C.; Leung, V.; Chakerian, S.: An Automated, Dynamic, Flexible, Distributed, Scalable Network Defense, Available at http://www.all.net/journal/ntb/flex.html, June 29, 2000
DECinspect Intrusion Detector
Authors:
Digital Equipment Corporation, Merrimack, New Hampshire
References:
Holdon, D.: A rule-based intrusion detection system, in Proc. of the IFIP TC11 8th International Conference, 1992, 433 - 440
Defense Worx Network Intrusion Detection System
Authors:
Defense Worx
URLs:
DEMIDS - Detection of MIsuse in Database Systems
Authors:
University of California at Davis
URLs: References:
Chung, C.; Gertz, M.; Levitt, K.: DEMIDS: A Misuse Detection System for Database Systems, in Proceedings of Third International IFIP TC-11 WG11.5 Working Conference on Integrity and Internal Control in Information Systems, Kluwer Academic Publishers, 1999, 159 - 178
ResearchIndex/CiteSeer
DERBI (Diagnosis, Explanation and Recovery from computer Break-Ins)
Authors:
SRI International, Menlo Park, CA
URLs:
DIDS (Distributed Intrusion Detection System)
Authors:
University of California at Davis
URLs: References:
  • Snapp, S. R.; Smaha, S. E.; Grance, T.; Teal, D. M.: The DIDS (Distributed Intrusion Detection System) Prototype, USENIX, Summer 1992 Technical Conference San Antonio, USA, June 1992, Berkley, USENIX Association, 227 - 233
  • Snapp, S. R.; Brentano, J.; Dias, G. V.; Goan, T. L.; Heberlein, L. T.; Ho, C.; Levitt, K. N.; Mukherjee, B.; Smaha, S. E.; Grance, T.; Teal, D. M.; Mansur, D.: DIDS (Distributed Intrusion Detection System) - Motivation, architecture and an early prototype, Proc. of the 14th National Computer Security Conference, Washington, D. C., Oct. 1991, 167 - 176
    ResearchIndex/CiteSeer
  • Brentano, J.; Snapp, S. R.; Dias, G. V.; Goan, T. L.; Heberlein, L. T.; Ho, C. L.; Levitt, K. N.; Mukherjee, B.; Smaha, S. E.: An Architecture for a Distributed Intrusion Detection System, Proc. of the 14th DoE Computer Security Group Conference, May 1991, 25 - 45
  • Snapp, S. R.; Brentano, J.; Dias, G. V.; Goan, T. L.; Grance, T., Heberlein, L. T.; Ho, C.-L.; Levitt, K. N.; Mukherjee, B.; Mansur, D. L.; Pon, K. L.; Smaha, S. E.: A System for Distributed Intrusion Detection, Proc. of the COMPCON, Feb./March 1991, San Francisco, CA, 170 - 176
Discovery
Authors:
TRW, Orange, California
References:
Tener, W. T.: Discovery: An expert system in the commercial data security environment, Grissonnanche, A. (ed.): Proc. of the 4th IFIP TC11 International Conference on Security, IFIP Sec86, Monte Carlo, North Holland, Amsterdam, 1989, 261 - 268
DPEM (Distributed Program Execution Monitor)
Authors:
University of California at Davis
URLs: References:
  • Ko, C.: Execution Monitoring of Security-Critical Programs in a Distributed System: A Specification-Based Approach, Ph.D. Thesis, U.C. Davis, August 1996.
  • Ko, C.; Levitt, K.: Automated Detection of Vulnerabilities in Privileged Programs by Execution Monitoring, in Proceedings of the 10th Annual Computer Security Applications Conference, Orlando, FL, IEEE Computer Society Press, 1994, 134 - 144
    ResearchIndex/CiteSeer
Dragon
Authors:
Enterasys Networks (formerly Network Security Wizards, Inc.)
URLs:
DRISC (Detect and Recover Intrusion using System Critically)
Authors:
Information Intelligence Science, Inc., Aurora, Colorado
References:
Neumann, P. G.: A Comparative Anatomy of Computer System/Network Anomaly Detection Systems, CSL, SRI BN-168, Menlo Park, CA, 1990 ?, (summary of ComputerWatch, DRISC, GEMSOS, IDES, NADIR, W&S, Haystack)
EASEL EMERALD ENTERCEPT ERIDS ESSENSE eTrust-ID
EASEL
Authors:
US Naval Special Action Office
URLs:
formerly http://www.sac.navy.mil/idresources
EMERALD (Event Monitoring Enabling Responses to Anomalous Live Disturbances)
Authors:
SRI International, Menlo Park, CA
URLs: References:
  • Porras, A. Ph.; Neumann, P. G.: EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances, in Proc. of the National Information Systems Security Conference, 1997
  • Neumann, P. G.; Porras, A. Ph.: Experience with EMERALD to Date, in Proc. of First USENIX Workshop on Intrusion Detection and Network Monitoring, Santa Clara, California, April, 1999, 73 - 80
    ResearchIndex/CiteSeer
ENTERCEPT
Authors:
Entercept Security Technologies
URLs:
ERIDS (External Routing Intrusion Detection System)
Authors:
BBN Systems and Technologies
URLs:
ESSENSE
Authors:
Digital Equipment Corporation, Marlboro, Massachusetts
References:
Valcarce, E. M.; Hoglund, G. W.; Jansen, L.; Baillie, L.: ESSENSE: An experiment in knowledge-based security monitoring and control, in Proc. of the 3rd USENIX Unix Security Symposium, Baltimore, MD, Sept. 1992, 155 - 170
eTrust Intrusion Detection
Authors:
Computer Associates International, Inc., Islandia, NY, USA
URLs:
FW-1-specific-NID
FW-1 specific Network Intrusion Detector
Authors:
Lance Spitzner
URLs:
GASSATA GnG GrIDS
GASSATA (Genetic Algorithms for Simplified Security Audit Trail Analysis)
Authors:
SUPELEC, Cesson Sevigne, France
URLs: References:
  • Me, L.: Genetic Algorithms, a Biologically Inspired Approach for Security Audit Trails Analysis, short paper, presented at the 1996 IEEE Symposium on Security and Privacy, Oakland, CA, May 1996
  • Me, L.: Security audit trail analysis using genetic algorithms, in Proc. of the 12th International Conference on Computer Safety, Reliability and Security, Poznan, Poland, Oct. 1993, 329 - 340
GnG (GASSATA new Generation)
Authors:
SUPELEC, Cesson Sevigne, France
URLs: References:
  • Eric Totel, Bernard Vivinis and Ludovic Mé. A Language Driven Intrusion Detection System for Events and Alerts Correlation. Proceedings ot the 19th IFIP International Information Security Conference.Kluwer Academic, August 2004.
GrIDS (Graph-based Intrusion Detection System)
Authors:
University of California at Davis
URLs: References:
Staniford-Chen, S.; Cheung, S.; Crawford, R.; Dilger, M.; Frank, J.; Hoagland, J.; Levitt, K.; Wee, C.; Yip, R.; Zerkle, D.: GrIDS - A Graph Based Intrusion Detection System for Large Networks, in Proc. of the 19th National Information Systems Security Conference, Baltimore, MD, Oct. 1996, 361 - 370
ResearchIndex/CiteSeer
HAXOR Haystack HP IDS 9000 Hummer Hyperview
HAXOR
Authors:
IBM Watson Research Laboratory, Nawthorne, NY; HAXOR is now part of Tivoli
URLs:
Haystack
Authors:
Tracor Applied Sciences, Inc., Austin, Texas (later Haystack Labs, Inc., more later Trusted Information Systems, Inc., now Network Associates)
References:
Smaha, S. E.: Haystack: An intrusion detection system, in Proc. of the IEEE 4th Aerospace Computer Security Applications Conference, Orlando, FL, Dec. 1988, 37 - 44
HP IDS 9000
Authors:
Hewlett Packard
URLs:
Hummer
Authors:
University of Idaho
URLs: References:
McConnell, J.; Frincke, D.; Tobin, D.; Marconi, J.; Polla, D.: A Framework for Cooperative Intrusion Detection, in Proceedings of the 21st National Information Systems Security Conference (NISSC), October 1998, 361-373
NIST CSRC
Hyperview
Authors:
CS Telecom, Groupe CSEE, Paris, France
References:
  • Debar, H.; Dorizzi, B.: An application of a recurrent network to an intrusion detection system, in Proc. of the International Joint Conference on Neural Networks, Baltimore, MD, June 1992, 478 - 483
  • Debar, H.; Becker, M.; Siboni D.: A neural network component for an intrusion detection system, in Proc. of the IEEE Symposium on Research in Security and Privacy, Oakland, CA, May 1992, 1 - 11
IDA(1) IDA(2) IDA(3) IDEAS IDES IDIOT ID-Trak Inspect INTOUCH-INSA ISM ISOA ITA IP360
IDA(1) (Intrusion Detection Alert)
Authors:
Motorola, Rolling Meadows, Illinois
References:
Petersen, K. L.: IDA - Intrusion Detection Alert, in Proc. of the IEEE Annual International Computer Software and Applications Conference, Chicago, IL, Sept. 1992, 306 - 311
IDA(2) (Intrusion Detection and Avoidance system)
Authors:
University of Hamburg, Germany
URLs: References:
  • Sobirey, M.; Fischer-Hübner, S.; Rannenberg, K.: Pseudonymous Audit for Privacy Enhanced Intrusion Detection, in Yngström, L.; Carlsen, J. (eds.): Information Security in Research and Business, Proc. of the IFIP TC11 13th International Information Security Conference (SEC97), Copenhagen, Denmark, May 1997, Chapman & Hall, London, 151 - 163
  • Fischer-Hübner, S.; Brunnstein, K.: Combining verified and adaptive system components towards more secure computer architectures, in Rosenberg, J.; Keedy, J. L. (eds.): Proc. of the International Workshop on Computer Architectures to Support Security and Persistence of Information, Bremen, May 1990, 1 - 7
IDA(3) (Intrusion Detection Agents Systems)
Authors:
Information-technology Promotion Agency, Japan
URLs: References:
  • Asaka, M.; Okazawa, S; Taguchi, A.; Goto, S.: A Method of Tracing Intruders by Use of Mobile Agent, in Proceedings of the 9th Annual Internetworking Conference (INET`99), San Jose, California, June 1999
    ResearchIndex/CiteSeer
  • Asaka, M.; Taguchi, A.; Goto, S.: The Implementation of IDA: An Intrusion Detection Agent System, in Proceedings of the 11th FIRST Conference 1999, Brisbane, Australia, June 1999
    ResearchIndex/CiteSeer
IDEAS (Intrusion Detection & Alerting System)
Authors:
secunet Security Networks AG, Dresden, Germany
IDES (Intrusion Detection Expert System)
Authors:
SRI International, Menlo Park, California
URLs: References
  • Lunt, T.; Tamaru, A.; Gilham, F.; Jagannathan, R.; Jalali, C.; Neumann, P. G.; Javitz, H. S.; Valdes, A.; Garvey, T. D.: A real time Intrusion Detection Expert System (IDES) - Final Report, SRI International, Menlo Park, CA, Feb. 1992
  • Javitz, H. S.; Valdes, A.: The SRI IDES statistical anomaly detector, in Proc. of the Symposium on Research in Security and Privacy, Oakland, CA, May 1991, 316 - 326
  • Lunt, T. F.; Tamaru, A.; Gilham, F.; Jagannathan, R.; Neumann, P. G.; Jalali, C.: IDES: A Progress Report, in Proc. of the 6th Annual Computer Security Applications Conference, Dec. 1990, 273 - 285
  • Lunt, T. F.: IDES: An Intelligent System for Detecting Intruders, in Proc. of the Symposium: Computer Security, Threat and Countermeasures, Rom, Italy, Nov. 1990, ?? - ??
  • Lunt, T. F.; Jagannathan, R.: A Prototype Real-Time Intrusion Detection Expert System, in Proc. of the Symposium on Security and Privacy, New York, NY, Apr. 1988, 59 - 66
  • Lunt, T. F.: Knowledge based Intrusion Detection, in Proc. of the Annual AI Systems in Government Conference, Washington, D. C., March 1989, 102 - 107
  • Denning, D. E.; Neumann, P. G.: Requirements and Model for IDES - A Real-Time Intrusion Detection Expert System, Technical Report, Computer Science Laboratory, SRI International, Menlo Park, CA, 1985
IDIOT (Intrusion Detection In Our Time)
Authors:
Purdue University, West Lafayette, Indiana
URLs: References:
  • Crosbie, M.; Dole, B.; Ellis, T.; Krsul, I.; Spafford, E.: IDIOT - Users Guide, Technical Report TR-96-050, Purdue University, COAST Laboratory, Sept. 1996
    ResearchIndex/CiteSeer
ID-Trak
Authors:
Internet Tools, Inc., Fremont, California; later AXENT now Symantec
URLs:
formerly http://www.axent.com/Axent/Products/Framesection
INTOUCH INSA - Network Security Agent
Authors:
Touch Technologies, Inc.
URLs:
Inspect
Authors:
CEFRIEL, Milano, Italy
References:
Vigna, G.: Inspect: a Lightweight Distributed Approach to Automated Audit Trail Analysis, CEFRIEL, Milano, Italy
ResearchIndex/CiteSeer
Intruder Alert
Authors:
AXENT Technologies, Inc., Rockville, MD now Symantec
URLs:
ISM (Internetwork Security Monitor)
Authors:
University of California at Davis
References:
Heberlein, L. T.; Mukherjee, B.; Levitt, K. N.: Internet Security Monitor: An Intrusion Detection System for Large-Scale Networks, in Proc. of the 15th National Computer Security Conference, Baltimore, MD, Oct. 1992, 262 - 271
ISOA (Information Security Officers Assistent)
Authors:
Planning Research Corp., Inc., Mc Lean, Virginia
References:
  • Winkler, J. R.; Landry, L. C.: Intrusion and anomaly detection, ISOA update, in Proc. of the 15th National Computer Security Conference, Baltimore, Oct. 1992, 272 - 281
  • Winkler, J. R.: A UNIX Prototype for Intrusion and Anomaly Detection in Secure Networks, in Proc. of the 13th National Computer Security Conference, Washington, D. C., Oct. 1990, 115 - 124
  • Winkler, J. R.; Page, W. J.: Intrusion and Anomyly Detection in Trusted Systems, in Proc. of the 5th Anual Computer Security Applications Conference, Tucson, AZ, 1989, 39 - 45
IP360
Authors:
nCircle Network Security (see ARMOR)
URLs:
JAMJiNao
JAM
Authors:
Columbia University
URLs: References:
Lee, W.; Stolfo, S. J.; Mok, K. W.: A Data Mining Framework for Building Intrusion Detection Models, In Proceedings of the 1999 IEEE Symposium on Security and Privacy, May 1999, 120-132
ResearchIndex/CiteSeer
JiNao
Authors:
MCNC, Research Triangle Park, NC
URLs: References:
Jou, J.F.; Wu, S.F.; Gong, F.; Cleaveland, W.R.; Sargor, C.: Architecture design of a scalable intrusion detection system for the emerging network infrastructure. Technical report, MCNC, Dep. of Computer SC. North Carolina State University, April 1997
ResearchIndex/CiteSeer
KSE KSM
KSE (Kane Security Enterprise)
Authors:
Intrusion.com, Inc., New York, NY
URLs:
KSM (Kane Security Monitor)
Authors:
Intrusion Detection, Inc., New York, NY
URLs:
LANguard
LANguard
Authors:
GFI Ltd.
URLs:
M-ICEMADAM IDMAIDSManHuntMIDAS(1) MIDAS(2) MIDS
M-ICE (Modular Intrusion Detection and Countermeasure Environment)
Author:
Thomas Biege
URLs:
MADAM ID (Mining Audit Data for Automated Models for Intrusion Detection)
Authors:
Columbia University
References:
Lee, W.; Nimbalkar, R.; Yee, K.; Patil, S.; Desai, P.; Tran, T.; Stolfo, S.: A Data Mining and CIDF Based Approach for Detecting Novel and Distributed Intrusions, in Proceedings of the Third International Workshop in Recent Advances in Intrusion Detection, Toulouse, France, October 2000.
MAIDS (Mobile Agent Intrusion Detection System)
Authors:
Iowa State University
URLs: References:
  • Helmer, G.G.; Wong, J. S. K.; Honavar, V.; Miller, L.: Intelligent agents for intrusion detection, in Proceedings, IEEE Information Technology Conference, Syracuse, NY, September 1998, 121-124
    ResearchIndex/CiteSeer
  • Helmer, G.; Wong, J.; Honavar, V.; Miller, L.: Lightweight agents for intrusion detection, submitted to Journal of Systems and Software, 2000,
    ResearchIndex/CiteSeer
ManHunt
Authors:
Recourse Technologies, Inc.
URLs:
MIDAS(1) (Multics Intrusion Detection and Alerting System)
Authors:
  • National Computer Security Center, Ft. Meade, Maryland
  • SRI International, Menlo Park, California
References:
Sebring, M. M.; Sellhouse, E.; Hanna, M. E.; Whitehurst, R. A.: Expert system in intrusion detection: A case study, in Proc. of the 11th National Computer Security Conference, Baltimore, MD, Oct. 1988, 74 - 81
MIDAS(2) (Mobile Intrusion Detection and Assessment System)
References:
Arlowe, H. D.; Coleman, D. E.: The Mobile Intrusion Detection and Assessment System (MIDAS), in Proceedings of the Security Technology Conference, Location TBD, October 10-12, 1990, 54-61
MIDS (Master Intrusion Detection System)
Authors:
University of California at Davis
URLs:
NADIR NAURS NEDAA NetDetect NetFacade NetProwler NetStalker NetSTAT Network Radar NFR NICE NID NIDAR NIDES NIDX NOCOL NSM NSTAT
NADIR (Network Anomaly Detector and Intrusion Reporter)
Authors:
Los Alamos National Laboratory, New Mexico
URLs: References:
  • Hochberg, J.; Jackson, K.; Stallings, C.; McClary, J.; DuBois, D.; Ford, J.: NADIR: An automated system for detecting network intrusions and misuse, Computers and Security 12(1993)3, May, 253 - 248
  • Jackson, K. A.: NADIR: A Prototype System for Detecting Network and File System Abuse, in Proc. of the 7th European Conference on Information Systems, Nov. 1992
  • Jackson, K.; DuBois, D. H.; Stallings, C. A.: An expert system application for network intrusion detection, in Proc. of the 14th National Computer Security Conference, Washington, D. C., Oct. 1991, 215 - 225
NAURS (Network Auditing Usage Reporting System)
Authors:
SRI International, Menlo Park, California
References:
  • The following two references are cited in: Lunt, T. F.: Automated audit trail analysis and intrusion detection: A survey, in Proc. of the 11th National Computer Security Conference, Baltimore, MD, Oct. 1988, ResearchIndex/CiteSeer
  • Neumann, P. G.: Audit trail analysis and usage data collection and processing, Part 1. Computer Science Laboratory, SRI International, Jan. 1985
  • Neumann, P. G.; Ostapik, F.: Audit Trail Analysis and Usage Data Collection and Processing, Part 2, Computer Science Laboratory, SRI International, May 1987
NEDAA (Network Exploitation Detection Analyst Assistant)
Authors:URLs: References:
Sinclair, Ch.; Pierce, L.; Matzner, S. P.: An Application of Machine Learning to Network Intrusion Detection,in Proc. of 15th Annual Computer Security Applications Conference (ACSAC), Phoenix, Arizona, 1999
ACSAC.org
NetDetect
Authors:
Lucidian Technologies, Inc.
URLs:
NetFacade
Authors:
BBN Systems and Technologies
URLs:
NetProwler
Authors:
AXENT Technologies, Inc., Rockville, MD now Symantec
URLs:
NetStalker
Authors:
Haystack Laboratories, Inc., later Trusted Information Systems, Inc., now Network Associates
URLs:
formerly http://www.haystack.com/netstalk.htm
NetSTAT (Network-based State Transition Analysis Tool)
Authors:
University of California at Santa Barbara
URLs: References
  • Vigna, G.; Kemmerer, R.A.: NetSTAT: A Networkbased Intrusion Detection System, in Journal of Computer Security, Vol. 7, No. 1,1999, 37-71
    ResearchIndex/CiteSeer
  • Vigna, G.; Kemmerer, R.A.: NetSTAT: A Network-based Intrusion Detection Approach, in Proceedings of the 14th Annual Computer Security Conference, Scottsdale, Arizona, December 1998
    ResearchIndex/CiteSeer
  • Vigna, G.; Eckmann, S. T.; Kemmerer, R. A.: The STAT Tool Suite, in Proceedings of DISCEX 2000, Hilton Head Island, January 2000, IEEE Press
    ResearchIndex/CiteSeer
Network Radar
Authors:
Net Squared, Inc.
URLs:
NFR (Network Flight Recorder)
Authors:
Network Flight Recorder, Inc.
URLs:
NICE (?)
Authors:
University of New Mexico
References:
  • Heady, R.; Luger, G.; Macabe, A.; Servilla, M.; Sturtevant, J.: A prototype implementation of a network-level intrusion detection system, Technical Report CS91-11, Department of Computer Science, University of New Mexico, May 1991
  • Heady, R.; Luger, G.; Macabe, A.; Servilla, M.: The architecture of a network level intrusion detection system, Technical Report CS90-20, Department of Computer Science, University of New Mexico, Aug. 1990
NID (Network Intrusion Detector)
Authors:
Lawrence Livermore National Laboratory
URLs:
NIDAR
Authors:
DSO National Laboratories, Singapore
NIDES (Next-generation Intrusion Detection Expert System)
Authors:
SRI International, Menlo Park, California
URLs: References:
  • Anderson, D.; Lunt, T. F.; Javitz, H.; Tamaru, A.; Valdes, A.: Detecting Unusaul Program Behavior Using the Stastistical Component of the Next-generation Intrusion Detection Expert System (NIDES), SRI-CSL-95-06, SRI International, Menlo Park, CA, May 1995
  • Anderson, D.; Frivold, Th.; Valdes, A.: Next-generation Intrusion Detection Expert System (NIDES): A Summary, SRI-CSL-95-07, SRI International, Menlo Park, CA, May 1995
  • Anderson, D.; Frivold, T.; Tamaru, A.; Valdes, A.: Next-generation Intrusion Detection Expert System (NIDES): Software Users Manual, 1994
    ResearchIndex/CiteSeer
NIDX (Network Intrusion Detection eXpert system)
Authors:
Bell Communications Research, Inc., Piscataway, New Jersey
References:
  • Bauer, D. S.; Koblentz, M. E.: NIDX - An expert system for real-time network intrusion detection, in Proc. of the IEEE Computer Networking Symposium, New York, NY, April 1988, 98 - 106
  • Bauer, D. S.; Koblentz, M. E.: NIDX -- a real-time intrusion detection expert system, in Proceedings of the Summer 1988 USENIX Conference, 1988, 261-273
NOCOL (Network Operation Center On-Line) a.k.a. SNIPS (System and Network Integrated Polling Software)
Authors:
Netplex Technologies Inc.
URLs:
NSM (Network Security Monitor)
Authors:
University of California at Davis
References:
  • Heberlein, L. Todd:Network Security Monitor: Final Report,University of California at Davis, Computer Science Department, Computer Security Laboratory, 1995,http://seclab.cs.ucdavis.edu/papers/NSM-final.pdf
  • Heberlein, L. T.; Levitt, K. N.; Mukherjee, B.: A method to detect intrusive activity in a networked environment, in Proc. of the 14th National Computer Security Conference, Washington D. C., Oct. 1991, 362 - 371
  • Heberlein, L. T.; Dias, G. V.; Levitt, K. N.; Mukherjee, B.; Wood, J.: Networks Attacks and an Ethernet-based Network Security Monitor, in Proc. of the 13th DOE Security Group Conference, Augusta, GA, May 1990
  • Heberlein, L. T.; Dias, G. V.; Levitt, K. N.; Mukherjee, B.; Wood, J.; Wolber, D.: A Network Security Monitor, in Proc. of the IEEE Symposium on Research in Security and Privacy, Oakland, CA, May 1990, 296 - 304
NSTAT
Authors:
University of California at Santa Barbara
URLs: References:
  • Vigna, G.; Eckmann, S. T.; Kemmerer, R. A.: The STAT Tool Suite, in Proceedings of DISCEX 2000, Hilton Head Island, IEEE Press, January 2000
    ResearchIndex/CiteSeer
  • Kemmerer, R. A.: NSTAT: A Model-based Real-time Network Intrusion Detection System, Computer Science Dep., University of California Santa Barbara, Technical Report TRCS97-18, November 1997
    ResearchIndex/CiteSeer
Openview Node Sentry
Openview Node Sentry
Authors:
Hewlett Packard
URLs:
Packet MonsterPDAT POLYCENTER-Security-ID PRéCis PRELUDE ProxyStalker
Packet Monster
Authors:
Keiji Takeda
URLs:
PDAT (Protocol Data Analysis Tool)
Authors:
Siemens AG, Munich, Germany
References
Weiss, W. R. E.; Baur, A.: Analysis of audit and protocol data using methods from artificial intelligence, in Proc. of the 13th National Computer Security Conference, Washington, D.C., Oct. 1990, 109 - 114
POLYCENTER Security Intrusion Detector
Authors:
Digital Equipment Corporation, now COMPAQ
URLs:
formerly http://www.digital.com/info/security/id.htm
PRéCis
Authors:
Litton PRC, McLean, VA
URLs:
Prelude
URLs:
ProxyStalker for NT
Authors:
Haystack Laboratories, Inc., later Trusted Information Systems, Inc., now Network Associates
Quicksand
Quicksand
Authors:
Technical University Vienna
URLs:
RAD RealSecure RETISS RID
RAD (Registry Anomaly Detection)
Authors:
Columbia University
URLs:
RealSecure
Authors:
Internet Security Systems, Inc., Atlanta, Georgia
URLs:
RETISS (REal-TIme expert Security System)
Authors:
Universita di Milano, Italia
References:
Carettoni, F.; Castano, S.; Martella, G.; Samaratti, P.: RETISS: A Real Time Security System for Threat Detection using Fuzzy Logic, in Proc. of the 25th Annual IEEE International Carnahan Conference on Security Technology, Oct. 1991, 161 - 167
RID (Reactive Intrusion Detection for Gauntlet Firewalls)
Authors:
LURHQ Corp., Conway, SC
URLs:
SecureNet PRO SecureSwitch SHADOW SIDS Snort SnortNet SPARTAStake-Out Stalker STIDE
SecureNet PRO
Authors:
MimeStar, Inc., Blacksburg, VA now intrusion.com, Inc.
URLs:
SecureSwitch
Authors:
ODS Networks, Inc., Richardson, Texas now intrusion.com, Inc.
URLs:
formerly http://www.ods.com/
SHADOW (Secondary Heuristic Analysis for Defensive Online Warfare)
Authors:
Naval Surface Warfare Center, Dahlgren Division
URLs:
SIDS (Statistical Intrusion Detection System)
Authors:
SRI International, Menlo Park, California
References:
Javitz, H. S.; Denning, D. E.; Neumann, P. G.: Analytical techniques development for a Statistical Intrusion Detection System (SIDS) based on accounting records, SRI International, Menlo Park, CA, July 1986
Snort
Authors:
Martin Roesch
URLs:
SnortNet
Authors:
Yarochkin Fyodor
URLs:
SPARTA (Security Policy Adaptation Reinforced Through Agents)
Authors:
Technical University Vienna
URLs:
http://www.infosys.tuwien.ac.at/sparta/
Stake Out
Authors:
Harris Corporation
URLs:
formerly http://www.stakeout.harris.com
References:
Harris Corporation: Stake Out. Network surveillance, White Paper, 1996
Stalker
Authors:
Haystack Laboratories, Inc.; later Trusted Information Systems, Inc., now Network Associates
URLs:
formerly http://www.haystack.com/stalk.htm
References:
Smaha, S. E.; Winslow, J.: Misuse detection tools, Computer Security Journal 10(1994)1, Spring, 39 - 49
STIDE (Sequence TIme-Delay Embedding)
Authors:
University of New Mexico
URLs:
TIM Tivoli-Cross-Site-for-Security TRW-IDS T-sight
TIM (Time-based Inductive Machine) based IDS
Authors:
University of Illinois at Urbana-Champaign
References:
  • Teng, H. S.; Chen, K.; Lu, S. C.: Security audit trail analysis using inductively generated predictive rules, in Proc. of the 6th Conference on Artificial Intelligence Applications, Santa Barbara, CA, May 1990, 24-29
  • Teng, H. S.; Chen, K.; Lu, S. C.: Adaptive real-time anomaly detection using inductively generated sequential patterns, in Proc. of the IEEE Symposium on Research in Security and Privacy, Oakland, CA, May 1990, 278 - 284
Tivoli Cross-Site for Security
Authors:
Tivoli Systems, Inc., TX; (an IBM company)
URLs:
TRW (system name unknown)
References:
TRW Defense Systems Group: Intrusion Detection Expert System Feasibility Study, Final Report 46761, 1986
T-sight
Authors:
En Garde Systems, Inc.
URLs:
UNICORN USTAT
UNICORN (Unicos Realtime NADIR)
Authors:
Los Alamos National Laboratory, Los Alamos, New Mexico
URLs: References:
  • Christoph, G. G.; Jackson, K. A.; Neumann, M. C.; Siciliano, Ch. L. B.; Simmonds, D. D.; Stallings, C. A.; Thompson, J. L.: UNICORN: Misuse Detection for UNICOS, in Proc. of the Supercomputing 95, San Diego, CA, 1995
    supercomp.org
  • Jackson, K.; Neumann, M.; Simmonds, D.; Stallings, C.; Thompson, J.; Christoph, G.: An Automated Computer Misuse Detection System for UNICOS, in Proc. of the Cray Users Group Conference, Oct. 1994
USTAT (Unix State Transition Analysis Tool)
Authors:
University of California at Santa Barbara
URLs References:
  • Vigna, G.; Eckmann, S. T.; Kemmerer, R. A.: The STAT Tool Suite, in Proceedings of DISCEX 2000, Hilton Head Island, January 2000, IEEE Press
    ResearchIndex/CiteSeer
  • Ilgun, K.; Kemmerer, R. A.; Porras, Ph. A.: State transition analysis: A rule-based intrusion detection approach, IEEE Transactions on Software Engineering 21(1995)3, 181 - 199
    ResearchIndex/CiteSeer
  • Ilgun, K.: USTAT: A Real-time Intrusion Detection System for UNIX, in Proc. of the IEEE Computer Society Symposium on Research in Security and Privacy, May 1993, Oakland, CA, 16 - 28
    ResearchIndex/CiteSeer
VisionIDS
VisionIDS
Authors:
Developer: Max Vision (Whitehats)
URLs:
WebStalker W&S
WebStalker Pro
Authors:
Haystack Laboratories, Inc.; later Trusted Information Systems
URLs:
W&S (Wisdom & Sense)
Authors:
  • Los Alamos National Laboratory, Los Alamos, New Mexico
  • Oak Ridge National Laboratory, Oak Ridge, Tennessee
References:
  • Liepins, G. E.; Vaccaro, H. S.: Intrusion Detection: Its role and validation, Computers & Security 11/1992, 347 - 355
  • Liepins, G. E.; Vaccaro, H. S.: Anomaly detection purpose and framework, in Proc. of the 12th National Computer Security Conference, Baltimore, MD, Oct. 1989, 495 - 504
  • Vaccaro, H. S.; Liepins, G. E.: Detection of anomalous computer session activity, in Proc. of the Symposium on Research in Security and Privacy, Oakland, CA, May 1989, 280 - 289
X
No entries !!!
Y
No entries !!!
Z
No entries !!!