Intrusion Detection Systems and Multisensor Data Fusion

In 1999 Tim Bass, CISSP, published a series of papers on the future of intrusion detection in the Internet. These papers, in particular his ACM paper, Intrusion Detection Systems & Multisensor Data Fusion – Creating Cyberspace Situational Awareness [1], helped spark a modern revolution in Internet security, particularly in the area of network-based intrusion detection systems (IDS). This paper was motivated, in part, based on Bass’ work during The Langley Cyberattack described in his paper E-Mail Bombs and Countermeasures: Cyber Attacks on Availability and Brand Integrity. In this page we survey subsequent papers that reference Bass’ work in next generation multisensor data fusion-based IDS.

 

 

Contents

Original IDS Papers

 

The table below contain links to Bass’ three IDS papers. These papers were written in 1999 based on his experience in defending military and financial networks against coordinated cyberattacks.

 

Date Author(s) Organization Document
February 26, 1999 Tim Bass SilkRoad Intrusion Detection Systems & Multisensor Data Fusion (Published in April 2000)
May 1999 Tim Bass SilkRoad Multisensor Data Fusion for Next Generation Distributed Intrusion Detection Systems
September 1999 Tim Bass and David Gruber SilkRoad, USAF A Glimpse Into the Future of ID

 

PhD, Masters and Bachelors Degree Thesis

 

This is a selected list of university papers that were, to some degree, inspired and motivated by Bass’ IDS work.

 

Date Author(s) Organization Document
April 6, 2006 Adam Scott Chapman The Florida State University College of Arts and Sciences A Dynamic, Perimeter Based, Comunity-Centric Access Control System
February 21, 2005 Giorgio Giacinto DIEE Intrusion Detection Systems for Computer Networks
June 9, 2004 S. Terry Brugger University of California Data Mining for Network Intrusion DetectionSee Also
December 2004 James Graves Napier University Advanced Detection and Immunisation of Network Based Security Threats
2004 Jeffrey L. Undercoffer University of Maryland Intrusion Detection: Modeling System State to Detect and Classify Aberrant Behaviors
June 2, 2003 Kenneth Ingham University of New Mexico Protecting Network Servers
October 2002 Remco C. de Boer Rotterdam School of Economics A Generic Architecture for Fusion-Based Intrusion Detection Systems
2001 Baino Paul Royal Melbourne Institute of Technology Evaluate of Security Risks Associated with Networked Information Systems
October 18, 2000 Diego Zamboni Purdue University Doing intrusion detection using embedded sensors — Thesis Proposal

 

Conference and Journal Papers

 

This table contains selected conference papers that reference Bass’ ACM paper on IDS and Multisensor Data Fusion. Included, for completeness, are two of Bass’ follow-up papers.

 

Date Author(s) Organization Document
September 4-6, 2006 Simon T. Powers, Jun He University of Birmingham Evolving discrete-valued anomaly detectors for a networkintrusion detection system using negative selection
May, 2006 Pontus Svenson, Per Svensson and Hugo Tullberg FOI Social Network Analysis and Information Fusion for Anti-Terrorism
April, 2006 Chen Xiu-Zhen, Zheng Qing-Hua, Guan Xiao-Hong and Lin Chen-Guang Xi’an Jiaotong University Quantitative Hierarchical Threat Evaluation Model for Network Security
2006 Keun-Hee Han, Il-Gon Kim, Kang-Won Lee, Jin-Young Ghoi and Sang-Hun Jeon Korea University Threat Evaluation Method for Distributed Network Environment
September 9, 2005 Keun-Hee Han, Il-Gon Kim, Kang-Won Lee, Jin-Young Ghoi and Sang-Hun Jeon Korea University Development of Threat Evaluation Tool for Distributed Network Environment
September 8, 2005 Jason Shifflet John Carroll University A Technique Independent Fusion Model for Network Intrusion Detection
July 12, 2005 Jeyanthi Hall, Michel Barbeau, and Evangelos Kranakis TBD Radio Frequency Fingerprinting for Intrusion Detection in Wireless Networks
June 2005 Dong Song, Heywood, M.I., Zincir-Heywood, A.N. University of Michigan Training Genetic Programming on Half a Million Patterns: An Example from Anomaly Detection
May/June 2005 Taejoon Park and Kang G. Shin University of Michigan Soft Tamper-Proofing via Program Integrity Verification in Wireless Sensor Networks
April 17-21,2005 Eduardo Freire Nakamura1, Carlos Mauricio S. Figueiredo1,and Antonio Alfredo F. Loureiro1 Federal University of Minas Gerais, Research and Technological Innovation Center Information Fusion for Data Dissemination in Self-Organizing Wireless Sensor Networks
March 2005 Dong Yu & Deborah Frincke University of Idaho Alert Confidence Fusion in Intrusion Detection Systems with Extended Dempster-Shafer Theory
2005 Leo J. De Vin1, Sten F. Andler, Amos H.C. Ng, Philip R. Moore2, Junsheng Pu and Bill C-B Wong University of Skövde, De Montfort University Information Fusion: What Can the Manufacturing Sector Learn from the Defence Industry
2005 Leo J De Vin, Amos H C Ng, Amos H C Ng, Sten F Andle University of Skövde Information Fusion for Simulation Based Decision Support in Manufacturing
2005 Dong Song and Malcolm I. Heywood and A. Nur Zincir-Heywood Quest Software Inc. Training genetic programming on half a million patterns: an example from anomaly detection
December 4, 2004 Nong Ye, Qiang Chen, and Connie M. Borror Arizona State University EWMA Forecast of Normal System Activity for EWMA Forecast of Normal System Activity for Computer Intrusion Detection
December, 2004 Urko Zurutuza, Roberto Uribeetxeberria Mondragon University Intrusion Detection Alarm Correlation: A Survey
November 29, 2004 Manish Nair, Shantanu Gupta University of Michigan College of Engineering IDSMonitor: A P2P Monitoring System for Distributed IDS
November 2, 2004 Tim Bass SilkRoad Service-Oriented Horizontal Fusion in Distributed Coordination-Based Systems
September, 2004 Carlos C. Sun, Glenn S. Arr, Ravi P. Ramachandran, and Stephen G. Ritchie IEEE Vehicle Reidentification Using Multidetector Fusion
July 12, 2004 Yan Chen Aaron Beach Jason Skicewicz Northwestern University Cyber Disease Monitoring with Distributed Hash Tables: A Global Peer-to-Peer Intrusion Detection System
March 14-17, 2004 Stefano Zanero & Sergio M. Savaresi Politecnico di Milano Unsupervised Learning Techniques for an intrusion Detection System
March 2004 Christos Siaterlis & Basil Maglaris National Technical University of Athens Towards Multisensor Data Fusion for DoS Detection
March 2004 Sodiya A.S., Longe H.O.D., Akinwale A.T. Emerald Group Publishing Limited A New Two-tiered Strategy to Intrusion Detection
March 2004 Nong Ye, Yebin Zhang, and Connie M. Borror Arizona State University, Information and Systems Assurance Laboratory Robustness of the Markov-Chain Model for Cyber-Attack Detection
2004 Olivier Feron, Ali Mohammad-Djafari Laboratoire des signaux et systèmes A hidden Markov Model for image fusion and their joint segmentation in medical image computing
2004 Alexandr Seleznyov and Stephen Hailes University College London Distributed Knowledge Management for Autonomous Access Control in Computer Networks
2004 Benjamin D. Uphoff, Paul J. Criscuolo Los Alamos National Laboratory A Framework for Collection and Management of Intrusion Detection Data Sets
2004 Fabrice Gadaud, Mathieu Blanc, Frederic Combeau Commissariat `a l’Energie Atomique & Laboratoire d’Informatique Fondamentale d’Orlean An Adaptive Instrumented Node for Efficient Anomalies and Misuse Detections in HPC environment
2004 Dipankar Dasgupta The University of Memphis Immuno-Inspired Autonomic System for Cyber Defense
2003 Guy Helmer, Johnny S.K. Wong, Vasant Honavar, Les Miller and Yanxin Wang Iowa State University Lightweight Agents For Intrusion Detection
2003 P. Pietik”ainen, J. R”oning University of Oulu Communication Pattern Extraction: Inferring Causal Relationships in Complex Systems
2003 Jurgen Bohn, Felix Gartner, and Harald Vogt Eidgenossische Technische Hochschule (ETH) Zurich, Ecole Polytechnique Federale de Lausanne (EPFL) Dependability Issues of Pervasive Computing in a Healthcare Environment
2003 Christos Siaterlis & Basil Maglaris National Technical University of Athens A Novel Approach for a Distributed Denial of Service Detection Engine
2003 D. Dasgupta, F. Gonzalez, K. Yallapu, J. Gomez, R. Yarramsettii, G. Dunlap, M. Greveas The University of Memphis, DARPA CIDS: An Agent-based Intrusion Detection System
September 9-12, 2002 G. Chachis Titan Systems Corporation Nanosoftware: All for One or One for All?
July 7, 2002 Tim Bass SilkRoad The Federation of Critical Infrastructure Information via Publish-Subscribe Enabled Multisensor Data Fusion
June 23-26, 2002 Andy Franz, Radek Mista, David Bakken, Curtis Dyreson, Murali Medidi Washington State University Mr. Fusion: A Programmable Data Fusion Middleware Subsystem with a Tunable Statistical Profiling Service
June 17-19 2002 Stephen D. Wolthusen Fraunhofer-IGD Distributed Intrusion Detection for Policy-Controlled Heterogeneous Environments
2002 Jeffrey Undercoffer, Filip Perich and Charles Nicholas University of Maryland SHOMAR: An Open Architecture for Distributed Intrusion Detection Services
2002 Peter Lichodzijewski, A. Nur Zincir-Heywood, Malcolm I. Heywood Dalhousie University Host-based intrusion detection using self-organizing maps
September 14, 2001 W. Elmenreich and S. Pitzek Institut fur Technische Informatik The Time-Triggered Sensor Fusion Model
May, 2001 Mark T. Mayburry Bedford Artificial Intelligence Center Distributed, Collaborative, Knowledge Based Air Campaign Planning
April 19, 2001 S. T. Brugger, M. Kelly, K. Sumikawa, S. Wakumoto US DOE, Lawerence Livermore National Laboratory Data Mining for Security Information: Survey
March 1, 2001 Guy Helmer, Johnny S.K. Wong, Vasant Honavar, Les Miller, Yanxin Wang Iowa State University Lightweight Agents for Intrusion Detection
February, 2001 Daniel Bilar, Daniel Burroughs Thayer School of Engineering, Dartmouth College Introduction to state-of-the-art intrusion detection technologies
2001 David E. Bakken, Zhiyuan Zhan, Christopher C. Jones & David A. Karr Washington State University, BBN Technologies Middleware Support for Voting and Data Fusion
2001 Zheng Shan,Peng Chen, Ying Xu & Ke Xu IEEE Computer Society A Network State Based Intrusion Detection Model
2001 Banji K. Lawal, Dr.Dennis Guster St. Cloud State University The Development of a Intrusion Detection/Defense System for. Linux Hosts
2001 Rajeev Gopalakrishna Purdue University A Framework for Distributed Intrusion Detection using Interest-Driven Cooperative Agents
December, 2000 Vu N.P. Dao, Rao Vemuri, Steven J. Templeton University of California, Lawrence Livermore National Laboratory Profiling Users in the UNIX OS Environment
February 22-23, 1999 Michael L. Cohen, Jeffrey I. Sands The National Security Council Report of the Reporting and Analysis Track

 

 

Selected Web Articles and On-Line Presentations

 

Here the Wiki references a few on-line papers and presentations that also reference Bass’ IDS work.

 

Date Author(s) Organization Document
July 20, 2006 Tim Bass TIBCO Software Inc. Using Event Processing to Enable Enterprise Security
February 21, 2005 Giorgio Giacinto Cagliari Intrusion Detections Systems for Computer Networks
July 23, 2004 Przemyslaw Kazienko & Piotr Dorosz WindowsSecurity.com Intrusion Detection Systems (IDS) Part 2 – Classification; methods; techniques
April 21, 2004 Jimmy (Jingmin) Zhou University of California Using Capability Attack Model for Correlating Intrusion Detection Alerts
February 12, 2004 Ganesh Godavari University of Colorado Report on Intrusion Detection and Data Fusion
2003 Kapil Kumar Singh University of British Columbia Intrusion Detection and Analysis
June 19 2002 Detmar Liesen - Requirements for Enterprise-Wide Scaling Intrusion Detection Products
February 2002 Jay Aslam, David Kotz, and Daniela Rus Dartmouth University Sawmill -Infrastructure for Distributed Collaboration in Detecting Network Attacks
2002 D. Grossman, N. Goharian, O. Frieder and N. Raju Illinois Institute of Technology, Extending the Undergraduate Computer Science Curriculum to Include Information Retrieval and Data Mining
2002 Florence DUCHÊNE, Vincent RIALLE, and Norbert NOURY Michallon Hospital Home Health Telecare: Proposal of an Architecture for Patient Monitoring and Critical Situation Detection
2002 D. Grossman, N. Goharian, O. Frieder and N. Raju Illinois Institute of Technology, Extending the Undergraduate Computer Science Curriculum to Include Information Retrieval and Data Mining
TBD Intellitactics BizForum.org Enterprise Security Management: Managing Complexity
TBD Honors 301 University of South Alabama Honors 301–Introduction to Honors Senior Project

 

Languages Other Than English

 

Date Author(s) Organization Language Document
July, 2005 Ralf Steinmetz Technischen Universitat Darmstadt German Effiziente Echtzeit-Kommunikationsdienste durch Einbeziehung von Kontexten
March 28, 2005 TBD TBD Japanese MegaCrypt 2005
October, 2004 Urko Zurutuza Ortega Mondragon Unibertsitatea Spanish Sistemas de Deteccion de Intorusos
November 14, 2003 Walter Baluja Garcia Telematica Spanish Estado actual de la tecnologia de deteccion de intrusos en las redes de computadoras(I parte)
2002 NTT NTT Data Japanese An Analysis and Decision Support System Against Network Intrusions
2002 Florence Duchêne, Vincent Rialle, Norbert Noury Laboratoire TIMC-IMAG French Télésurveillance médicale à domicile : Proposition d’une architecture pour un système de détection de situations critiques et de décision sur l’état d’un patient
1999 TBD JetInfo.Ru Russian ???????? ?????
Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks