Intrusion Detection Systems and Multisensor Data Fusion
In 1999 Tim Bass, CISSP, published a series of papers on the future of intrusion detection in the Internet. These papers, in particular his ACM paper, Intrusion Detection Systems & Multisensor Data Fusion – Creating Cyberspace Situational Awareness [1], helped spark a modern revolution in Internet security, particularly in the area of network-based intrusion detection systems (IDS). This paper was motivated, in part, based on Bass’ work during The Langley Cyberattack described in his paper E-Mail Bombs and Countermeasures: Cyber Attacks on Availability and Brand Integrity. In this page we survey subsequent papers that reference Bass’ work in next generation multisensor data fusion-based IDS.
Contents |
Original IDS Papers
The table below contain links to Bass’ three IDS papers. These papers were written in 1999 based on his experience in defending military and financial networks against coordinated cyberattacks.
| Date | Author(s) | Organization | Document |
| February 26, 1999 | Tim Bass | SilkRoad | Intrusion Detection Systems & Multisensor Data Fusion (Published in April 2000) |
| May 1999 | Tim Bass | SilkRoad | Multisensor Data Fusion for Next Generation Distributed Intrusion Detection Systems |
| September 1999 | Tim Bass and David Gruber | SilkRoad, USAF | A Glimpse Into the Future of ID |
PhD, Masters and Bachelors Degree Thesis
This is a selected list of university papers that were, to some degree, inspired and motivated by Bass’ IDS work.
Conference and Journal Papers
This table contains selected conference papers that reference Bass’ ACM paper on IDS and Multisensor Data Fusion. Included, for completeness, are two of Bass’ follow-up papers.
| Date | Author(s) | Organization | Document |
| September 4-6, 2006 | Simon T. Powers, Jun He | University of Birmingham | Evolving discrete-valued anomaly detectors for a networkintrusion detection system using negative selection |
| May, 2006 | Pontus Svenson, Per Svensson and Hugo Tullberg | FOI | Social Network Analysis and Information Fusion for Anti-Terrorism |
| April, 2006 | Chen Xiu-Zhen, Zheng Qing-Hua, Guan Xiao-Hong and Lin Chen-Guang | Xi’an Jiaotong University | Quantitative Hierarchical Threat Evaluation Model for Network Security |
| 2006 | Keun-Hee Han, Il-Gon Kim, Kang-Won Lee, Jin-Young Ghoi and Sang-Hun Jeon | Korea University | Threat Evaluation Method for Distributed Network Environment |
| September 9, 2005 | Keun-Hee Han, Il-Gon Kim, Kang-Won Lee, Jin-Young Ghoi and Sang-Hun Jeon | Korea University | Development of Threat Evaluation Tool for Distributed Network Environment |
| September 8, 2005 | Jason Shifflet | John Carroll University | A Technique Independent Fusion Model for Network Intrusion Detection |
| July 12, 2005 | Jeyanthi Hall, Michel Barbeau, and Evangelos Kranakis | TBD | Radio Frequency Fingerprinting for Intrusion Detection in Wireless Networks |
| June 2005 | Dong Song, Heywood, M.I., Zincir-Heywood, A.N. | University of Michigan | Training Genetic Programming on Half a Million Patterns: An Example from Anomaly Detection |
| May/June 2005 | Taejoon Park and Kang G. Shin | University of Michigan | Soft Tamper-Proofing via Program Integrity Verification in Wireless Sensor Networks |
| April 17-21,2005 | Eduardo Freire Nakamura1, Carlos Mauricio S. Figueiredo1,and Antonio Alfredo F. Loureiro1 | Federal University of Minas Gerais, Research and Technological Innovation Center | Information Fusion for Data Dissemination in Self-Organizing Wireless Sensor Networks |
| March 2005 | Dong Yu & Deborah Frincke | University of Idaho | Alert Confidence Fusion in Intrusion Detection Systems with Extended Dempster-Shafer Theory |
| 2005 | Leo J. De Vin1, Sten F. Andler, Amos H.C. Ng, Philip R. Moore2, Junsheng Pu and Bill C-B Wong | University of Skövde, De Montfort University | Information Fusion: What Can the Manufacturing Sector Learn from the Defence Industry |
| 2005 | Leo J De Vin, Amos H C Ng, Amos H C Ng, Sten F Andle | University of Skövde | Information Fusion for Simulation Based Decision Support in Manufacturing |
| 2005 | Dong Song and Malcolm I. Heywood and A. Nur Zincir-Heywood | Quest Software Inc. | Training genetic programming on half a million patterns: an example from anomaly detection |
| December 4, 2004 | Nong Ye, Qiang Chen, and Connie M. Borror | Arizona State University | EWMA Forecast of Normal System Activity for EWMA Forecast of Normal System Activity for Computer Intrusion Detection |
| December, 2004 | Urko Zurutuza, Roberto Uribeetxeberria | Mondragon University | Intrusion Detection Alarm Correlation: A Survey |
| November 29, 2004 | Manish Nair, Shantanu Gupta | University of Michigan College of Engineering | IDSMonitor: A P2P Monitoring System for Distributed IDS |
| November 2, 2004 | Tim Bass | SilkRoad | Service-Oriented Horizontal Fusion in Distributed Coordination-Based Systems |
| September, 2004 | Carlos C. Sun, Glenn S. Arr, Ravi P. Ramachandran, and Stephen G. Ritchie | IEEE | Vehicle Reidentification Using Multidetector Fusion |
| July 12, 2004 | Yan Chen Aaron Beach Jason Skicewicz | Northwestern University | Cyber Disease Monitoring with Distributed Hash Tables: A Global Peer-to-Peer Intrusion Detection System |
| March 14-17, 2004 | Stefano Zanero & Sergio M. Savaresi | Politecnico di Milano | Unsupervised Learning Techniques for an intrusion Detection System |
| March 2004 | Christos Siaterlis & Basil Maglaris | National Technical University of Athens | Towards Multisensor Data Fusion for DoS Detection |
| March 2004 | Sodiya A.S., Longe H.O.D., Akinwale A.T. | Emerald Group Publishing Limited | A New Two-tiered Strategy to Intrusion Detection |
| March 2004 | Nong Ye, Yebin Zhang, and Connie M. Borror | Arizona State University, Information and Systems Assurance Laboratory | Robustness of the Markov-Chain Model for Cyber-Attack Detection |
| 2004 | Olivier Feron, Ali Mohammad-Djafari | Laboratoire des signaux et systèmes | A hidden Markov Model for image fusion and their joint segmentation in medical image computing |
| 2004 | Alexandr Seleznyov and Stephen Hailes | University College London | Distributed Knowledge Management for Autonomous Access Control in Computer Networks |
| 2004 | Benjamin D. Uphoff, Paul J. Criscuolo | Los Alamos National Laboratory | A Framework for Collection and Management of Intrusion Detection Data Sets |
| 2004 | Fabrice Gadaud, Mathieu Blanc, Frederic Combeau | Commissariat `a l’Energie Atomique & Laboratoire d’Informatique Fondamentale d’Orlean | An Adaptive Instrumented Node for Efficient Anomalies and Misuse Detections in HPC environment |
| 2004 | Dipankar Dasgupta | The University of Memphis | Immuno-Inspired Autonomic System for Cyber Defense |
| 2003 | Guy Helmer, Johnny S.K. Wong, Vasant Honavar, Les Miller and Yanxin Wang | Iowa State University | Lightweight Agents For Intrusion Detection |
| 2003 | P. Pietik”ainen, J. R”oning | University of Oulu | Communication Pattern Extraction: Inferring Causal Relationships in Complex Systems |
| 2003 | Jurgen Bohn, Felix Gartner, and Harald Vogt | Eidgenossische Technische Hochschule (ETH) Zurich, Ecole Polytechnique Federale de Lausanne (EPFL) | Dependability Issues of Pervasive Computing in a Healthcare Environment |
| 2003 | Christos Siaterlis & Basil Maglaris | National Technical University of Athens | A Novel Approach for a Distributed Denial of Service Detection Engine |
| 2003 | D. Dasgupta, F. Gonzalez, K. Yallapu, J. Gomez, R. Yarramsettii, G. Dunlap, M. Greveas | The University of Memphis, DARPA | CIDS: An Agent-based Intrusion Detection System |
| September 9-12, 2002 | G. Chachis | Titan Systems Corporation | Nanosoftware: All for One or One for All? |
| July 7, 2002 | Tim Bass | SilkRoad | The Federation of Critical Infrastructure Information via Publish-Subscribe Enabled Multisensor Data Fusion |
| June 23-26, 2002 | Andy Franz, Radek Mista, David Bakken, Curtis Dyreson, Murali Medidi | Washington State University | Mr. Fusion: A Programmable Data Fusion Middleware Subsystem with a Tunable Statistical Profiling Service |
| June 17-19 2002 | Stephen D. Wolthusen | Fraunhofer-IGD | Distributed Intrusion Detection for Policy-Controlled Heterogeneous Environments |
| 2002 | Jeffrey Undercoffer, Filip Perich and Charles Nicholas | University of Maryland | SHOMAR: An Open Architecture for Distributed Intrusion Detection Services |
| 2002 | Peter Lichodzijewski, A. Nur Zincir-Heywood, Malcolm I. Heywood | Dalhousie University | Host-based intrusion detection using self-organizing maps |
| September 14, 2001 | W. Elmenreich and S. Pitzek | Institut fur Technische Informatik | The Time-Triggered Sensor Fusion Model |
| May, 2001 | Mark T. Mayburry | Bedford Artificial Intelligence Center | Distributed, Collaborative, Knowledge Based Air Campaign Planning |
| April 19, 2001 | S. T. Brugger, M. Kelly, K. Sumikawa, S. Wakumoto | US DOE, Lawerence Livermore National Laboratory | Data Mining for Security Information: Survey |
| March 1, 2001 | Guy Helmer, Johnny S.K. Wong, Vasant Honavar, Les Miller, Yanxin Wang | Iowa State University | Lightweight Agents for Intrusion Detection |
| February, 2001 | Daniel Bilar, Daniel Burroughs | Thayer School of Engineering, Dartmouth College | Introduction to state-of-the-art intrusion detection technologies |
| 2001 | David E. Bakken, Zhiyuan Zhan, Christopher C. Jones & David A. Karr | Washington State University, BBN Technologies | Middleware Support for Voting and Data Fusion |
| 2001 | Zheng Shan,Peng Chen, Ying Xu & Ke Xu | IEEE Computer Society | A Network State Based Intrusion Detection Model |
| 2001 | Banji K. Lawal, Dr.Dennis Guster | St. Cloud State University | The Development of a Intrusion Detection/Defense System for. Linux Hosts |
| 2001 | Rajeev Gopalakrishna | Purdue University | A Framework for Distributed Intrusion Detection using Interest-Driven Cooperative Agents |
| December, 2000 | Vu N.P. Dao, Rao Vemuri, Steven J. Templeton | University of California, Lawrence Livermore National Laboratory | Profiling Users in the UNIX OS Environment |
| February 22-23, 1999 | Michael L. Cohen, Jeffrey I. Sands | The National Security Council | Report of the Reporting and Analysis Track |
Selected Web Articles and On-Line Presentations
Here the Wiki references a few on-line papers and presentations that also reference Bass’ IDS work.
Languages Other Than English
| Date | Author(s) | Organization | Language | Document |
| July, 2005 | Ralf Steinmetz | Technischen Universitat Darmstadt | German | Effiziente Echtzeit-Kommunikationsdienste durch Einbeziehung von Kontexten |
| March 28, 2005 | TBD | TBD | Japanese | MegaCrypt 2005 |
| October, 2004 | Urko Zurutuza Ortega | Mondragon Unibertsitatea | Spanish | Sistemas de Deteccion de Intorusos |
| November 14, 2003 | Walter Baluja Garcia | Telematica | Spanish | Estado actual de la tecnologia de deteccion de intrusos en las redes de computadoras(I parte) |
| 2002 | NTT | NTT Data | Japanese | An Analysis and Decision Support System Against Network Intrusions |
| 2002 | Florence Duchêne, Vincent Rialle, Norbert Noury | Laboratoire TIMC-IMAG | French | Télésurveillance médicale à domicile : Proposition d’une architecture pour un système de détection de situations critiques et de décision sur l’état d’un patient |
| 1999 | TBD | JetInfo.Ru | Russian | ???????? ????? |
