Nội dung được dịch bởi AI, chỉ mang tính chất tham khảo
Phát hiện xâm nhập và vi sinh vật: một phân tích về sự khác biệt, tương đồng và tính bổ sung
Tóm tắt
Trong bài báo này, chúng tôi phân tích những khác biệt, tương đồng và tính bổ sung giữa hai lĩnh vực chính của an ninh thông tin hiện nay: phát hiện xâm nhập ở một bên, và vi sinh vật cũng như công nghệ chống virus ở bên kia. Phân tích này được xây dựng từ hai góc độ. Trước tiên, chúng tôi so sánh, thông qua các định nghĩa đã được các nhà nghiên cứu của hai cộng đồng đề xuất, các mục tiêu thực tế mà mỗi lĩnh vực đang theo đuổi. Sau đó, chúng tôi so sánh các kỹ thuật đã được phát triển để đạt được những mục tiêu này. Trong phần kết luận, chúng tôi tóm tắt phân tích của mình và đề xuất rằng việc tương quan cảnh báo là một cách để hai lĩnh vực hợp tác với nhau.
Từ khóa
Tài liệu tham khảo
Adleman, L.: An abstract theory of computer viruses. In: Advances in Cryptology. Lecture Notes in Computer Science, vol. 403, pp 354–374. Springer, New York (1988)
Anderson, J.P.: Computer security threat monitoring and surveillance. Technical report, James P. Anderson Company, Fort Washington, Pennsylvania, April 1980
Bonfante, G., Kaczmarek, M., Marion, J.-Y.: Toward an abstract computer virology. In: International Colloquium on Theoretical Aspects of Computing. Lecture Notes in Computer Science, vol. 3722, pp 579–593. Springer, New York (2005)
Bonfante G., Kaczmarek M. and Marion J.-Y. (2006). On abstract computer virology from a recursion theoretic perspective. J. Comput. Virol. 1(3): 45–54
Brunnstein, K.: From AntiVirus to AntiMalware Software and beyond: another approach to the protection of customers from dysfunctional system behaviour. In 22th National Information Systems Security Conference, pp 12–26 (1999)
Charlier, B.L., Mounji, A., Swimmer, M.: Dynamic detection and classification of computer viruses using general behaviour patterns. In: Proceedings of 5th International Virus Bulletin Conference (1995)
Cohen, F.: Computer viruses. PhD Thesis, University of Southern California (1985)
Debar, H., Dacier, M., Wespi, A.: A revised taxonomy for intrusion-detection systems. Ann. des Télécommun. 55(7-8), 361–378 (2000)
Denning D.E. (1987). An intrusion-detection model. IEEE Trans. Softw. Eng. 13(2): 222–232
D’Haeseleer, P., Forrest, S., Helman, P.: An immunological approach to change detection: algorithms, analysis and implications. In: Proceedings of the 1996 IEEE Symposium on Research in Security and Privacy. IEEE Computer Society Press, Oakland, pp 110–119 (1996)
Filiol, E.: Computer viruses: from theory to applications. Springer, New York (2005)
Forrest, S., Hofmeyr, S.A., Somayaji, A., Longstaff, T.A.: A sense of self for unix processes. In: Proceedings of the 1996 IEEE Symposium on Research in Security and Privacy. IEEE Computer Society, IEEE Computer Society Press, pp~120–128, May 1996
Habra, N., Charlier, B.L., Mounji, A., Mathieu, I.: ASAX: software architecture and rule-based language for universal audit trail analysis. In: Proceedings of the 2nd European Symposium on Research in Computer Security (ESORICS’92). Lecture Notes in Computer Science, vol. 648, pp 435–450. Springer, New York (1992)
Ko, C., Redmond, T.: Noninterference and intrusion detection. In: Proceedings of the IEEE Symposium on Security and Privacy (2002)
Kolesnikov, O., Lee, W.: Advanced polymorphic worms: evading IDS by blending in with normal traffic. In: USENIX Security Symposium (2006)
Pouzol, J.-P., Ducassé, M.: From declarative signatures to misuse IDS. In W.~Lee, L.~Mé, A.~Wespi (eds.) In: Proceedings of the 4th International Symposium on the Recent Advances in Intrusion Detection (RAID’2001). LNCS, vol. 2212, pp~1–21, October (2001)
Pouzol, J.-P., Ducassé, M.: Formal specification of intrusion signatures and detection rules. In: Proceedings of the 15th IEEE Computer Security Foudations Workshop (CSFW’02). IEEE Computer Society, pp 64–76, June (2002)
Spafford E.H. (1994). Computer viruses as artificial life. J. Artif. Life 1(3): 249–265
Swimmer,M.: Review and outlook of the detection of viruses using intrusion detection systems. In Debar H., Mé L., Wu S.F. (eds.) In: Proceedings of the 3rd International Workshop on the Recent Advances in Intrusion Detection (RAID’2000). LNCS, vol. 1907. Springer, New York, October 2000 (Extended abstract)
Swimmer, M.: Malware intrusion detection. PhD Thesis, Hamburg University (2005)
Totel, E., Vivinis, B., Mé, L.: A language driven intrusion detection system for event and alert correlation. In: Proceedings ot the 19th IFIP International Information Security Conference, pp 209–224, Toulouse. Kluwer, Dordrecht, August 2004.
Viinikka, J., Debar, H., Mé, L., Séguier, R.: Time series modeling for IDS alert management. In: Proceedings of the ACM Symposium on Information, Computer and Communications Security (ASIACCS’06), pp 102–113. ACM Press (2006)
Wang, K., Parekh, J.J., Stolfo, S.J.: Anagram: A content anomaly detector resistant to mimicry attack. In: Zamboni, D., Kruegel, C. (eds.) Recent Advances in Intrusion Detection. Lecture Notes in Computer Science, vol. 4219, pp 226–248. Springer, New York (2006)
Wang, K., Stolfo, S.J.: Anomalous payload-based network intrusion detection. In: Erland Jonsson, Alfonso Valdes, Magnus Almgren (eds.) Proceedings of the 7th International Symposium on Recent Advances in Intrusion Detection (RAID’2004). Lecture Notes in Computer Science, vol. 3224, pp 203–222. Springer, New York, September 15–17 (2004)
Zimmermann, J., Mé, L., Bidan, C.: Introducing reference flow control for detecting intrusion symptoms at the os level. In: Wespi, A., Vigna, G., Deri, L. (eds.) Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection (RAID’2002). Lecture Notes in Computer Science, vol. 2516, pp 292–306. Springer, New York (2002)
Zimmermann, J., Mé, L., Bidan, C.: Experimenting with a policy-based hids based on an information flow control model. In Proceedings of the Annual Computer Security Applications Conference (ACSAC), December (2003)