Bibliography

[Allen1-99] Allen, Julia, Alan Christie, William Fithen, John McHugh, Jed Pickel, and Ed Stoner. State of the Practice of Intrusion Detection Technologies. Technical Report, CMU/SEI-99-TR-028, ESC-99-028, January 2000.

[Allen2-99] Allen, Julia, William Fithen, and Ed Stoner. Deploying Firewalls. Security Improvement Module, CMU/SEI-SIM-008, May 1999.

[Anderson1-99] Anderson, Craig, and Dennis Hardman. Hewlett-Packard on Enterprise Network Security. Hewlett Packard, 1999.

[Aslam1-96] Anderson, Craig, Aslam, Taimur, Ivan Krsul, and Eugene H. Spafford. Use of a Taxonomy of Security Faults. The COAST Laboratory, 1996.

[Astithas1-99] Anderson, Craig, Astithas, Panagiotis. Intrusion Detection Systems. 1999.

[Bacel-00] Anderson, Craig, Bace, Rebecca Gurley. Intrusion Detection. Macmillan Technical publishing, 2000.

[Banks1-98] Banks, Michael A. Web Psychos, Stalkers, and Pranksters: How to Protect Yourself in Cyberspace. The Coriolis Group, ASIN: 1576101371; issue 10 (May 9, 1997).

[Bejtlich1-00] Bejtlich, Richard. Interpreting Network Traffic: A Network Intrusion Detectors Look at Suspicious Events. v2.6. March 27, 2000.

[Bellovin1-94] Bellovin, Steven M., and William R. Cheswick. Firewalls and Internet Security, Repelling the Wily Hacker, 1994, Addison-Wesley Publishing Company, p.76.

[Brown1-98] West-Brown, Moira J., Don Stikvoort, and Klaus-Peter Kossakowski. Handbook for Computer Security Incident Response Teams (CSIRTs). CMU/SEI-98-HB-001. December 1998.

[Brown1-99] West-Brown, Moira J., and Klaus-Peter Kossakowski. International Infrastructure for Global Security Incident Response. CERT Coordination Center. Carnegie Mellon University. June 4, 1999.

[Brownlee1-96] Brownlee, Nevil, and John White. Framework for Security Incident Response. The University of Auckland. 1996.

[Cannady1-98] Cannady, James. Artificial Neural Networks for Misuse Detection. 1998. http://secinf.net/info/ids/nn-idse/.

[Capell1-98] Capell, Peter. Analysis of Courses in Information Management and Network System Security & Survivability. December 1998. SPECIAL REPORT, CMU/SEI99-SR-006.

[CERT1-00] Identify data that characterize systems and aid in detecting signs of suspicious behavior. CERT Coordination Center. Carnegie Mellon University. October 18, 2000.

[CERT1-99] Choosing an Operating System. CERT Coordination Center. Carnegie Mellon University. February 12, 1999.

[CERT2-00] Manage logging and other data collection mechanisms. CERT Coordination Center. Carnegie Mellon University. October 18, 2000.

[Chen1-00] Staniford-Chan, Stuart Gresley. Internet Trap and Trace. Silicon Defense. July 20, 2000.

[Chen1-95] Staniford-Chan, Stuart Gresley. Distributed Tracing of Intruders. University of California, Davis.

[Cheung1-99] Cheung, Steven, Rick Crawford, Mark Dilger, Jeremy Frank, Jim Hoagland, Karl Levitt, Jeff Rowe, Stuart Stanford-Chen, Raymond Yip, and Dan Zerkle. The Design of GrIDS: A Graph-Based Intrusion Detection Systems. 26 January 1999.

[CIAC1-94] Pichnarczyk, Karyn, Steve Weeber, and Richard Feingold. Unix Incident Guide: How to Detect an Intrusion. CIAC-2305 R.1. Lawrence Livermore National Laboratory. December, 1994.

[Cisco1-00] System Error Messages for 12.0 T. Cisco Systems. 2000.

[Cisco1-99] Cisco NetSonar Security Scanner. User Guide. Cisco Systems. 1999.

[Cisco2-00] Cisco IOS Firewall Intrusion Detection System. Cisco Systems. 2000.

[Cisco1-02] The Science of Intrusion Detection System Attack Identification. Cisco Systems. 2002.

[Cohen1-98] Cohen, Fred. A Note on the Role of Deception in Information Protection. 1998.

[Cohen2-99] Cohen, Fred. 50 Ways to Defeat your Intrusion Detection System. http://all.net/journal/netsec/9712.html.

[Compaq1-98] Planning, Deploying, and Operating Internet Security Systems' RealSecure on Compaq Servers. First Edition. December 1998. Compaq Computer Corporation.

[Cooper1-01] Cooper, Mark, Stephen Northcutt, Matt Fearnow, and Karen Frederick. Intrusion Signatures and Analysis. New Riders Publishing, 2001.

[Crosbie1-95] Crosbie, Mark. Defending a Computer System using Autonomous Agents. In Proceedings of the 18^th NISSC, October 1995.

[Crosbie1-98] Crosbie, Mark, and Gene Spafford. Applying Genetic Programming to Intrusion Detection. 1998.

[CSI1-02] 2002 CSI/FBI Computer Crime and Security Survey. Vol. VIII, No 1. Spring 2002. Computer Security Institute. Federal Bureau Investigation's Computer Intrusion Squad.

[CyberCop1-00] CyberCop Scanner for Windows NT and Windows 2000. Getting Started Guide. Version 5.5. Network Associates. 2000.

[Daymont1-00] Daymo0nt, Josh. How Hackers Hide: A look at intruder behavior within compromised targets. ISS Connect 2000. 19-24, March, 2000.

[Denmac1-99] Network Based Intrusion Detection. A review of technologies. Denmac Systems, Inc. November 1999.

[Edward1-99] Amoroso, Edward G. Intrusion Detection: An Introduction to Internet Surveillance, Correlation, Traps, Trace Back, and Response. Intrusion.Net Books, 1999.

[Edwards1-02] Edwards, Simon. Vulnerabilities of Network Intrusion Detection Systems: Realizing and Overcoming the Risks. The Case for Flow Mirroring. TopLayer Networks, 2002.

[Edwards1-97] Edwards, Mark Joseph. Internet Security with Windows NT. 29^th Street Pr; Bk&CD-Rom Edition, November 1997.

[Eckmann1-00] Eckmann, Steven, Giovanni Vigna, andRichard Kemmerer. Attack Languages. University of California, 2000.

[EY1-02] Global Information Security Survey 2002. Ernst & Young LLP. 2002.

[Firth1-97] Firth, Robert, Gary Ford, et al. Detecting Sign Intrusion. Security Improvement Module. CMU/SEI-SIM-001. Software Engineering Institute. Carnegie Mellon University. August 1997.

[Frederick1-00] Frederick, Karen. Abnormal IP Packets. http://www.securityfocus.com. October 13, 2000.

[Freiss1-98] Freiss, Martin. Protecting Networks with SATAN. O'Reilly & Associates, Inc. 1998.

[Germanow1-99] Germanow, Albert. Plugging the Holes in eCommerce: The Market for Intrusion Detection and Vulnerability Assessment Software, 1999-2003. IDC, July, 1999.

[Gong1-02] Gong, Fengmin. Next Generation Intrusion Detection Systems. IntruVert Networks, Inc. March 2002.

[Graham1-00] Graham, Robert. Frequently Asked Questions (FAQ): Network Intrusion Setection Systems. Version 0.8.3. March 21, 2000. http://www.robertgraham.com/pubs/network-intrusion-detection.html.

[Habra1-92] Habra, Naji, and Isabelle Mathieu. ASAX: Software Architecture and Rule-Based Language for Universal Audit Trail Analysis. Proceedings of ESORICS'92, European Symposium on Resarch in Computer Security, November 2325 Toulouse, Springer-Verlag 1992.

[Hacker1-01] Hacker, Eric. IDS Evasion with Unicode. January 3, 2001.

[Howard1-97] Howard, John D. An Analysis Of Security Incidents On The Internet. 1989–1995. April, 1977. http://www.cert.org.

[Howard1-98] Howard, John D., andThomas A. Longstaff. A Common Language for Computer Security Incidents. Sandia National Laboratories. October, 1998.

[Hurwicz1-98] Hurwicz, Michael. Cracker Tracking: Tighter Security with Intrusion Detection. BYTE, May 1998.

[ICSA1-00] Intrusion Detection Systems. Buyer's Guide. ICSA Labs. 2000.

[Infosec1-01] The 2001 Information Security Industry Survey. Information Security Magazine. October, 2001.

[Intrusion1-00] SecureNet Pro Software's SNP-L Scripting System. Intrusion.com. Release 1.0. July 2000.

[ISS1-00] RealSecure Getting Started. Version 5.5. Internet Security Systems, 2000.

[ISS10-00] Gigabit Ethernet Intrusion Detection Solutions Top Layer Networks & Internet Security Systems. Internet Security Systems RealSecure Network Sensors & Top Layer Networks AS3502 Gigabit AppSwitch Performance Test Results and Configuration Notes. Internet Security Systems, Top Layer Networks, July 25, 2000.

[ISS1-02] Internet Risk Impact Summary for December 22, 2001 through March 21, 2002. X-Force Global Threat Operations Center. Internet Security Systems, 2002.

[ISS2-02] Internet Risk Impact Summary for March 26, 2002 through June 24, 2002. X-Force Global Threat Operations Center. Internet Security Systems, 2002.

[ISS1-98] Locking down a Windows NT Host for Intrusion Detection. Internet Security Systems. March 26, 1998.

[ISS1-99] Network- vs. Host-based Intrusion Detection: A Guide to Intrusion Detection Technology. Internet Security Systems, 1999..

[ISS2-00] Klaus, Chris. Top Threats Facing Internet Security Today. ISS Connect 2000. 19-24, March, 2000.

[ISS2-99] Intrusion Detection for the Millennium. Internet Security Systems, 1999..

[ISS3-00] Kennis, Pim. SmIDS - Smarter Intrusion Detection System. ISS Connect 2000. 19-24, March, 2000.

[ISS3-99] Network- vs. Host-based Intrusion Detection: A Guide to Intrusion Detection Technology. Internet Security Systems, 1999.

[ISS4-00] RealSecure Signatures. Version 5.5. Internet Security Systems, 2000.

[ISS4-99] Adaptive Network Security Manager Module Programmer's Reference Manual. Internet Security Systems, February 1999.

[ISS5-00] RealSecure Console User Guide. Version 5.5. Internet Security Systems, 2000.

[ISS6-00] RealSecure Server Sensor User Guide. Version 5.5. Internet Security Systems, 2000.

[ISS7-00] Internet Scanner Getting Started. Version 6.1. Internet Security Systems, 2000.

[ISS8-00] Doty, Ted. The "Right" Amount of Security. Auditors helping Operations Improve Security. ISS Connect 2000. 19-24, March, 2000.

[ISS9-00] Internet Scanner User Guide. Version 6.1. Internet Security Systems, 2000.

[Jackson1-99] Jackson, Kathleen. Intrusion Detection System (IDS). Product Survey.Version 2.1. Los Alamos National Laboratory. June 25, 1999.

[Kochmar1-98] Kochmar, John, Julia Allen, et al. Preparing To Detect Signs of Intrusion. Security Improvement Module. CMU/SEI-SIM-005. Software Engineering Institute. Carnegie Mellon University. June 1998.

[Kolodgy1-01] Kolodgy, Charles, Chris Christiansen, andBrian Burke. Gaining Control over Infrastructure: Intrusion Detection and Vulnerability Assessment. IDC. March 2001.

[KPMG1-02] 2002 Global Information Security Survey. KPMG. 2002.

[Laswell1-99] Laswell, Barbara S., Derek Simmel, and Sandra G. Behrens. Information Assurance Curriculum and Certification: State of the Practice. September 1999. Technical Report, CMU/SEI-99-TR-021, ESC-TR-99-021.

[Lindqvist1-99] Lindqvist, Ulf, andPhillip A. Porras. Detecting Computer and Network Misuse Through the Production-Based Expert System Toolset (P-BEST). In Proceedings of the 1999 IEEE Symposium on Security and Privacy, Oakland, California, May 9-12, 1999.

[Longstaff1-93] Longstaff, Thomas A. Results of a Workshop on Research in Incident Handling. Special Report CMU/SEI-93-SR-20. September, 1993.

[Mann1-99] Mann, David E., and Steven M. Christey. Towards a Common Enumeration of Vulnerabilities. January 8, 1999.

[Markoff1-95] Markoff, John, and Katie Hafner. Cyberpunk: Outlaws and Hackers on the Computer Frontier. Simon & Schuster; ISBN: 0684818620 November 1995.

[McClure1-01] McClure, Stuart, Joel Scambray, and George Kurtz. Hacking Exposed: Network Security Secrets and Solutions. Osborne McGraw-Hill; 3rd edition, September, 2001.

[McGraw1-97] McGraw, Gary, andEdward W. Felten. Java Security: hostile applets, holes & antidotes. John Wiley & Sons. 1997.

[Mel-98] Me, Ludovic. GASSATA, a Genetic Algorithm as an Alternative Tool for Security Audit Trail Analysis. 1998.

[Mell-01] Mell, Peter, andRebecca Bace. Intrusion Detection Systems. NIST Special Publications 800-31. 2001.

[Mell1-99] Mell, Peter. Computer Attacks: What They Are and How to Defend Against Them. NIST, Computer Security Division. 1999.

[Mell2-99] Mell, Peter. Understanding the World of your Enemy with I-CAT (Internet-Categorization of Attacks Toolkit). NIST, Computer Security Division. May 26, 1999.

[Microsoft1-00] Security Event Descriptions. Microsoft Corporation, June 21, 2000. http://support.microsoft.com/support/kb/articles/q174/0/74.asp.

[Microsoft2-00] Auditing User Authentication. Microsoft Corporation, February 18, 2000. http://support.microsoft.com/support/kb/articles/q174/0/73.asp.

[Miller1-00] Miller, Toby. ECN and Its Impact on Intrusion Detection. Global Information Assurance Certification. 2000.

[NASL1-00] Deraison, Renaud. The Nessus Attack Scripting Language Reference Guide. Version 1.0.0pre2. 16 April 2000.

[Navy1-96] computer incident response guidebook. Module 19. Information systems security (INFOSEC). Program guidelines. Department of the Navy Navso P-5239-19 AUGUST 1996.

[NetProwler1-00] NetProwler User Guide. Version 3.5. Getting Started. Axent Technologies. 2000.

[NetScout1-02] Miller, Leslie. A Network Under Attack: Leverage Your Existing Instrumentation to Recognize and Respond to Hacker Attacks.

[NetRanger1-99] NetRanger User Guide. Version 2.2.1. Cisco Systems. 1999.

[NetworkICE1-00] Protocol Analysis vs Pattern Matching in Network and Host Intrusion Detection Systems. November, 2000.

[Newman1-98] Newman, David, Tadesse Giorgis, and Farhad Yavari-Issalou. Intrusion Detection Systems: Suspicious Finds. Data Communications, August 1998.

[NFR1-99] NFR Intrusion Detection Appliance. User's Guide. Version 4.1.1. Network Flight Recorder, Inc. 1999.

[NFR2-99] NFR Intrusion Detection Appliance. Advanced User's Guide. Version 4.1.1. Network Flight Recorder, Inc. 1999.

[NIST1-91] Description of Automated Risk Management Packages that Nist/Ncsc Risk Management Research Laboratory Have Examined. Updated March 1991.

[Northcutt1-96] Northcutt, Stephen. NSWC Dahlgren Computer Security Incident Handling Procedure. October, 1996.

[Northcutt1-99] Northcutt, Stephen. Network Intrusion Detection. An Analyst's Handbook. New Riders Publishing. 1999.

[Northcutt1-00] Northcutt, Stephen. Network Intrusion Detection. An Analyst's Handbook (2^nd Edition). New Riders Publishing. 2000.

[NRL1-95] NRL IS Security Incident Response Plan. Naval Research Laboratory. IS Security Group - Code 1220.2. May 15, 1995.

[NSS1-00] Intrusion Detection & Vulnerability Assessment. Test Results (Edition 1). An NSS Group Report. NSS Group. December 2000.

[NSS1-01] Intrusion Detection Systems. Group Test (Edition 2). An NSS Group Report. NSS Group. December 2001.

[NSS1-02] Intrusion Detection Systems. Group Test (Edition 3). An NSS Group Report. NSS Group. July 2002.

[Paxson1-98] Paxson, Vern. Bro: A system for Detecting Network Intruders in Real-Time. Lawrence Berkeley National Laboratory. 14, January, 1998.

[Phrack1-00] Phrack 51. LOKI2 (the implementation).

[Phrack2-00] Phrack 49. Project Loki: ICMP Tunneling.

[Polk1-92] Polk, Timothy. Automated Tools for Testing Computer System-Vulnerability. December 3, 1992.

[Power1-95] Power, Richard. Current and Future Danger: A CSI Primer on Computer Crime and Information Warfare. Computer Security Institute. 1995.

[Proctor1-01] Proctor, Paul E. Practical Intrusion Detection Handbook. Prentice Hall, 2001.

[Ptacek1-98] Ptacek, Thomas H, and Timothy N. Newsham. Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection. January, 1998.

[Ranum1-98] Ranum, Marcus J. Intrusion Detection: Challenges and Myths. http://secinf.net/info/ids/ids-mythe.html.

[Ryan1-99] Ryan, J., M. Lin, and Miikkulainen, R. (1997). Intrusion Detection with Neural Networks. AI Approaches to Fraud Detection and Risk Management: Papers from the 1997 AAAIWorkshop (Providence, Rhode Island), pp. 72–79. Menlo Park, CA:AAAI.

[RFC1-90] RFC 1191. Path MTU Discovery.

[RFC1-99] RFC 2481. A Proposal to add Explicit Congestion Notification (ECN) to IP.

[RFC1-00] RFC 2884. Performance Evaluation of Explicit Congestion Notification (ECN) in IP Networks.

[RFP1-99] Rain Forest Puppy. A look at whisker's anti-IDS tactics.

[Riptech1-02] Riptech Internet Security Threat Report. Attack Trends for Q1 and Q2 2002. Volume 11. Riptech, Inc. July 2002.

[Ruiu1-01] Ruiu, Dragos. IDS Review. http://www.securityportal.com, February 26, 2001.

[SANS1-00] Reading Perimeter Logs FAQ. Global Incident Analysis Center. SANS Institute. 2000.

[SANS2-00] SANS Salary Survey 2000. Version 2. SANS. December, 2000.

[SANS1-01] How To Eliminate The Ten Most Critical Internet Security Threats. Version 1.32. SANS. January 18, 2001.

[SANS1-02] The Twenty Most Critical Internet Security Vulnerabilities. Version 2.504. SANS. May 2, 2002.

[SANS1-98] Computer Security Incident Handling, Step by Step. SANS Institute. 2000.

[SC1-00] Intrusion Detection. Test Center. SC InfoSecurity Magazine. June 2000. http://www.scmagazine.com/scmagazine/2000_06/testc/testc.html.

[Schaer1-00] Schaer, David, Russel Lusignan, Oliver Steudler, and Jacques Allison. Managing Cisco Network Security: Building Rock-Solid Networks. Syngress Publishing, 2000.

[Schneier1-00] Schneier, Bruce. Semantic Attacks: The Third Wave of Network Attacks. Crypto-Gram. October 15, 2000.

[Schneier1-01] Schneier, Bruce. Natural Advantages of Defense: What Military History Can Teach Network Security, Part 1. Crypto-Gram. April 15, 2001.

[Schneier2-01] Schneier, Bruce. Defense Option: What Military History Can Teach Network Security, Part 2. Crypto-Gram. May 15, 2001.

[SecurityFocus1-02] ARIS Top Ten 2001 Threats. SecurityFocus. January 31, 2002.

[SecurityTracker1-02] SecurityTracker Statistics. April 2001 – March 2002. http://www.securitytracker.com.

[Seifried1-00] Seifried, Kurt. Attack Detection.

[Shipley1-99] Shipley, Greg. ISS RealSecure Pushes Past Newer IDS Players. Network Computing, 17 May 1999.

[Shipley2-99] Shipley, Greg. Intrusion Detection, Take Two. Network Computing, 15 November 1999.

[Shipley1-00] Shipley, Greg. Watching the Watchers: Intrusion Detection. Network Computing, 13 November 2000.

[Smith1-94] Smith, Danny. Forming an Incident Response Team. Australian Computer Emergency Response Team.

[Smith1-00] Smith, Randy Franklin. Interpreting the NT Security Log. Windows 2000 Magazine/RE, 3, 2000.

[Smith2-00] Smith, Randy Franklin. Monitoring Privileges and Administrators in the NT Security Log. Windows 2000 Magazine/RE, 4, 2000.

[Spitfire1-99] Spitfire User Guide. Version 4.0. MITRE Corporation. 1999.

[Spitzner1-00] Spitzner, Lance. Watching Your Logs. How to automate your log filtering? 19 July, 2000.

[Stang1-93] Stang, David, and Sylvia Moon. Network Security Secrets. Hungry Minds, Inc; ASIN: 1568840217; Bk&2 disks edition, August 1993.

[Stewart1-99] Stewart, Andrew J. Distributed Metastasis: A Computer Network Penetration Methodology. The Packet Factory. August 12, 1999.

[Sting1-99] CyberCop Sting. Getting Started Guide. Version 1.0. Network Associates. 1999.

[Stoll1-00] Stoll, Clifford. Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage. Pocket Books, October 2000.

[Strebe1-99] Strebe, Matthew, and Charles Perkins. Firewalls 24seven. Network Press. 1999.

[Sundaram1-96] Sundaram, Aurobindo. An Introduction to Intrusion Detection. 1996.

[Tasker1-99] Tasker, Pete, Margie Zuk, Steve Christey, Dave Mann, Bill Hill, and Dave Baker. Common Vulnerabilities and Exposures (CVE). MITRE. September 29, 1999.

[TCP1-97] TCPDUMP. Reference Manual Page. 30 June 1997.

[TechRepublic1-01] Network Security Survey. TechRepublic. September 13, 2001.

[Vacca1-96] Vacca, John R. Internet Security Secrets. Hungry Minds, Inc; ASIN: 1568844573; Bk&Cd edition (January 1996).

[Wack1-91] Wack, John P. Establishing a Computer Security Incident Response Capability (CSIRC). NIST Special Publications 800-3. November, 1991.

[WebTrends1-00] WebTrends Security Analyzer. Platform for Open Security Testing. Security Developer's Kit. March 2000 Edition. WebTrends Corporation.

[WebTrends1-98] WebTrends Security Analyzer. Security Developer's Kit. December 1998 Beta II Edition. WebTrends Corporation.

[Xforce1-00] Serious flaw in Microsoft IIS UNICODE translation. Internet Security Systems Security Alert. October 26, 2000.

[Yocom1-00] Yocom, Betsy, Kevin Brown, and Dan Van Derveer. Cisco offers wire speed intrusion detection. Network World, December 18,2000.