From: wetmore@toadflax.UCDavis.EDU (Brad) Newsgroups: alt.security Subject: bibliography of intrusion detection Message-ID: <14446@ucdavis.ucdavis.edu> Date: 12 Jun 92 21:49:27 GMT Organization: UC Davis - Department of Computer Science I know I'm gonna get flamed for this, but several people asked for a brief bibliography of some of the works on intrusion detection literature. This list is nowhere near complete, I've chosen several examples of papers I think are of some importance. (I'm not going to respond to mail like "Why wasn't article X included in your list.") You are more than welcome to submit followups recommending other works, maybe I'll learn something as well... Although a little dated, I would recommend the Lunt Survey paper first. Cheers, Brad ======================================================================= James P. Anderson, "Computer Security Threat Monitoring and Surveillance", James P. Anderson Co., Fort Washington, PA, April, 1980. Dorothy E. Denning, "An Intrusion Detection Model", Proceedings of the 1986 IEEE Symposium on Security and Privacy, April, 1986. Thomas D. Garvey and T. Lunt, "Model-based Intrusion Detection", Proceedings of the 14th National Computer Security Conference, Washington, DC, October, 1991. L. T. Heberlein, K. Levitt, and B. Mukherjee, "A Method to Detect Intrusive Activity in a Networked Environment", Proceedings of the 14th National Computer Security Conference, Washington, DC, October, 1991. Harold S. Javitz and Al Valdez, "The SRI IDES Statistical Anomaly Detector", Proceedings of the 1991 IEEE Symposium on Research in Security and Privacy, Oakland, CA, May, 1991. Teresa Lunt, "Automated Audit Trail Analysis and Intrusion Detection: A Survey", Proceedings of the 11th National Computer Security Conference, October, 1988. Teresa Lunt et al, "IDES: A Progress Report", Proceedings of the Sixth Annual Computer Security Applications Conference, Tucson, AZ, December, 1990. National Computer Security Center, "A Guide to Understanding Audit in Trusted Systems", NCSC-TG-001, Version 2, 1 June 1988. National Computer Security Center, "DoD Trusted Computer System Evaluation Criteria", DoD 5200.28-STD, December, 1985. Michael M. Sebring, Eric Shellhouse, Mary E. Hanna, and R. Alan Whitehurst, "Expert Systems in Intrusion Detection: A Case Study", Proceedings of the 11th National Computer Security Conference, October, 1988. Stephen E. Smaha, "Haystack: An Intrusion Detection System", proceedings of the IEEE Fourth Aerospace Computer Security Applications Conference, Orlando, FL, December, 1988. Steven R. Snapp, J. Brentano, G. Dias, T. Goan, T. Heberlein, C. Ho, K. Levitt, B. Mukherjee, S. Smaha, T. Grance, D. Teal, and D. Mansur, "DIDS (Distributed Intrusion Detection System) - Motivation, Architecture, and An Early Prototype", Proceedings of the 14th National Computer Security Conference, Washington, DC, October, 1991. Sytek, Inc., "Analysis of Computer System Audit Trails", Sytek Technical Reports 85009, 85012, 85018, 86005, 86007, Mountain View, CA, 1985-1986. H.S. Vaccaro and G.E. Liepins, "Detection of Anomalous Computer Session Activity", Proceedings of the 1989 IEEE Symposium on Security and Privacy, May, 1989. J.R. Winkler, "A UNIX Prototype for Intrusion and Anomaly Detection in Secure Networks", Proceedings of the 13th National Computer Security Conference, October, 1990. / O / Steal here. X ---------------------------------------------------------------- O \ Brad Wetmore: wetmore@toadflax.cs.ucdavis.edu \ Help!!! I've been robbed. Someone stole my .sig, and sold it back at the UCD used .sigstore.