Zusammenfassung
Seit Dekaden wird bereits an Anomalieerkennung in Computernetzen geforscht. Maßgebliche Erfolge blieben bis heute allerdings aus. Zwar werden regelmäßig Verfahren publiziert, die auf dem Papier viel versprechende Ergebnisse bringen, doch kaum eines schafft es, auch in der Praxis Einsatz zu finden. Der Beitrag zeigt die Gründe dafür auf und stellt vor, wie diesem Phänomen begegnet werden kann.
Literaturverzeichnis
Snort, http://www.snort.org.
Bro Intrusion Detection System, http://www.bro-ids.org.
D. E. Denning, „An intrusion-detection model,“ IEEE Trans. Softw. Eng., vol. 13, pp. 222–232, February 1987.
R. Sommer and V. Paxson, “Outside the closed world: On using machine learning for network intrusion detection,” IEEE Symposium on Security and Privacy, pp. 305–316, 2010.
S. Axelsson, “The base-rate fallacy and its implications for the difficulty of intrusion detection,” in CCS’ 99: Proceedings of the 6th ACM conference on Computer and Communications Security. New York, NY, USA: ACM, 1999, pp. 1–7.
D. J. Fried, I. Graf, J. W. Haines, K. R. Kendall, D. Mcclung, D. Weber, S. E. Webster, D. Wyschogrod, R. K. Cunningham, and M. A. Zissman, “Evaluating intrusion detection systems: The 1998 darpa off-line intrusion detection evaluation,” in Proceedings of the 2000 DARPA Information Survivability Conference and Exposition, 2000, pp. 12–26.
R. Lippmann, J. W. Haines, D. J. Fried, J. Korba, and K. Das, “The 1999 darpa off-line intrusion detection evaluation,” Computer Networks, vol. 34, no. 4, pp. 579–595, 2000.
M. V. Mahoney and P. K. Chan, “Learning nonstationary models of normal network traffic for detecting novel attacks,” in KDD’ 02: Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining. New York, NY, USA: ACM, 2002, pp. 376–385.
M. V. Mahoney, “Network traffic anomaly detection based on packet bytes,” in SAC’ 03: Proceedings of the 2003 ACM symposium on Applied computing. New York, NY, USA: ACM, 2003, pp. 346–350.
Y.-l. Zhang, Z.-g. Han, and J.-x. Ren, “A network anomaly detection method based on relative entropy theory,” in ISECS’ 09: Proceedings of the 2009 Second International Symposium on Electronic Commerce and Security. Washington, DC, USA: IEEE Computer Society, 2009, pp. 231–235.
M. V. Mahoney and P. K. Chan, “An analysis of the 1999 darpa/lincoln laboratory evaluation data for network anomaly detection,” in Proceedings of the Sixth International Symposium on Recent Advances in Intrusion Detection. Springer, 2003, pp. 220–237.
J. McHugh, “Testing intrusion detection systems: a critique of the 1998 and 1999 darpa intrusion detection system evaluations as performed by lincoln laboratory,” ACM Trans. Inf. Syst. Secur., vol. 3, no. 4, pp. 262–294, 2000.
C. Gates and C. Taylor, “Challenging the anomaly detection paradigm: a provocative discussion,” in Proceedings of the 2006 workshop on New security paradigms, ser. NSPW’ 06. New York, NY, USA: ACM, 2007, pp. 21–29.
Early Warning Research Lab (ewrl), http://www.fruehwarnung.at.
A. Wagner and B. Plattner, “Entropy based worm and anomaly detection in fast ip networks,” in Proceedings of the 14th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise. Washington, DC, USA: IEEE Computer Society, 2005, pp. 172–177.
G. Nychis, V. Sekar, D. G. Andersen, H. Kim, and H. Zhang, “An empirical evaluation of entropy-based traffic anomaly detection,” in Proceedings of the 8th ACM SIGCOMM Conference on Internet Measurement, ser. IMC’ 08. New York, NY, USA: ACM, 2008, pp. 151–156.
A. Sperotto, G. Vliek, R. Sadre, and A. Pras, “Detecting spam at the network level,” in Proceedings of the 15th Open European Summer School and IFIP TC6.6 Workshop, EUNICE 2009, Barcelona, ser. Lecture Notes in Computer Science, vol. 5733. Berlin: Springer Verlag, August 2009, pp. 208–216.
2010 CWE/SANS Top 25 Most Dangerous Software Errors, http://cwe.mitre.org/top25/.
C. Kruegel and G. Vigna, “Anomaly detection of web-based attacks,” in CCS’ 03: Proceedings of the 10th ACM conference on Computer and communications security. New York, NY, USA: ACM, 2003, pp. 251–261.
K. Wang and S. J. Stolfo, “Anomalous payloadbased network intrusion detection,” in Recent Advances in Intrusion Detection, ser. Lecture Notes in Computer Science, vol. 3224. Springer Berlin / Heidelberg, 2004, pp. 203–222.
K. Wang, J. J. Parekh, and S. J. Stolfo, “Anagram: A content anomaly detector resistant to mimicry attack,” in Recent Advances in Intrusion Detection, ser. Lecture Notes in Computer Science, vol. 4219. Springer Berlin / Heidelberg, 2006, pp. 226–248.
R. Perdisci, D. Ariu, P. Fogla, G. Giacinto, and W. Lee, “Mcpad: A multiple classifier system for accurate payload-based anomaly detection,” Computer Networks, vol. 53, no. 6, pp. 864–881, 2009, traffic Classification and Its Applications to Modern Networks.
Y. Song, A. D. Keromytis, and S. J. Stolfo, “Spectrogram: A mixture-of-markov-chains model for anomaly detection in web traffic,” in Proc. of Network and Distributed System Security Symposium (NDSS), 2009.
T. Krueger, C. Gehl, K. Rieck, and P. Laskov, “Tokdoc: a self-healing web application firewall,” in SAC’ 10: Proceedings of the 2010 ACM Symposium on Applied Computing. New York, NY, USA: ACM, 2010, pp. 1846–1853.
R. Begleiter, R. El-Yaniv, and G. Yona, “On prediction using variable order markov models,” J. Artif.Int. Res., vol. 22, no. 1, pp. 385–421, 2004.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Winter, P., Lampesberger, H., Zeilinger, M. et al. Anomalieerkennung in Computernetzen. DuD 35, 235–239 (2011). https://doi.org/10.1007/s11623-011-0059-1
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11623-011-0059-1