Intrusion Detection

Even the best computer security defenses are not impenetrable. Knowing that a break-in has occurred enables information security professionals to determine the scope of the intrusion, to prevent similar compromises in the future, and to restore the integrity of the system. Intrusion Detection systems can be likened to a burglar alarm system - they provide early warning that an intrusion has occurred.

Cigital's work with intrusion detection systems has focused on exploring new and increasingly accurate methods of detecting intrusions. Unlike many existing systems (which rely on a database of known attacks) Cigital's work in intrusion detection is based on anomaly detection and supervised learning. This results in a system capable of knowing when an attack is occurring—even when it has never seen such an attack before.

For more information on Cigital's intrusion detection research please browse through the publications and project specific information listed below.

Research Projects

• Quantifying Minimum-time-to-Intrusion Based on Dynamic Software Safety Assessment
• A Tool for Detecting the Existence of Unknown Corruptions in Real-Time
• Automatic Synthesis of Program-based Triggers for Intrusion Tolerance Mechanisms
• Computing Platform Coverage via Light Host-Based Intrusion Detection

Publications

Two State-Based Approaches to Program-based Anomaly Detection (PS / PDF)
C. Michael, A. Ghosh
Proceedings of ACSAC 2000, December 2000.

A Real-Time Intrusion Detection System Based on Learning Program Behavior (PS / PDF)
A.K. Ghosh, C.C. Michael, and M.A. Schatz
Recent Advances in Intrusion Detection; Third International Workshop, RAID 2000.

Learning Program Behavior Profiles for Intrusion Detection (PS / PDF)
A.K. Ghosh, A. Schwartzbard, M. Schatz
To appear in Proceedings of the 1st USENIX Workshop on Intrusion Detection and Network Monitoring, April 9-12, 1999, Santa Clara, CA.

Using Program Behavior Profiles for Intrusion Detection (PS / PDF)
A.K. Ghosh, A. Schwartzbard, M. Schatz
SANS Conference and Workshop on Intrusion Detection and Response, Technical Conference, Workshop on the State of the Art and Future Directions of Intrusion Detection and Response, February 12-13, San Diego, CA, pp. 1-20 -- 1-26.

Detecting Anomalous and Unknown Intrusions Against Programs (PS / PDF)
A.K. Ghosh, J. Wanken, F. Charron
Proceedings of Annual Computer Security Applications Conference (ACSAC'98), December 7-11, 1998, Scottsdale, AZ.