Dagstuhl Seminar Proceedings, Volume 8102



Publication Details

  • published at: 2008-05-20
  • Publisher: Schloss Dagstuhl – Leibniz-Zentrum für Informatik

Access Numbers

Documents

No documents found matching your filter selection.
Document
1. 08102 Executive Summary – Perspectives Workshop: Network Attack Detection and Defense

Authors: Georg Carle, Falko Dressler, Richard A. Kemmerer, Hartmut Koenig, and Christopher Kruegel


Abstract
From March 2nd to 6th, 2008, the Dagstuhl Perspective Workshop 08102 Net-work Attack Detection and Defense was held at the International Conference and Research Center (IBFI), Schloss Dagstuhl. The objective of the workshop was to work out a manifesto that identifies past shortcomings and future direc-tions for the field. During the workshop, several participants presented their perspective on the development of the area. Furthermore, ongoing work and on open problems were discussed. Six working groups were formed to discuss the state of the art and the challenges of future research directions. The Executive Summary describes the workshop topics and goals in general, and gives an overview of its course. Abstracts of the presentations given during the work-shop, the outcomes of the working groups, and the manifesto are put together in the online proceedings.

Cite as

Georg Carle, Falko Dressler, Richard A. Kemmerer, Hartmut Koenig, and Christopher Kruegel. 1. 08102 Executive Summary – Perspectives Workshop: Network Attack Detection and Defense. In Perspectives Workshop: Network Attack Detection and Defense. Dagstuhl Seminar Proceedings, Volume 8102, pp. 1-6, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2008)


Copy BibTex To Clipboard

@InProceedings{carle_et_al:DagSemProc.08102.1,
  author =	{Carle, Georg and Dressler, Falko and Kemmerer, Richard A. and Koenig, Hartmut and Kruegel, Christopher},
  title =	{{1. 08102 Executive Summary – Perspectives Workshop: Network Attack Detection and Defense}},
  booktitle =	{Perspectives Workshop: Network Attack Detection and Defense},
  pages =	{1--6},
  series =	{Dagstuhl Seminar Proceedings (DagSemProc)},
  ISSN =	{1862-4405},
  year =	{2008},
  volume =	{8102},
  editor =	{Georg Carle and Falko Dressler and Richard A. Kemmerer and Hartmut K\"{o}nig and Christopher Kruegel},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/entities/document/10.4230/DagSemProc.08102.1},
  URN =		{urn:nbn:de:0030-drops-14926},
  doi =		{10.4230/DagSemProc.08102.1},
  annote =	{Keywords: Intrusion detection and prevention, attack response and countermeasures, reactive security, automated security, survivability and self-protection, ma network monitoring, flow analysis, denial of service detection and response, event correlation}
}
Document
2. 08102 Working Group – Early Warning Systems

Authors: Joachim Biskup, Bernhard Hämmerli, Michael Meier, Sebastian Schmerl, Jens Tölle, and Michael Vogel


Abstract
Early Warning Systems aim at detecting unclassified but potentially harmful sys-tem behavior based on preliminary indications and are complementary to Intrusion Detection Systems. Both kinds of systems try to detect, identify and react before pos-sible damage occurs and contribute to an integrated and aggregated situation report (big picture). A particular emphasis of Early Warning Systems is to establish hypotheses and predictions as well as to generate advises in still not completely understood situations. Thus the term early has two meanings, a) to start early in time aiming to minimize damage, and b) to process uncertain and incomplete information.

Cite as

Joachim Biskup, Bernhard Hämmerli, Michael Meier, Sebastian Schmerl, Jens Tölle, and Michael Vogel. 2. 08102 Working Group – Early Warning Systems. In Perspectives Workshop: Network Attack Detection and Defense. Dagstuhl Seminar Proceedings, Volume 8102, pp. 1-2, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2008)


Copy BibTex To Clipboard

@InProceedings{biskup_et_al:DagSemProc.08102.2,
  author =	{Biskup, Joachim and H\"{a}mmerli, Bernhard and Meier, Michael and Schmerl, Sebastian and T\"{o}lle, Jens and Vogel, Michael},
  title =	{{2. 08102 Working Group – Early Warning Systems}},
  booktitle =	{Perspectives Workshop: Network Attack Detection and Defense},
  pages =	{1--2},
  series =	{Dagstuhl Seminar Proceedings (DagSemProc)},
  ISSN =	{1862-4405},
  year =	{2008},
  volume =	{8102},
  editor =	{Georg Carle and Falko Dressler and Richard A. Kemmerer and Hartmut K\"{o}nig and Christopher Kruegel},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/entities/document/10.4230/DagSemProc.08102.2},
  URN =		{urn:nbn:de:0030-drops-14936},
  doi =		{10.4230/DagSemProc.08102.2},
  annote =	{Keywords: Intrusion detection and prevention, attack response and countermeasures, reactive security, automated security, survivability and self-protection, ma network monitoring, flow analysis, denial of service detection and response, event correlation}
}
Document
3. 08102 Outcome Working Group – Situational Awareness

Authors: Richard A. Kemmerer, Roland Bueschkes, Ali Fessi, Hartmut Koenig, Peter Herrmann, Stephen Wolthusen, Marko Jahnke, Hervé Debar, Ralph Holz, Tanja Zseby, and Dirk Haage


Abstract
Situation awareness (SA) has been defined as "the perception of elements in the environment within a volume of time and space, the comprehension of their meaning, and the projection of their status in the near future" (Endsley, 1988, 1995b, 2000).

Cite as

Richard A. Kemmerer, Roland Bueschkes, Ali Fessi, Hartmut Koenig, Peter Herrmann, Stephen Wolthusen, Marko Jahnke, Hervé Debar, Ralph Holz, Tanja Zseby, and Dirk Haage. 3. 08102 Outcome Working Group – Situational Awareness. In Perspectives Workshop: Network Attack Detection and Defense. Dagstuhl Seminar Proceedings, Volume 8102, pp. 1-3, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2008)


Copy BibTex To Clipboard

@InProceedings{kemmerer_et_al:DagSemProc.08102.3,
  author =	{Kemmerer, Richard A. and Bueschkes, Roland and Fessi, Ali and Koenig, Hartmut and Herrmann, Peter and Wolthusen, Stephen and Jahnke, Marko and Debar, Herv\'{e} and Holz, Ralph and Zseby, Tanja and Haage, Dirk},
  title =	{{3. 08102 Outcome Working Group – Situational Awareness}},
  booktitle =	{Perspectives Workshop: Network Attack Detection and Defense},
  pages =	{1--3},
  series =	{Dagstuhl Seminar Proceedings (DagSemProc)},
  ISSN =	{1862-4405},
  year =	{2008},
  volume =	{8102},
  editor =	{Georg Carle and Falko Dressler and Richard A. Kemmerer and Hartmut K\"{o}nig and Christopher Kruegel},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/entities/document/10.4230/DagSemProc.08102.3},
  URN =		{urn:nbn:de:0030-drops-14942},
  doi =		{10.4230/DagSemProc.08102.3},
  annote =	{Keywords: Intrusion detection and prevention, attack response and countermeasures, reactive security, automated security, survivability and self-protection, ma network monitoring, flow analysis, denial of service detection and response, event correlation}
}
Document
4. 8102 Working Group – Attack Taxonomy

Authors: Marc Daciér, Hervé Debar, Thorsten Holz, Engin Kirda, Jan Kohlrausch, Christopher Kruegel, Konrad Rieck, and James Sterbenz


Abstract
The starting point of this working group was the question about the kinds of attacks that can be detected by inspecting in network traffic. In general, we identified four major problems that network-based intrusion detection systems are facing: 1. Encrypted network traffic 2. Application-level attacks 3. Performance 4. Evasion attack.

Cite as

Marc Daciér, Hervé Debar, Thorsten Holz, Engin Kirda, Jan Kohlrausch, Christopher Kruegel, Konrad Rieck, and James Sterbenz. 4. 8102 Working Group – Attack Taxonomy. In Perspectives Workshop: Network Attack Detection and Defense. Dagstuhl Seminar Proceedings, Volume 8102, pp. 1-4, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2008)


Copy BibTex To Clipboard

@InProceedings{dacier_et_al:DagSemProc.08102.4,
  author =	{Daci\'{e}r, Marc and Debar, Herv\'{e} and Holz, Thorsten and Kirda, Engin and Kohlrausch, Jan and Kruegel, Christopher and Rieck, Konrad and Sterbenz, James},
  title =	{{4. 8102 Working Group – Attack Taxonomy}},
  booktitle =	{Perspectives Workshop: Network Attack Detection and Defense},
  pages =	{1--4},
  series =	{Dagstuhl Seminar Proceedings (DagSemProc)},
  ISSN =	{1862-4405},
  year =	{2008},
  volume =	{8102},
  editor =	{Georg Carle and Falko Dressler and Richard A. Kemmerer and Hartmut K\"{o}nig and Christopher Kruegel},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/entities/document/10.4230/DagSemProc.08102.4},
  URN =		{urn:nbn:de:0030-drops-14955},
  doi =		{10.4230/DagSemProc.08102.4},
  annote =	{Keywords: Intrusion detection and prevention, attack response and countermeasures, reactive security, automated security, survivability and self-protection, ma network monitoring, flow analysis, denial of service detection and response, event correlation}
}
Document
5. 08102 Working Group – Measurement Requirements

Authors: Lothar Braun, Thorsten Braun, Georg Carle, Falko Dressler, Anja Feldmann, Dirk Haage, Tobias Limmer, and Tanja Zseby


Abstract
The objective of this working group was to derive measurement requirements and challenges that originate from intrusion detection.

Cite as

Lothar Braun, Thorsten Braun, Georg Carle, Falko Dressler, Anja Feldmann, Dirk Haage, Tobias Limmer, and Tanja Zseby. 5. 08102 Working Group – Measurement Requirements. In Perspectives Workshop: Network Attack Detection and Defense. Dagstuhl Seminar Proceedings, Volume 8102, pp. 1-4, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2008)


Copy BibTex To Clipboard

@InProceedings{braun_et_al:DagSemProc.08102.5,
  author =	{Braun, Lothar and Braun, Thorsten and Carle, Georg and Dressler, Falko and Feldmann, Anja and Haage, Dirk and Limmer, Tobias and Zseby, Tanja},
  title =	{{5. 08102 Working Group – Measurement Requirements}},
  booktitle =	{Perspectives Workshop: Network Attack Detection and Defense},
  pages =	{1--4},
  series =	{Dagstuhl Seminar Proceedings (DagSemProc)},
  ISSN =	{1862-4405},
  year =	{2008},
  volume =	{8102},
  editor =	{Georg Carle and Falko Dressler and Richard A. Kemmerer and Hartmut K\"{o}nig and Christopher Kruegel},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/entities/document/10.4230/DagSemProc.08102.5},
  URN =		{urn:nbn:de:0030-drops-14962},
  doi =		{10.4230/DagSemProc.08102.5},
  annote =	{Keywords: Intrusion detection and prevention, attack response and countermeasures, reactive security, automated security, survivability and self-protection, ma network monitoring, flow analysis, denial of service detection and response, event correlation}
}
Document
6. 08102 Working Group – Requirements for Network Monitoring from an IDS Perspective

Authors: Lothar Braun, Falko Dressler, Thorsten Holz, Engin Kirda, Jan Kohlrausch, Christopher Kruegel, Tobias Limmer, Konrad Rieck, and James Sterbenz


Abstract
Detection of malicious traffic is based on its input data, the information that is co-ming from network-based monitoring systems. Best detection rates would only be possible by monitoring all data transferred over all network lines in a distributed net-work. Monitoring and reporting this amount of data are feasible in neither today's, nor will be in future's systems. Later analysis like stateful inspection of the traffic imposes even more processing costs. But only at this level of monitoring and analysis there may be a chance to capture all attacks inside a system. So there needs to be a trade-off between detection success and the processing costs.

Cite as

Lothar Braun, Falko Dressler, Thorsten Holz, Engin Kirda, Jan Kohlrausch, Christopher Kruegel, Tobias Limmer, Konrad Rieck, and James Sterbenz. 6. 08102 Working Group – Requirements for Network Monitoring from an IDS Perspective. In Perspectives Workshop: Network Attack Detection and Defense. Dagstuhl Seminar Proceedings, Volume 8102, pp. 1-4, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2008)


Copy BibTex To Clipboard

@InProceedings{braun_et_al:DagSemProc.08102.6,
  author =	{Braun, Lothar and Dressler, Falko and Holz, Thorsten and Kirda, Engin and Kohlrausch, Jan and Kruegel, Christopher and Limmer, Tobias and Rieck, Konrad and Sterbenz, James},
  title =	{{6. 08102 Working Group – Requirements for Network Monitoring from an IDS Perspective}},
  booktitle =	{Perspectives Workshop: Network Attack Detection and Defense},
  pages =	{1--4},
  series =	{Dagstuhl Seminar Proceedings (DagSemProc)},
  ISSN =	{1862-4405},
  year =	{2008},
  volume =	{8102},
  editor =	{Georg Carle and Falko Dressler and Richard A. Kemmerer and Hartmut K\"{o}nig and Christopher Kruegel},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/entities/document/10.4230/DagSemProc.08102.6},
  URN =		{urn:nbn:de:0030-drops-14970},
  doi =		{10.4230/DagSemProc.08102.6},
  annote =	{Keywords: Intrusion detection and prevention, attack response and countermeasures, reactive security, automated security, survivability and self-protection, ma network monitoring, flow analysis, denial of service detection and response, event correlation}
}
Document
7. 08102 Working Group – Intrusion and Fraud Detection for Web Services

Authors: Marc Daciér, Ulrich Flegel, Ralph Holz, and Norbert Luttenberger


Abstract
Web services (WS) technology bears the promise to finally bring the power of SOA middleware to the road on a large scale and across organizational domains. Big players such as Google, Amazon, SAP, and IBM have already adopted the technol-ogy. European funding agencies are strongly believing and heavily investing into WS-related technological developments and application scenarios. We expect a growing adoption and widespread use of Web services for different application areas, among them e.g. value added service composition, Web 2.0-enhanced communication sys-tems (e.g. based on Ajax), and focused service offerings from specialized small or medium sized enterprises (SMEs).

Cite as

Marc Daciér, Ulrich Flegel, Ralph Holz, and Norbert Luttenberger. 7. 08102 Working Group – Intrusion and Fraud Detection for Web Services. In Perspectives Workshop: Network Attack Detection and Defense. Dagstuhl Seminar Proceedings, Volume 8102, pp. 1-3, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2008)


Copy BibTex To Clipboard

@InProceedings{dacier_et_al:DagSemProc.08102.7,
  author =	{Daci\'{e}r, Marc and Flegel, Ulrich and Holz, Ralph and Luttenberger, Norbert},
  title =	{{7. 08102 Working Group – Intrusion and Fraud Detection for Web Services}},
  booktitle =	{Perspectives Workshop: Network Attack Detection and Defense},
  pages =	{1--3},
  series =	{Dagstuhl Seminar Proceedings (DagSemProc)},
  ISSN =	{1862-4405},
  year =	{2008},
  volume =	{8102},
  editor =	{Georg Carle and Falko Dressler and Richard A. Kemmerer and Hartmut K\"{o}nig and Christopher Kruegel},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/entities/document/10.4230/DagSemProc.08102.7},
  URN =		{urn:nbn:de:0030-drops-14982},
  doi =		{10.4230/DagSemProc.08102.7},
  annote =	{Keywords: Intrusion detection and prevention, attack response and countermeasures, reactive security, automated security, survivability and self-protection, ma network monitoring, flow analysis, denial of service detection and response, event correlation}
}
Document
8. 08102 Manifesto – Perspectives Workshop: Network Attack Detection and Defense

Authors: Georg Carle, Falko Dressler, Richard A. Kemmerer, Hartmut Koenig, Christopher Kruegel, and Pavel Laskov


Abstract
This manifesto is the result of the Perspective Workshop Network Attack Detection and Defense held in Schloss Dagstuhl (Germany) from March 2nd – 6th, 2008. The participants of the workshop represent researchers from Austria, France, Norway, the Switzerland, the United States, and Germany who work actively in the field of intrusion detection and network monitoring. The workshop attendee’s opinion was that intrusion detection and flow analysis, which have been developed as complementary approaches for the detection of network attacks, should more strongly combine event detection and correlation techniques to better meet future challenges in future reactive security. The workshop participants considered various perspectives to envision future network attack detection and defense. The following topics are seen as important in the future: the development of early warning systems, the introduction of situation awareness, the improvement of measurement technology, taxonomy of attacks, the application of intrusion and fraud detection for web services, and anomaly detection. In order to realize those visions the state of the art, the challenges, and research priorities were identified for each topic by working groups. The outcome of the discussion is summarized in working group papers which are published in the workshop proceedings. The papers were compiled by the editors to this manifesto.

Cite as

Georg Carle, Falko Dressler, Richard A. Kemmerer, Hartmut Koenig, Christopher Kruegel, and Pavel Laskov. 8. 08102 Manifesto – Perspectives Workshop: Network Attack Detection and Defense. In Perspectives Workshop: Network Attack Detection and Defense. Dagstuhl Seminar Proceedings, Volume 8102, pp. 1-16, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2008)


Copy BibTex To Clipboard

@InProceedings{carle_et_al:DagSemProc.08102.8,
  author =	{Carle, Georg and Dressler, Falko and Kemmerer, Richard A. and Koenig, Hartmut and Kruegel, Christopher and Laskov, Pavel},
  title =	{{8. 08102 Manifesto – Perspectives Workshop: Network Attack Detection and Defense}},
  booktitle =	{Perspectives Workshop: Network Attack Detection and Defense},
  pages =	{1--16},
  series =	{Dagstuhl Seminar Proceedings (DagSemProc)},
  ISSN =	{1862-4405},
  year =	{2008},
  volume =	{8102},
  editor =	{Georg Carle and Falko Dressler and Richard A. Kemmerer and Hartmut K\"{o}nig and Christopher Kruegel},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/entities/document/10.4230/DagSemProc.08102.8},
  URN =		{urn:nbn:de:0030-drops-14917},
  doi =		{10.4230/DagSemProc.08102.8},
  annote =	{Keywords: Manifesto of the Dagstuhl Perspective Workshop, March 2nd - 6th, 2008}
}

Filters


Questions / Remarks / Feedback
X

Feedback for Dagstuhl Publishing


Thanks for your feedback!

Feedback submitted

Could not send message

Please try again later or send an E-mail