Learn More
Network-based intrusion has become a serious threat to today's highly networked information systems, yet the overwhelming majority of current network security mechanisms are " passive " in response to network-based attacks. In particular, tracing and detection of the source of network-based intrusion has been left largely untouched in existing intrusion(More)
This paper introduces an intrusion-detection device named honeyfiles. Honeyfiles are bait files intended for hackers to access. The files reside on a file server, and the server sends an alarm when a honey file is accessed. For example, a honeyfile named "passwords.txt" would be enticing to most hackers. The file server's end-users create honeyfiles, and(More)
An intrusion-detection system (IDS) for an ongoing attack is described. Prior to an attack, an IDS operates in anticipation of a general threat. During an attack, the IDS can deal less in the general and more in the particular-namely, particulars about attackers and attacked devices. A profile of the attacker is developed, using information he reveals about(More)
DECIDUOUS is a security management framework for identifying the sources of network-based intrusions. The rst key concept in DECIDUOUS is dynamic security associations, which eciently and collectively provide location information for attack sources. DECIDUOUS is built on top of IETF's IPSEC/ISAKMP infrastructure, and it does not introduce any new network(More)
Intrusion detection techniques have appeared to inspect all of the inbound and outbound network activities, and to identify suspicious patterns that indicate an attack that might compromise an information system. However, related information can be collected so as to supply evidence in criminal and civil legal proceedings. Several works have been carried(More)
A network device is considered compromised when one of its security mechanisms is defeated by an attacker. For many networks, an attacker can compromise many devices before being discovered. However, investigating devices for compromise is costly and time-consuming, making it dicult to investigate all, or even most, of a network's devices. Further,(More)
Editorial The last issue for 2006 includes a paper on propaganda, two on deception and another on the state of Belgian intelligence agencies. Taylor starts by outlining and critiquing the West's propaganda effort after illustrating its past. A renowned expert in this area, it would be interesting to see some comments about his assertions from readers. In(More)