MIT Lincoln Laboratory: DARPA Intrusion Detection Evaluation

Intrusion Detection Related Publications

Listed are Lincoln Laboratory publications and publications by various members of the Intrusion Detection research community that relate to the DARPA Intrusion Detection Evaluations.

Lincoln Laboratory Publications 2002

Rossey, L. M., Cunningham, R. K., Fried, D., Rabek, J. C., Lippmann, R. P., Haines, J. and Zissman, M. A., LARIAT: Lincoln Adaptable Real-Time Information Assurance Testbed. IEEE Aerospace Conference, Big Sky, Montana, USA, March 9-16, 2002. [PDF]

Lincoln Laboratory Publications 2001

Joshua Haines, Lee Rossey, Rich Lippmann and Robert Cunnigham, "Extending the 1999 Evaluation", In the Proceedings of DISCEX 2001, June 11-12, Anaheim, CA. [PDF]

Joshua W. Haines, Richard P. Lippmann, David J. Fried, Eushiuan Tran, Steve Boswell, Marc A. Zissman, "1999 DARPA Intrusion Detection System Evaluation: Design and Procedures", MIT Lincoln Laboratory Technical Report, [PDF]

Lincoln Laboratory Publications 2000

Richard Lippmann, Joshua W. Haines, David J. Fried, Jonathan Korba, Kumar Das "The 1999 DARPA Off-Line Intrusion Detection Evaluation", Draft of paper submitted to Computer Networks, In Press, 2000. [PDF]

Jonathan Korba, "Windows NT Attacks for the Evaluation of Intrusion Detection Systems", S.M. Thesis, Massachusetts Institute of Technology, June, 2000. [PDF]

Richard P. Lippmann, David J. Fried, Isaac Graf, Joshua W. Haines,Kristopher R. Kendall, David McClung, Dan Weber, Seth E. Webster, Dan Wyschogrod, Robert K. Cunningham, and Marc A. Zissman, "Evaluating Intrusion Detection Systems: the 1998 DARPA Off-Line Intrusion Detection Evaluation", Proceedings of the 2000 DARPA Information Survivability Conference and Exposition, 2000, Vol. 2, pp. [PDF]

Lincoln Laboratory Publications 1999

Richard P. Lippmann, Robert K. Cunningham, David J. Fried, Issac Graf, Kris R. Kendall, Seth E. Webster, Marc A. Zissman, "Results of the DARPA 1998 Offline Intrusion Detection Evaluation", slides presented at RAID 1999 Conference, September 7-9, 1999, West Lafayette, Indiana. [PDF]

Richard P. Lippmann and Robert K. Cunningham, "Using Key-String Selection and Neural Networks to Reduce False Alarms and Detect New Attacks with Sniffer-Based Intrusion Detection Systems", presented at RAID 1999 Conference, September 7-9, 1999, West Lafayette, Indiana. [PDF]

R. K. Cunningham, R. P. Lippmann, D. J. Fried, S. L. Garfinkel, I. Graf, K. R. Kendall, S. E. Webster, D. Wyschogrod, M. A. Zissman, "Evaluating Intrusion Detection Systems without Attacking your Friends: The 1998 DARPA Intrusion Detection Evaluation", SANS 1999. [PDF]

Lincoln Laboratory Publications 1998

Kris Kendall, "A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems", Master's Thesis, Massachusetts Institute of Technology, 1998. [PDF]

Richard P. Lippmann, Isaac Graf, Dan Wyschogrod, Seth E. Webster, Dan J. Weber, and Sam Gorton, "The 1998 DARPA/AFRL Off-Line Intrusion Detection Evaluation," First International Workshop on Recent Advances in Intrusion Detection (RAID), Louvain-la-Neuve, Belgium, 1998.

Seth E. Webster, "The Development and Analysis of Intrusion Detection Algorithms," S.M. Thesis, Massachusetts Institute of Technology, June 1998. [PDF], [PS]

Related Publications 2000

T. Bowen, D. Chee, M. Segal, R. Sekar, T. Shanbhag, P. Uppuluri, "Building Survivable Systems: An Integrated Approach based on Intrusion Detection and Damage Containment," Proceedings of the 2000 DARPA Information Survivability Conference and Exposition, 2000.

Salvatore J. Stolfo, Wei Fan, Wenke Lee, "Cost-based Modeling for Fraud and Intrusion Detection: Results from the JAM Project", Proceedings of the 2000 DARPA Information Survivability Conference and Exposition, 2000.

Giovanni Vigna, Steve T. Eckmann, Richard A. Kemmerer, "The STAT Tool Suite", Proceedings of the 2000 DARPA Information Survivability Conference and Exposition, 2000.

John McHugh, "The Lincoln Laboratory Intrusion Detection Evaluation: A Critique", Proceedings of the 2000 DARPA Information Survivability Conference and Exposition, 2000.

Brad J. Wood, Ruth A. Duggan, "Red-Teaming of Advanced Information Assurance Concepts", Proceedings of the 2000 DARPA Information Survivability Conference and Exposition, 2000.

Related Publications 1999

R. Durst, T. Champion, B. Witten, E. Miller and L.Spagnuolo, "Testing and Evaluating Computer Intrusion Detection Systems", Communications of the ACM, 42(7), 1999, pp. 53-61.

A. K. Ghosh, A. Schwatzbard and M. Shatz, "Learning Program Behavior Profiles for Intrusion Detection", Proceedings 1st USENIX Workshop on Intrusion Detection and Network Monitoring, Santa Clara, California, April 1999.

A. K. Ghosh and A. Schwatzbard, "A Study in the Feasibility of Performing Host-Based Anomaly Detection", Second International Workshop on Recent Advances in Intrusion Detection (RAID), Purdue University CERIAS, West Lafayette, Indiana, 1999.

W. Lee, S.J. Stolfo, K. Mok, "Mining in a Data-flow Environment: Experience in Network Intrusion Detection", Proceedings 5th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining (KDD '99), San Diego, CA, August 1999.

Wenke Lee, Salvatore J. Stolfo and Kui W. Mok, "A Data Mining Framework for Building Intrusion Detection Models", 1999 IEEE Symposium on Security and Privacy, Oakland, California, May 9-12, 1999.

S. Staniford-Chen, S. Cheung, R. Crawford, M. Dilger, J. Frank, J. Hoagland, K. Levitt, C. Wee, R. Yip, D. Zerkle, "GrIDS — A Graph-Based Intrusion Detection System for Large Networks", The 19th National Information Systems Security Conference.

Ulf Lindqvist and Phillip A. Porras, "Detecting Computer and Network Misuse through the Production-based Expert System Toolset (P-BEST)", 1999 IEEE Symposium on Security and Privacy, Oakland, California, May 9-12, 1999.

P. Neumann and P. Porras, "Experience with EMERALD to DATE", Proceedings 1st USENIX Workshop on Intrusion Detection and Network Monitoring, Santa Clara, California, pp. 73-80, April 1999.

R. Sekar and P. Uppuluri, "Synthesizing Fast Intrusion Prevention/Detection Systems from High-Level Specifications", Proceedings 8th Usenix Security Symposium, Washington DC, Aug. 1999.

Related Publications 1998

G. Vigna and R. Kemmerer, "NetSTAT: A network-based intrusion detection approach", Proceedings of the 14th Annual Computer Security Applications Conference, Scottsdale, Arizona, December 1998.

top of page

Cyber Systems and Technology