×

Uh-oh, it looks like your Internet Explorer is out of date.

For a better shopping experience, please upgrade now.

Intrusion Detection in Distributed Systems: An Abstraction-Based Approach / Edition 1
     

Intrusion Detection in Distributed Systems: An Abstraction-Based Approach / Edition 1

by Peng Ning, Sushil Jajodia, X. Sean Wang
 

ISBN-10: 140207624X

ISBN-13: 9781402076244

Pub. Date: 10/31/2003

Publisher: Springer US

Intrusion detection systems (IDS) are usually deployed along with other preventive security mechanisms, such as access control and authentication, as a second line of defense that protects information systems. Intrusion detection complements the protective mechanisms to improve the system security. Moreover, even if the preventive security mechanisms can protect

Overview

Intrusion detection systems (IDS) are usually deployed along with other preventive security mechanisms, such as access control and authentication, as a second line of defense that protects information systems. Intrusion detection complements the protective mechanisms to improve the system security. Moreover, even if the preventive security mechanisms can protect information systems successfully, it is still desirable to know what intrusions have happened or are happening, so that the users can understand the security threats and risks and thus be better prepared for future attacks. Intrusion detection techniques are traditionally categorized into two classes: anomaly detection and misuse detection. Anomaly detection is based on the normal behavior of a subject (e.g., user or a system); any action that significantly deviates from the normal behavior is considered intrusive. Misuse detection catches intrusions in terms of characteristics of known attacks or system vulnerabilities; any action that conforms to the pattern of known attack or vulnerability is considered intrusive. Alternatively, IDS may be classified into host-based IDSs, distributed IDSs, and network based IDSs according to the source of the audit information used by each IDS. Host-based IDSs get audit data from host audit trails and usually aim at detecting attacks against a single host; distributed IDSs gather audit data from multiple hosts and possibly the network and connects the hosts, aiming at detecting attacks involving multiple hosts; network-based IDSs use network traffic as the audit data source, relieving the burden on the hosts that usually provide normal computing services. Intrusion Detection In Distributed Systems: An Abstraction-Based Approach presents research contributions in three areas with respect to intrusion detection in distributed systems. The first contribution is an abstraction-based approach to addressing heterogeneity and autonomy of dis

Product Details

ISBN-13:
9781402076244
Publisher:
Springer US
Publication date:
10/31/2003
Series:
Advances in Information Security Series , #9
Edition description:
2004
Pages:
156
Product dimensions:
9.21(w) x 6.14(h) x 0.44(d)

Related Subjects

Table of Contents

Dedication. List of Figures. List of Tables. Preface. Acknowledgments. 1: Introduction. 2: An Overview of Related Research. 3: System View and Event History. 4: Modeling Request Among Cooperating Intrusion Detection Systems. 5: Extending Common Intrusion Detection Framework (CIDF) to Support Queries. 6: A Hierarchical Model for Distributed Attacks. 7: Decentralized Detection of Distributed Attacks. 8: CARDS: An Experimental System for Detecting Distributed Attacks. 9: Conclusion. Appendices: A. B. References. Index.

Customer Reviews

Average Review:

Post to your social network

     

Most Helpful Customer Reviews

See all customer reviews