Intrusion Detection Systems

By: Roberto Di Pietro (Editor), Luigi V. Mancini (Editor)

Write A Review

Hardcover | 10 July 2008

At a Glance

Hardcover
268 Pages

Dimensions(cm)
24.13 x 16.51 x 1.27

Hardcover

$249.00

or 4 interest-free payments of $62.25 with

Ships in 5 to 7 business days

In our world of ever-increasing Internet connectivity, there is an on-going threat of intrusion, denial of service attacks, or countless other abuses of computer and network resources. In particular, these threats continue to persist due to the flaws of current commercial intrusion detection systems (IDSs).

Intrusion Detection Systems is an edited volume by world class leaders in this field.
This edited volume sheds new light on defense alert systems against computer and network intrusions. It also covers integrating intrusion alerts within security policy framework for intrusion response, related case studies and much more. This volume is presented in an easy-to-follow style while including a rigorous treatment of the issues, solutions, and technologies tied to the field.

Intrusion Detection Systems is designed for a professional audience composed of researchers and practitioners within the computer network and information security industry. It is also suitable as a reference or secondary textbook for advanced-level students in computer science.

Industry Reviews

From the reviews:

"This collection of seven papers, plus a glossary and a two-page editorial introduction, presents the state of the art in IDSs. ... The editors have collected a strong set of papers for both IDS specialists and IDS users. The authors succeed in presenting directions for improvement, backed up by experimental results." (A. Marien, ACM Computing Reviews, January, 2009)

Shipping

	Standard Shipping	Express Shipping
Metro postcodes:	$9.99	$14.95
Regional postcodes:	$9.99	$14.95
Rural postcodes:	$9.99	$14.95

Orders over $79.00 qualify for free shipping.

How to return your order

At Booktopia, we offer hassle-free returns in accordance with our returns policy. If you wish to return an item, please get in touch with Booktopia Customer Care.

Additional postage charges may be applicable.

Defective items

If there is a problem with any of the items received for your order then the Booktopia Customer Care team is ready to assist you.

For more info please visit our Help Centre.

You Can Find This Book In

Non-Fiction Computing & I.T.Computer Networking & Communications Network Security Computer Science Computer Security Data Encryption Reference, Information & Interdisciplinary Subjects Research & Information Coding Theory & Cryptology Computer Hardware Network Hardware

Other Editions and Formats

Paperback

Published: 23rd November 2010

View Product

Approaches in Anomaly-based Network Intrusion Detection Systems	p. 1
Introduction	p. 1
Anomaly-Based Intrusion Detection Systems	p. 2
Payload-based vs header-based approaches	p. 4
Setting up an ABS	p. 6
Building the Model	p. 7
Setting the threshold	p. 8
PAYL and POSEIDON	p. 8
PAYL	p. 8
POSEIDON	p. 9
Conclusions	p. 12
Appendix	p. 13
PAYL algorithm	p. 13
SOM algorithm	p. 14
References	p. 15
Formal Specification for Fast Automatic Profiling of Program Behavior	p. 17
Introduction	p. 17
Related works	p. 19
Methodology	p. 21
Case Study	p. 22
POP3 commands	p. 22
The FSM (step 1)	p. 23
VSP specification for ipop3d (step 2)	p. 24
Compiling VSP (step 3)	p. 27
Visiting the FSM1 (step 4)	p. 28
Executing Traces (step 5)	p. 28
Using the Methodology to Configure REMUS	p. 29
Results	p. 30
Concluding remarks	p. 31
Appendix	p. 32
The critical system calls	p. 32
Postgres VSP Specification	p. 32
References	p. 32
Learning Behavior Profiles from Noisy Sequences	p. 39
Introduction	p. 39
Learning by Abstraction	p. 41
Regular Expressions	p. 42
String Alignment and Flexible Matching	p. 43
The Learning Algorithm	p. 45
[omega subscript S] Operator	p. 46
[omega subscript I] Operator	p. 47
Basic learning cycle	p. 48
Refinement cycle	p. 50
Evaluation on Artificial Traces	p. 51
Motif reconstruction in presence of noise	p. 52
Assessing the influence of alphabet size and motif length	p. 53
Discovering graph structured patterns	p. 57
User Profiling	p. 59
Key Phrase Typing Model	p. 59
Text Typing Model	p. 60
Conclusion	p. 62
References	p. 62
Correlation Analysis of Intrusion Alerts	p. 65
Introduction	p. 66
Approaches Based on Similarity between Alert Attributes	p. 67
Probabilistic Alert Correlation	p. 68
Statistical Anomaly Analysis to Detect Stealthy Portscans	p. 69
Root Cause Analysis	p. 70
Statistical Causality Analysis Based Approach	p. 71
Alert Clustering and Merging in MIRADOR Project	p. 72
Approaches Based on Predefined Attack Scenarios	p. 74
Aggregation and Correlation in IBM/Tivoli Systems	p. 74
Chronicles Based Approach	p. 75
Approaches Based on Prerequisites and Consequences of Attacks	p. 76
Pre-condition/Post-condition Based Approach in MIRADOR Project	p. 77
A Prerequisite and Consequence Based Approach	p. 78
Attack Hypothesizing and Reasoning Techniques	p. 79
Approaches Based on Multiple Information Sources	p. 82
Mission-Impact-Based Approach	p. 83
A Data Model M2D2 for Alert Correlation	p. 84
Triggering Events and Common Resources Based Approach	p. 85
Privacy Issues in Alert Correlation	p. 86
An Approach on Alert Sharing and Correlation	p. 87
Generalization and Perturbation Based Approaches	p. 88
Summary	p. 90
References	p. 90
An Approach to Preventing, Correlating, and Predicting Multi-Step Network Attacks	p. 93
Introduction	p. 93
Related Work	p. 95
Preliminaries	p. 97
Attack Graph	p. 97
Intrusion Alert and Correlation	p. 99
Hardening Network To Prevent Multi-Step Intrusions	p. 100
A Motivating Example	p. 100
A Graph-Based Algorithm for Hardening A Network	p. 102
Minimum-Cost Solutions	p. 106
Correlating and Predicting Multi-Step Attacks	p. 108
Motivation	p. 108
Queue Graph-Based Alert Correlation	p. 109
Hypothesizing Missing Alerts and Predicting Future Alerts	p. 114
Compressing Result Graphs	p. 117
Empirical Results	p. 119
Effectiveness	p. 120
Performance	p. 122
Conclusion	p. 124
References	p. 126
Response: bridging the link between intrusion detection alerts and security policies	p. 129
Introduction	p. 129
Problem statement	p. 130
Domain terminology	p. 130
Intrusion Prevention and Response	p. 132
Comprehensive Approach to Response	p. 133
Security Policy Formalism	p. 133
Choice of a Security Policy Formalism	p. 133
The Or-BAC Formalism	p. 134
Or-BAC Contexts	p. 136
Presentation of a use case	p. 137
Modelling of the use case	p. 139
Applying Or-BAC for threat response	p. 144
Examples of threat contexts	p. 144
Atomic contexts	p. 148
Composed contexts	p. 149
Context activation	p. 151
Context deactivation	p. 154
Influence of Mapping on the Response Strategy	p. 154
The Threat Response System	p. 155
System Architecture	p. 155
Alert Correlation Engine (ACE)	p. 155
Policy Instantiation Engine (PIE)	p. 157
Policy Decision Point (PDP)	p. 157
Policy Enforcement Point (PEP)	p. 158
From alerts to new policies	p. 158
Syntactic mapping	p. 158
Enrichment	p. 159
Strategy application	p. 160
Case Study: e-mail Server	p. 160
Threats related to the use case	p. 161
Threat analysis	p. 163
Revised description of the Policy Components	p. 164
Definition of the Security Policy	p. 165
The Mapping Predicates	p. 167
Issues with the Approach	p. 167
Conclusion	p. 168
References	p. 169
Intrusion Detection and Reaction: an Integrated Approach to Network Security	p. 171
Introduction	p. 172
Related Work	p. 173
Intrusion Detection Systems	p. 173
Traceback	p. 176
The Proposed Framework	p. 177
An Architecture for Intrusion Detection	p. 178
An Approach to Intrusion Detection	p. 179
Performance evaluation	p. 188
A Distributed Intrusion Detection System	p. 191
Privacy Issues in Intrusion Detection	p. 193
Intrusion Reaction: a System for Attack Source Detection	p. 195
The ASSYST Architecture	p. 195
Attack Sessions	p. 196
The ASP Protocol	p. 197
ASSYST: case studies	p. 197
Intrusion detection subsystem	p. 201
Traffic classification and intrusion reaction	p. 202
ASSYST implementation details	p. 203
ASP protocol implementation details	p. 204
Testing the Approach	p. 205
Conclusions and Future Work	p. 205
References	p. 207
Glossary of Terms Used in Security and Intrusion Detection	p. 211
Index	p. 247
Table of Contents provided by Ingram. All Rights Reserved.

Intrusion Detection Systems

At a Glance

Hardcover

Industry Reviews

Shipping

How to return your order

Defective items

You Can Find This Book In

Other Editions and Formats

Paperback

More in Data Encryption

The New Age of Sexism

How the AI Revolution is Reinventing Misogyny

Computer Security

Art and Science

Foundations of Information Security

Cybersecurity All-in-One For Dummies

For Dummies

Security Risk Management Body of Knowledge

Wiley Series in Systems Engineering and Management

Rinsed

From Cartels to Crypto: How the Tech Industry Washes Money for the World's Deadliest Crooks

Supremacy

AI, ChatGPT and the Race that Will Change the World

Black Hat Python, 2nd Edition

Python Programming for Hackers and Pentesters

Hackers & Painters

CompTIA Security+

8th Edition - Guide to Network Security Fundamentals

Cryptography and Network Security

8th Edition - Principles and Practice, Global Edition

Crafting an Information Security Playbook

Principles of Information Security

7th edition

The Web Application Hacker's Handbook

Finding and Exploiting Security Flaws 2E

Quantum Leaps

How Maths is Shaping the Future

Cloud Native Application Protection Platforms

A Guide to CNAPPs and the Foundations of Comprehensive Cloud Security

The New Age of Sexism

How the AI Revolution is Reinventing Misogyny

Container Security

Fundamental Technology Concepts That Protect Containerized Applications

Linux Server Hacks, Volume Two

Tips & Tools for Connecting, Monitoring, and Troubleshooting

Linux Security Cookbook

Cookbooks Ser.

Practical Lock Picking Second Edition

A Physical Penetration Tester's Training Guide

Introduction to Modern Cryptography

Revised Third Edition

Guide to Computer Forensics and Investigations

7th Edition

Introduction to Modern Cryptography

Chapman & Hall/Crc Cryptography and Network Security

This product is categorised by