Intrusion Detection and Correlation : Challenges and Solutions (Advances in Information Security)

✍ Scribed by Christopher Kruegel

Year: 2004
Tongue: English
Leaves: 133
Edition: 1
Category: Library

No coin nor oath required. For personal study only.

✦ Synopsis

Details how intrusion detection works in network security with comparisons to traditional methods such as firewalls and cryptography Analyzes the challenges in interpreting and correlating Intrusion Detection alerts

✦ Table of Contents

Team DDU......Page 1
Table Of Contents......Page 6
List of Figures......Page 10
List of Tables......Page 12
Preface......Page 14
1. INTRODUCTION......Page 16
1 Motivating Scenario......Page 18
2 Alert Correlation......Page 21
3 Organization......Page 22
1 Security Attacks and Security Properties......Page 24
2.1 Attack Prevention......Page 26
2.2 Attack Avoidance......Page 27
3 Intrusion Detection......Page 32
3.1Architecture......Page 34
3.2Taxonomy......Page 35
3.3Detection Method......Page 36
3.5Audit Source Location......Page 40
3.7 IDS Cooperation and Alert Correlation......Page 43
3. ALERT CORRELATION......Page 44
4. ALERT COLLECTION......Page 50
1 Alert Normalization......Page 51
2 Alert Preprocessing......Page 52
2.1 Determining the Alert Time......Page 53
2.3 Determining the Attack's Name......Page 57
1 Alert Fusion......Page 58
2 Alert Verification......Page 60
2.2 Active Approach......Page 63
3 Attack Thread Reconstruction......Page 67
4 Attack Session Reconstruction......Page 68
5 Attack Focus Recognition......Page 71
1 Multistep Correlation......Page 74
2 Impact Analysis......Page 78
3 Alert Prioritizing......Page 80
4 Alert Sanitization......Page 81
7. LARGE-SCALE CORRELATION......Page 86
1.1 Definitions......Page 92
1.2 Attack Specification Language......Page 93
1.3 Language Grammar......Page 94
2.1 Basic Data Structures......Page 95
2.2 Constraints......Page 97
2.3 Detection Process......Page 98
2.4 Implementation Issues......Page 105
1 Evaluation of Traditional ID Sensors......Page 108
1.1 Evaluation Efforts......Page 109
2 Evaluation of Alert Correlators......Page 110
2.1 Evaluation Efforts......Page 111
2.2 Problems......Page 113
2.3 Correlation Evaluation Truth Files......Page 114
2.4 Factors Affecting the Alert Reduction Rate......Page 115
1 Intrusion Detection......Page 118
2 Alert Correlation......Page 121
10. CONCLUSIONS......Page 124
References......Page 126
Index......Page 132

📜 SIMILAR VOLUMES

Intrusion Detection and Correlation - Ch

📁 Intrusion Detection and Correlation - Challenges and Solutions

✍ K. Kruegel, et al. 📂 Library 📅 2005 🏛 Springer 🌐 English

Intrusion Detection And Correlation Chal

📁 Intrusion Detection And Correlation Challenges

✍ Christopher Kruegel, Fredrik Valeur, Giovanni Vigna 📂 Library 📅 2010 🏛 Springer 🌐 English

Cybersecurity and Secure Information Sys

📁 Cybersecurity and Secure Information Systems: Challenges and Solutions in Smart Environments

✍ Aboul Ella Hassanien, Mohamed Elhoseny 📂 Library 📅 2019 🏛 Springer International Publishing 🌐 English

<p><p></p><p>This book provides a concise overview of the current state of the art in cybersecurity and shares novel and exciting ideas and techniques, along with specific cases demonstrating their practical application. It gathers contributions by both academic and industrial researchers, covering

Cybersecurity and secure information sys

📁 Cybersecurity and secure information systems: challenges and solutions in smart environments

✍ Hassanien, Aboul Ella(Editor);Elhoseny, Mohamed(Editor) 📂 Library 📅 2019 🏛 Springer 🌐 English

This book provides a concise overview of the current state of the art in cybersecurity and shares novel and exciting ideas and techniques, along with specific cases demonstrating their practical application. It gathers contributions by both academic and industrial researchers, covering all aspects o

Advances and Challenges in Multisensor D

📁 Advances and Challenges in Multisensor Data and Information Processing - Volume 8 NATO Security through Science Series: Information and Communication Security ... D: Sinformation and Communication Security)

✍ Eric Lefebvre 📂 Library 📅 2007 🏛 IOS Press 🌐 English

Information fusion resulting from multi-source processing, often called multisensor data fusion when sensors are the main sources of information, is a relatively young (less than 20 years) technology domain. It provides techniques and methods for: Integrating data from multiple sources and using the

Cyber Security and Global Information As

📁 Cyber Security and Global Information Assurance: Threat Analysis and Response Solutions (Advances in Information Security and Privacy)

✍ Kenneth J. Knapp 📂 Library 📅 2009 🏛 Information Science Reference 🌐 English

I was tasked with building an online course in Cyber security for a major online university, and was assigned the book, "Cyber Security and Global Information Assurance," edited by K.J. Knapp, as the primary textbook for the course. Knowing that most online students would be in the "continuing educ