Intrusion Detection in Distributed Systems: An by Peng Ning

By Peng Ning

Intrusion Detection In disbursed platforms: An Abstraction-Based Approach provides learn contributions in 3 components with recognize to intrusion detection in allotted platforms. the 1st contribution is an abstraction-based method of addressing heterogeneity and autonomy of disbursed environments. the second one contribution is a proper framework for modeling requests between cooperative IDSs and its software to universal Intrusion Detection Framework (CIDF). The 3rd contribution is a singular method of coordinating diverse IDSs for disbursed occasion correlation.

Show description

Read or Download Intrusion Detection in Distributed Systems: An Abstraction-Based Approach (Advances in Information Security) PDF

Similar cryptography books

Introduction to Cryptography

A result of speedy development of electronic verbal exchange and digital facts alternate, info defense has turn into a very important factor in undefined, company, and management. sleek cryptography presents crucial recommendations for securing details and preserving information. within the first half, this e-book covers the most important innovations of cryptography on an undergraduate point, from encryption and electronic signatures to cryptographic protocols.

Public Key Cryptography – PKC 2004: 7th International Workshop on Theory and Practice in Public Key Cryptography, Singapore, March 1-4, 2004. Proceedings

This publication constitutes the refereed lawsuits of the seventh overseas Workshop on idea and perform in Public Key Cryptography, PKC 2004, held in Singapore in March 2004. The 32 revised complete papers offered have been rigorously reviewed and chosen from 106 submissions. All present matters in public key cryptography are addressed starting from theoretical and mathematical foundations to a wide number of public key cryptosystems.

The Mathematics of Coding Theory, 1st Edition

This booklet makes a truly available creation to a crucial modern program of quantity concept, summary algebra, and chance. It includes a variety of computational examples all through, giving beginners the chance to use, perform, and fee their knowing of key ideas. KEY issues insurance begins from scratch in treating chance, entropy, compression, Shannon¿s theorems, cyclic redundancy exams, and error-correction.

Additional info for Intrusion Detection in Distributed Systems: An Abstraction-Based Approach (Advances in Information Security)

Example text

In this case, the events in the expected view implies events in the provided view. For example, the query may ask about telnet sessions while the provided view only has TCP connections information. We may view each event in the provided view as an approximation of the expected view, and then transform the query into one by replacing each R' attribute in the query with the corresponding R attribute. ) The transformed query is then directly supported by the provided view. Although the transformed query is just an approximation to the original one, the result of such a query may still convey some information useful to the requesting IDS.

The provided view). However, this may result in situations where queries are not directly supported by the system views provided by IDSs. That is, a mismatch may occur between the minimal expected view of a query and the provided view by an IDS. Mismatches may arise for many reasons, including misunderstandings of messages. In this work, we are interested in mismatches in the following situations, assuming that all the participating IDSs understand each other correctly (based on the work of standards like CIDF and IETF's IDEF).

3 shows a bridging query from (R,0) to (R', 0). This query aggregates each combination of three events regarding a three-way handshake into one establish_conn event. We may need more than one query to aggregate simple events on one view to compound events on another. 7, each of which covers one kind of compound event. 9 Let (R, C) and (R', G') be two system views. We say the system view (R', C) is aggregatable from (R, G) if a non-empty set of bridging queries from (R, G) to (R', C) is given a priori.

Download PDF sample

Rated 4.84 of 5 – based on 26 votes