Intrusion Detection And Correlation

by Kruegel, Christopher; VALEUR, FREDRIK; Vigna, Giovanni

ISBN13:
9780387233987
ISBN10:
0387233989
Format: Hardcover
Copyright: 2004-11-30
Publisher: Springer-Verlag New York Inc
More Book Details
Purchase Benefits

Free Shipping On Orders Over $35!

Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
Get Rewarded for Ordering Your Textbooks! Enroll Now
Customer Reviews Read Reviews
Write a Review
Intrusion Detection And Correlation > ISBN13: 9780387233987

List Price: ~~$159.99~~ Save up to $124.35

Digital

$77.22*

More Prices

Digital
$77.22*

Add to Cart

DURATION

PRICE

Online: 30 Days

Downloadable: 30 Days - VitalSource

$35.64*

Online: 60 Days

Downloadable: 60 Days - VitalSource

$47.52*

Online: 90 Days

Downloadable: 90 Days - VitalSource

$59.40*

Online: 120 Days

Downloadable: 120 Days - VitalSource

$71.28*

Online: 180 Days

Downloadable: 180 Days - VitalSource

$77.22*

Online: 1825 Days

Downloadable: Lifetime Access - VitalSource

$118.80*

*To support the delivery of the digital material to you, a digital delivery fee of $3.99 will be charged on each digital item.

Marketplace

$100.28

More Prices

Summary

Intrusion Detection and Correlation: Challenges and Solutions presents intrusion detection systems (IDSs) and addresses the problem of managing and correlating the alerts produced. This volume discusses the role of intrusion detection in the realm of network security with comparisons to traditional methods such as firewalls and cryptography. The Internet is omnipresent and companies have increasingly put critical resources online. This has given rise to the activities of cyber criminals. Virtually all organizations face increasing threats to their networks and the services they provide. Intrusion detection systems (IDSs) take increased pounding for failing to meet the expectations researchers and IDS vendors continually raise. Promises that IDSs are capable of reliably identifying malicious activity in large networks were premature and never tuned into reality. While virus scanners and firewalls have visible benefits and remain virtually unnoticed during normal operations, the situation is different with intrusion detection sensors. State-of-the-art IDSs produce hundreds or even thousands of alerts every day. Unfortunately, almost all of these alerts are false positives, that is, they are not related to security-relevant incidents.INTRUSION DETECTION AND CORRELATION: Challenges and Solutions analyzes the challenges in interpreting and combining (i.e., correlating) alerts produced by these systems. In addition, existing academic and commercial systems are classified; their advantage and shortcomings are presented, especially in the case of deployment in large, real-world sites.

List of Figures

List of Tables

Preface

xiii

1. INTRODUCTION

(8)

1 Motivating Scenario

(3)

2 Alert Correlation

(1)

3 Organization

(2)

2. COMPUTER SECURITY AND INTRUSION DETECTION

(20)

1 Security Attacks and Security Properties

(2)

2 Security Mechanisms

(6)

2.1 Attack Prevention

(1)

2.2 Attack Avoidance

(5)

2.3 Attack Detection

(1)

3 Intrusion Detection

(18)

3.1 Architecture

(1)

3.2 Taxonomy

(1)

3.3 Detection Method

(4)

3.4 Type of Response

(1)

3.5 Audit Source Location

(3)

3.6 Usage Frequency

(1)

3.7 IDS Cooperation and Alert Correlation

(1)

3. ALERT CORRELATION

(6)

4. ALERT COLLECTION

(8)

1 Alert Normalization

(1)

2 Alert Preprocessing

(6)

2.1 Determining the Alert Time

(4)

2.2 Determining the Alert's Source and Target

(1)

2.3 Determining the Attack's Name

(1)

5. ALERT AGGREGATION AND VERIFICATION

(16)

1 Alert Fusion

(2)

2 Alert Verification

(7)

2.1 Passive Approach

(1)

2.2 Active Approach

(4)

3 Attack Thread Reconstruction

(1)

4 Attack Session Reconstruction

(3)

5 Attack Focus Recognition

(3)

6. HIGH-LEVEL ALERT STRUCTURES

(12)

1 Multistep Correlation

(4)

2 Impact Analysis

(2)

3 Alert Prioritizing

(1)

4 Alert Sanitization

(5)

7. LARGE-SCALE CORRELATION

(22)

1 Pattern Specification

(3)

1.1 Definitions

(1)

1.2 Attack Specification Language

(1)

1.3 Language Grammar

(1)

2 Pattern Detection

(13)

2.1 Basic Data Structures

(2)

2.2 Constraints

(1)

2.3 Detection Process

(7)

2.4 Implementation Issues

(3)

8. EVALUATION

(10)

1 Evaluation of Traditional ID Sensors

(2)

1.1 Evaluation Efforts

(1)

1.2 Problems

(1)

2 Evaluation of Alert Correlators

(8)

2.1 Evaluation Efforts

(2)

2.2 Problems

(1)

2.3 Correlation Evaluation Truth Files

(1)

2.4 Factors Affecting the Alert Reduction Rate

100

(3)

9. OPEN ISSUES

103

(6)

1 Intrusion Detection

103

(3)

2 Alert Correlation

106

(3)

10. CONCLUSIONS

109

(2)

References

111

(6)

Index

117

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.