Suchen und Finden

Service

Newsletter

hier anmelden:

Unser aktueller Newsletter...

Infos und Kontakt

Intrusion Detection and Correlation

von: Christopher Kruegel, Fredrik Valeur, Giovanni Vigna

Kluwer Academic Publishers, 2005

ISBN: 9780387233994, 123 Seiten

Format: PDF, OL

Online-Lesen für: Linux,Mac OSX,Windows PC

Preis: 96,25 EUR

Mehr zum Inhalt

Intrusion Detection and Correlation

Contents: 6
List of Figures: 9
List of Tables: 10
Preface: 11
1 INTRODUCTION: 13
1. Motivating Scenario: 15
2. Alert Correlation: 18
3. Organization: 19
2 COMPUTER SECURITY AND INTRUSION DETECTION: 20
1. Security Attacks and Security Properties: 20
2. Security Mechanisms: 22
2.1 Attack Prevention: 22
2.2 Attack Avoidance: 23
2.3 Attack Detection: 28
3. Intrusion Detection: 28
3.1 Architecture: 30
3.2 Taxonomy: 31
3.3 Detection Method: 32
3.4 Type of Response: 36
3.5 Audit Source Location: 36
3.6 Usage Frequency: 39
3.7 IDS Cooperation and Alert Correlation: 39
3 ALERT CORRELATION: 40
4 ALERT CORRELATION ALERT COLLECTION: 45
1. Alert Normalization: 46
2. Alert Preprocessing: 47
2.1 Determining the Alert Time: 48
2.2 Determining the Alert’s Source and Target: 52
2.3 Determining the Attack’s Name: 52
5 ALERT AGGREGATION AND VERIFICATION: 53
1. Alert Fusion: 53
2. Alert Verification: 55
2.1 Passive Approach: 58
2.2 Active Approach: 58
3. Attack Thread Reconstruction: 62
4. Attack Session Reconstruction: 63
5. Attack Focus Recognition: 66
6 HIGH-LEVEL ALERT STRUCTURES: 68
1. Multistep Correlation: 68
2. Impact Analysis: 72
3. Alert Prioritizing: 74
4. Alert Sanitization: 75
7 LARGE-SCALE CORRELATION: 80
1. Pattern Specification: 86
1.1 Definitions: 86
1.2 Attack Specification Language: 87
1.3 Language Grammar: 88
2. Pattern Detection: 89
2.1 Basic Data Structures: 89
2.2 Constraints: 91
2.3 Detection Process: 92
2.4 Implementation Issues: 99
8 EVALUATION: 102
1. Evaluation of Traditional ID Sensors: 102
1.1 Evaluation Efforts: 103
1.2 Problems: 104
2. Evaluation of Alert Correlators: 104
2.1 Evaluation Efforts: 105
2.2 Problems: 107
2.3 Correlation Evaluation Truth Files: 108
2.4 Factors Affecting the Alert Reduction Rate: 109
9 OPEN ISSUES: 111
1. Intrusion Detection: 111
2. Alert Correlation: 114
10 CONCLUSIONS: 116
References: 118
Index: 123

Mehr eBooks vom gleichen Verlag

Handbook of Bioethics, von: George Khushf, Preis: 236,95 EUR

The Role of Labour Mobility and Informal Networks for Knowledge Transfer, von: Dirk Fornahl, Christian Zellner, David B. Audretsch, Preis: 96,25 EUR

Multidisciplinary Economics, von: Peter de Gijsel, Hans Schenk (Eds.), Preis: 112,35 EUR

New Horizons of Parallel and Distributed Computing, von: Minyi Guo, Laurence Tianruo Yang, Preis: 117,65 EUR

Reliability and Six Sigma, von: U. Dinesh Kumar ao., Preis: 106,95 EUR

Atomic Force Microscopy - Scanning Tunneling Microscopy 3, von: Samuel H. Cohen et al. (Eds.), Preis: 141,95 EUR

E-Business Management, von: Michael J. Shaw (Ed.), Preis: 127,95 EUR

Handbook of Asian Management, von: Kwok Leung, Steven White (Eds.), Preis: 177,95 EUR

The Verillog® Hardware Description Language, von: Donald E. Thomas, Philip R. Moorby, Preis: 87,95 EUR

Challenges to The Second Law of Thermodynamics, von: Vladislav Cápek, Daniel P. Sheehan, Preis: 192,55 EUR

Alle Preise verstehen sich inklusive der gesetzlichen MwSt.; Ersparnis im Vergleich zur Printversion

Intrusion Detection and Correlation

von: Christopher Kruegel, Fredrik Valeur, Giovanni Vigna

Intrusion Detection and Correlation

Contents

List of Figures

List of Tables

Preface

1 INTRODUCTION

1. Motivating Scenario

2. Alert Correlation

3. Organization

2 COMPUTER SECURITY AND INTRUSION DETECTION

1. Security Attacks and Security Properties

2. Security Mechanisms

2.1 Attack Prevention

2.2 Attack Avoidance

2.3 Attack Detection

3. Intrusion Detection

3.1 Architecture

3.2 Taxonomy

3.3 Detection Method

3.4 Type of Response

3.5 Audit Source Location

3.6 Usage Frequency

3.7 IDS Cooperation and Alert Correlation

3 ALERT CORRELATION

4 ALERT CORRELATION ALERT COLLECTION

1. Alert Normalization

2. Alert Preprocessing

2.1 Determining the Alert Time

2.2 Determining the Alert’s Source and Target

2.3 Determining the Attack’s Name

5 ALERT AGGREGATION AND VERIFICATION

1. Alert Fusion

2. Alert Verification

2.1 Passive Approach

2.2 Active Approach

3. Attack Thread Reconstruction

4. Attack Session Reconstruction

5. Attack Focus Recognition

6 HIGH-LEVEL ALERT STRUCTURES

1. Multistep Correlation

2. Impact Analysis

3. Alert Prioritizing

4. Alert Sanitization

7 LARGE-SCALE CORRELATION

1. Pattern Specification

1.1 Definitions

1.2 Attack Specification Language

1.3 Language Grammar

2. Pattern Detection

2.1 Basic Data Structures

2.2 Constraints

2.3 Detection Process

2.4 Implementation Issues

8 EVALUATION

1. Evaluation of Traditional ID Sensors

1.1 Evaluation Efforts

1.2 Problems

2. Evaluation of Alert Correlators

2.1 Evaluation Efforts

2.2 Problems

2.3 Correlation Evaluation Truth Files

2.4 Factors Affecting the Alert Reduction Rate

9 OPEN ISSUES

1. Intrusion Detection

2. Alert Correlation

10 CONCLUSIONS

References

Index

Mehr eBooks vom gleichen Verlag