search for books and compare prices
Tables of Contents for Intrusion Detection in Distributed Systems
Chapter/Section Title
Page #
Page Count
Dedication
v
 
List of Figures
xi
 
List of Tables
xiii
 
Preface
xv
 
Acknowledgments
xvii
 
1. INTRODUCTION
1
6
1 Computer Security and Intrusion Detection
1
1
2 Intrusion Detection in Distributed Systems
2
2
3 Summary of Contributions
4
1
4 Organization
5
2
2. AN OVERVIEW OF RELATED RESEARCH
7
6
3. SYSTEM VIEW AND EVENT HISTORY
13
6
1 System View and Event History
14
5
1.1 Qualitative Temporal Relationships between Events
17
2
4. MODELING REQUEST AMONG COOPERATING INTRUSION DETECTION SYSTEMS
19
18
1 Query
20
6
1.1 Query Result
24
2
2 Scaling to Large and Heterogeneous Environments
26
6
2.1 Expected View and Provided View
26
2
2.2 Mismatch and Mismatch Resolution
28
4
3 Discussion
32
5
3.1 Comparison with Alternative Approaches
32
1
3.2 Relationship with Signature-based Intrusion Detection
33
1
3.3 Implementation Issues
34
3
5. EXTENDING COMMON INTRUSION DETECTION FRAMEWORK (CIDF) TO SUPPORT QUERIES
37
18
1 Background
38
3
1.1 Common Intrusion Specification Language
39
2
2 A Query Facility for CIDF
41
13
2.1 S-Patterns
41
6
2.2 Format of Returning Message
47
3
2.3 An Example - Tracing Suspicious Users
50
4
3 Impact on CIDF
54
1
6. A HIERARCHICAL MODEL FOR DISTRIBUTED ATTACKS
55
16
1 Misuse Signature
56
6
2 Defining System Views Using Signatures: A Hierarchical Model
62
6
3 Discussion
68
3
3.1 Extensions to ARMD
68
1
3.2 Generic and Specific Signatures
68
1
3.3 Clock Discrepancy
69
2
7. DECENTRALIZED DETECTION OF DISTRIBUTED ATTACKS
71
20
1 Serializable Signatures
71
2
2 Detection Task and Workflow Tree
73
6
3 Execution of Detection Tasks
79
5
4 Optimization
84
2
5 Generating Workflow Tree
86
5
5.1 A Heuristic Approach
86
5
8. CARDS: AN EXPERIMENTAL SYSTEM FOR DETECTING DISTRIBUTED ATTACKS
91
20
1 CARDS Architecture
91
3
1.1 Signature Manager
91
2
1.2 Monitor
93
1
1.3 Directory Service
94
1
2 System Design Issues
94
7
2.1 Internal Languages
95
1
2.2 Specific Signature Generation
96
3
2.3 Specific Signature Decomposition
99
2
3 Prototype Implementation
101
12
3.1 Directory Service and DirHelper
101
1
3.2 Signature Manager
102
1
3.3 Monitor
103
4
3.4 Limitations
107
4
9. CONCLUSION
111
2
Appendices
113
14
A Document Type Definitions (DTDs) Used in CARDS
113
4
1 The DTD for System Views
113
1
2 The DTD for Signatures
113
2
3 The DTD for Detection Tasks
115
2
B Sample System Views, Signatures and Detection Tasks in CARDS
117
10
1 System Views
117
1
1.1 The System View DOSAttacks
117
1
1.2 The System View LocalTCPConn
118
1
2 The Generic Signature for the Mitnick Attack
118
2
3 One Specific Signature for the Mitnick Attack
120
2
4 The Detection Tasks for the Specific Signature of the Mitnick Attack
122
5
4.1 Detection Task n1
122
1
4.2 Detection Task n2
123
1
4.3 Detection Task n3
124
3
References
127
8
Index
135