Intrusion Detection in Distributed Systems

Dedication.- List of Figures.- List of Tables.- Preface.- Acknowledgments.- 1. INTRODUCTION.- 1 Computer Security and Intrusion Detection.- 2 Intrusion Detection in Distributed Systems.- 3 Summary of Contributions.- 4 Organization.- 2. AN OVERVIEW OF RELATED RESEARCH.- 3. SYSTEM VIEW AND EVENT HISTORY.- 1 System View and Event History.- 4. MODELING REQUEST AMONG COOPERATING INTRUSION DETECTION SYSTEMS.- 1 Query.- 2 Scaling to Large and Heterogeneous Environments.- 3 Discussion.- 5. EXTENDING COMMON INTRUSION DETECTION FRAMEWORK (CIDF) TO SUPPORT QUERIES.- 1 Background.- 2 A Query Facility for CIDF.- 3 Impact on CIDF.- 6. A HIERARCHICAL MODEL FOR DISTRIBUTED ATTACKS.- 1 Misuse Signature.- 2 Defining System Views Using Signatures: A Hierarchical Model.- 3 Discussion.- 7. DECENTRALIZED DETECTION OF DISTRIBUTED ATTACKS.- 1 Serializable Signatures.- 2 Detection Task and Workflow Tree.- 3 Execution of Detection Tasks.- 4 Optimization.- 5 Generating Workflow Tree.- 8. CARDS: AN EXPERIMENTAL SYSTEM FOR DETECTING DISTRIBUTED ATTACKS.- 1 CARDS Architecture.- 2 System Design Issues.- 3 Prototype Implementation.- 9. CONCLUSION.- Appendices.- References.