Intrusion Detection In Distributed Systems: An Abstraction-Based Approach presents research contributions in three areas with respect to intrusion detection in distributed systems. The first contribution is an abstraction-based approach to addressing heterogeneity and autonomy of distributed environments. The second contribution is a formal framework for modeling requests among cooperative IDSs and its application to Common Intrusion Detection Framework (CIDF). The third contribution is a novel approach to coordinating different IDSs for distributed event correlation.

Security issues in distributed systems and network systems are extremely important. This edited book provides a comprehensive treatment on security issues in these systems, ranging from attacks to all kinds of solutions from prevention to detection approaches. The books includes security studies in a range of systems including peer-to-peer networks, distributed systems, Internet, wireless networks, Internet service, e-commerce, mobile and pervasive computing. Security issues in these systems include attacks, malicious node detection, access control, authentication, intrusion detection, privacy and anonymity, security architectures and protocols, security theory and tools, secrecy and integrity, and trust models. This volume provides an excellent reference for students, faculty, researchers and people in the industry related to these fields.

Modern organisations rely intensively on information and communicationtechnology infrastructures. Such infrastructures offer a range of servicesfrom simple mail transport agents or blogs to complex e-commerce platforms,banking systems or service hosting, and all of these depend on distributedsystems. The security of these systems, with their increasing complexity, isa challenge. Cloud services are replacing traditional infrastructures byproviding lower cost alternatives for storage and computational power, butat the risk of relying on third party companies. This risk becomesparticularly critical when such services are used to host privileged companyinformation and applications, or customers' private information. Even in thecase where companies host their own information and applications, the adventof BYOD (Bring Your Own Device) leads to new security relatedissues.In response, our research investigated the characterization and detection ofmalicious activities at the operating system level and in distributedsystems composed of multiple hosts and services. We have shown thatintrusions in an operating system spawn abnormal information flows, and wedeveloped a model of dynamic information flow tracking, based on taintmarking techniques, in order to detect such abnormal behavior. We trackinformation flows between objects of the operating system (such as files,sockets, shared memory, processes, etc.) and network packetsflowing between hosts. This approach follows the anomaly detection paradigm.We specify the legal behavior of the system with respect to an informationflow policy, by stating how users and programs from groups of hosts areallowed to access or alter each other's information. Illegal informationflows are considered as intrusion symptoms. We have implemented this modelin the Linux kernel (the source code is availableat http://www.blare-ids.org), as a Linux Security Module (LSM), andwe used it as the basis for practical demonstrations. The experimentalresults validated the feasibility of our new intrusion detection principles.

"This thesis explores the possibility of using biological models to create an intrusion detection system for a distributed application."--Abstract, p. iii.

This book presents a state-of-the-art review of current perspectives in information security, focusing on technical as well as functional issues. It contains the selected proceedings of the Sixteenth Annual Working Conference on Information Security (SEC2000), sponsored by the International Federation for Information Processing (IFIP) and held in Beijing, China in August 2000. Topics in this volume include the latest developments in: Information security management issues Network security and protocols Information security aspects of E-commerce Distributed computing and access control New information security technologies Ethics/privacy and copyright protection £/LIST£ Information Security for Global Information Infrastructures will be essential reading for researchers in computer science, information technology, and business informatics, as well as to information security consultants, system analysts and engineers, and IT managers.