Intrusion Detection In Distributed Systems: An Abstraction-Based Approach presents research contributions in three areas with respect to intrusion detection in distributed systems. The first contribution is an abstraction-based approach to addressing heterogeneity and autonomy of distributed environments. The second contribution is a formal framework for modeling requests among cooperative IDSs and its application to Common Intrusion Detection Framework (CIDF). The third contribution is a novel approach to coordinating different IDSs for distributed event correlation.

"Intrusion detection systems (IDS) are crucial components of the security mechanisms of today's computer systems. Intrusion detection has been an active field of research for about three decades. Existing research on intrusion detection has focused on sequential intrusions. However, intrusions can also be formed by concurrent interactions of multiple processes. Some of the intrusions caused by these events cannot be detected using sequential intrusion detection methods. Therefore, there is a need for a mechanism that views the concurrent system as a whole. L-BID (Lattice-based intrusion detection) is proposed to address this problem. In the L-BID framework, a library of intrusions and collected distributed system traces are represented as lattices. Then these lattices are compared in order to infer to the existence of intrusion in the collected distributed system traces. The similarity between these lattices is used as a quantitative metric for L-BID. The applicability of lattice matching method to the concurrent intrusion detection problem is investigated and the challenging aspects of this work are outlined"--Abstract, leaf iii.

"Education, arts and social sciences, natural and technical sciences in the United States and Canada".

Modern society depends critically on computers that control and manage systems on which we depend in many aspects of our daily lives. While this provides conveniences of a level unimaginable just a few years ago, it also leaves us vulnerable to attacks on the computers managing these systems. In recent times the explosion in cyber attacks, including viruses, worms, and intrusions, has turned this vulnerability into a clear and visible threat. Due to the escalating number and increased sophistication of cyber attacks, it has become important to develop a broad range of techniques, which can ensure that the information infrastructure continues to operate smoothly, even in the presence of dire and continuous threats. This book brings together the latest techniques for managing cyber threats, developed by some of the world’s leading experts in the area. The book includes broad surveys on a number of topics, as well as specific techniques. It provides an excellent reference point for researchers and practitioners in the government, academic, and industrial communities who want to understand the issues and challenges in this area of growing worldwide importance. Audience This book is intended for members of the computer security research and development community interested in state-of-the-art techniques; personnel in federal organizations tasked with managing cyber threats and information leaks from computer systems; personnel at the military and intelligence agencies tasked with defensive and offensive information warfare; personnel in the commercial sector tasked with detection and prevention of fraud in their systems; and personnel running large-scale data centers, either for their organization or for others, tasked with ensuring the security, integrity, and availability of data.

Modern organisations rely intensively on information and communicationtechnology infrastructures. Such infrastructures offer a range of servicesfrom simple mail transport agents or blogs to complex e-commerce platforms,banking systems or service hosting, and all of these depend on distributedsystems. The security of these systems, with their increasing complexity, isa challenge. Cloud services are replacing traditional infrastructures byproviding lower cost alternatives for storage and computational power, butat the risk of relying on third party companies. This risk becomesparticularly critical when such services are used to host privileged companyinformation and applications, or customers' private information. Even in thecase where companies host their own information and applications, the adventof BYOD (Bring Your Own Device) leads to new security relatedissues.In response, our research investigated the characterization and detection ofmalicious activities at the operating system level and in distributedsystems composed of multiple hosts and services. We have shown thatintrusions in an operating system spawn abnormal information flows, and wedeveloped a model of dynamic information flow tracking, based on taintmarking techniques, in order to detect such abnormal behavior. We trackinformation flows between objects of the operating system (such as files,sockets, shared memory, processes, etc.) and network packetsflowing between hosts. This approach follows the anomaly detection paradigm.We specify the legal behavior of the system with respect to an informationflow policy, by stating how users and programs from groups of hosts areallowed to access or alter each other's information. Illegal informationflows are considered as intrusion symptoms. We have implemented this modelin the Linux kernel (the source code is availableat http://www.blare-ids.org), as a Linux Security Module (LSM), andwe used it as the basis for practical demonstrations. The experimentalresults validated the feasibility of our new intrusion detection principles.

This book constitutes the refereed proceedings of the Second International Workshop on Mathematical Methods, Models, and Architectures for Computer Network Security, MMM-ACNS 2003, held in St. Petersburg, Russia in September 2003. The 29 revised full papers and 12 revised short papers presented together with 6 invited papers were carefully reviewed and selected from a total of 62 submissions. The papers are organized in topical sections on mathematical models and architectures for computer network security; intrusion detection; public key distribution, authentication, and access control; cryptography; and stenography.