Details how intrusion detection works in network security with comparisons to traditional methods such as firewalls and cryptography

Analyzes the challenges in interpreting and correlating Intrusion Detection alerts

On behalf of the Program Committee, it is our pleasure to present to you the proceedings of the Sixth Symposium on Recent Advances in Intrusion Detection (RAID 2003). Theprogramcommitteereceived44fullpapersubmissionsfrom10countries. All submissions were carefully reviewed by at least three program committee members or additional intrusion detection experts according to the criteria of scienti?c novelty, importance to the ?eld, and technical quality. The program committee meeting was held in Berkeley, USA on May 14 15. Thirteen papers were selected for presentation and publication in the conference proceedings. The conference technical program included both fundamental research and practical issues, and was shaped around the following topics: network infr- tructure, anomaly detection, correlation, modeling and speci?cation, and sensor technologies. The slides presented by the authors are available on the RAID 2003 web site, http: //www.raid-symposium.org/raid2003. We would like to thank the authors that submitted papers as well as the p- gram committee members and the additional reviewers who volunteered their time to create a quality program. In addition, we want to thank the Conf- ence General Chair, John McHugh, for organizing the conference in Pittsburgh, Joshua Haines for publicizing the conference, Don McGillen for ?nding support from our sponsors, and Christopher Kruegel for maintaining the RAID web site and preparing the conference proceedings. Special thanks go to our sponsors Cisco Systems and Symantec, who p- vided ?nancial support for student participation to the symposium, and to CERT/CMU for hosting the conference."

This book constitutes the refereed proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection, RAID 2002, held in Zurich, Switzerland, in October 2002. The 16 revised full papers presented were carefully reviewed and selected from a total of 81 submissions. The papers are organized in topical sections on stepping stone detection, anomality detection, correlation, legal aspects and intrusion tolerance, assessment of intrusion detection systems, adaptive intrusion detection systems, intrusion detection analysis.

The mobile agents paradigm integrates a network of computers in a novel way and, in a certain sense, reduces networking to program construction. A mobile agent can travel from one place to another and, subject to the destination's approval, interact programmatically with the place it visits. Besides a good deal of promise, mobile agents also introduce new problems. Most of these problems have to do with security and safety. Some of the security concerns have been studied by the distributed systems community and cryptologists for a long time, but mechanisms and technologies developed to secure communication and control access to resources must be adapted to take into account mobility and protection of mobile agents from malicious hosts.

Intrusion Detection and Correlation: Challenges and Solutions presents intrusion detection systems (IDSs) and addresses the problem of managing and correlating the alerts produced. This volume discusses the role of intrusion detection in the realm of network security with comparisons to traditional methods such as firewalls and cryptography.

The Internet is omnipresent and companies have increasingly put critical resources online. This has given rise to the activities of cyber criminals. Virtually all organizations face increasing threats to their networks and the services they provide. Intrusion detection systems (IDSs) take increased pounding for failing to meet the expectations researchers and IDS vendors continually raise. Promises that IDSs are capable of reliably identifying malicious activity in large networks were premature and never tuned into reality.

While virus scanners and firewalls have visible benefits and remain virtually unnoticed during normal operations, the situation is different with intrusion detection sensors. State-of-the-art IDSs produce hundreds or even thousands of alerts every day. Unfortunately, almost all of these alerts are false positives, that is, they are not related to security-relevant incidents.

Intrusion Detection and Correlation: Challenges and Solutions analyzes the challenges in interpreting and combining (i.e., correlating) alerts produced by these systems. In addition, existing academic and commercial systems are classified; their advantage and shortcomings are presented, especially in the case of deployment in large, real-world sites.

This is a reproduction of a book published before 1923. This book may have occasional imperfections such as missing or blurred pages, poor pictures, errant marks, etc. that were either part of the original artifact, or were introduced by the scanning process. We believe this work is culturally important, and despite the imperfections, have elected to bring it back into print as part of our continuing commitment to the preservation of printed works worldwide. We appreciate your understanding of the imperfections in the preservation process, and hope you enjoy this valuable book.