Anomaly detection has been a long-standing security approach with versatile applications, ranging from securing server programs in critical environments, to detecting insider threats in enterprises, to anti-abuse detection for online social networks. Despite the seemingly diverse application domains, anomaly detection solutions share similar technical challenges, such as how to accurately recognize various normal patterns, how to reduce false alarms, how to adapt to concept drifts, and how to minimize performance impact. They also share similar detection approaches and evaluation methods, such as feature extraction, dimension reduction, and experimental evaluation. The main purpose of this book is to help advance the real-world adoption and deployment anomaly detection technologies, by systematizing the body of existing knowledge on anomaly detection. This book is focused on data-driven anomaly detection for software, systems, and networks against advanced exploits and attacks, but also touches on a number of applications, including fraud detection and insider threats. We explain the key technical components in anomaly detection workflows, give in-depth description of the state-of-the-art data-driven anomaly-based security solutions, and more importantly, point out promising new research directions. This book emphasizes on the need and challenges for deploying service-oriented anomaly detection in practice, where clients can outsource the detection to dedicated security providers and enjoy the protection without tending to the intricate details.

This book constitutes the proceedings of the 16th International Symposium on Research in Attacks, Intrusions and Defenses, former Recent Advances in Intrusion Detection, RAID 2013, held in Rodney Bay, St. Lucia in October 2013. The volume contains 22 full papers that were carefully reviewed and selected from 95 submissions, as well as 10 poster papers selected from the 23 submissions. The papers address all current topics in computer security ranged from hardware-level security, server, web, mobile, and cloud-based security, malware analysis, and web and network privacy.

This book constitutes the proceedings of the 15th International Symposium on Research in Attacks, Intrusions and Defenses, former Recent Advances in Intrusion Detection, RAID 2012, held in Amsterdam, The Netherlands in September 2012. The 18 full and 12 poster papers presented were carefully reviewed and selected from 84 submissions. The papers address all current topics in virtualization, attacks and defenses, host and network security, fraud detection and underground economy, web security, intrusion detection.

Insider Attack and Cyber Security: Beyond the Hacker defines the nature and scope of insider problems as viewed by the financial industry. This edited volume is based on the first workshop on Insider Attack and Cyber Security, IACS 2007. The workshop was a joint effort from the Information Security Departments of Columbia University and Dartmouth College.

This book sets an agenda for an ongoing research initiative to solve one of the most vexing problems encountered in security, and includes the following topics: critical IT infrastructure, insider threats, awareness and dealing with nefarious human activities in a manner that respects individual liberties and privacy policies of organizations while providing the best protection of critical resources and services. In some sense, the insider problem is the ultimate security problem. This volume concludes with technical and legal challenges facing researchers who study and propose solutions to mitigate insider attacks.

Insider Attack and Cyber Security: Beyond the Hacker defines the nature and scope of insider problems as viewed by the financial industry. This edited volume is based on the first workshop on Insider Attack and Cyber Security, IACS 2007. The workshop was a joint effort from the Information Security Departments of Columbia University and Dartmouth College. This book sets an agenda for an ongoing research initiative to solve one of the most vexing problems encountered in security, and includes the following topics: critical IT infrastructure, insider threats, awareness and dealing with nefarious human activities in a manner that respects individual liberties and privacy policies of organizations while providing the best protection of critical resources and services. In some sense, the insider problem is the ultimate security problem. This volume concludes with technical and legal challenges facing researchers who study and propose solutions to mitigate insider attacks.