INTRUSION DETECTION IN DISTRIBUTED SYSTEMS An Abstraction-Based Approach
|
|
- Mariah Boyd
- 6 years ago
- Views:
Transcription
1 INTRUSION DETECTION IN DISTRIBUTED SYSTEMS An Abstraction-Based Approach
2 Library of Congress Cataloging-in-Publication ISBN ISBN (ebook) DOI / Copyright 2004 by Springer Science+Business Media New York Originally published by Kluwer Academic Publishers in 2004 Softcover reprint ofthe hardcover lst edition 2004 AII rights reserved. No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photo-copying, microfilming, recording, or otherwise, without the prior written permission of the publisher, with the exception of any material supplied specifically for the purpose of being entered and executed on a computer system, for exclusive use by the purchaser of the work. Permissions for books published in the USA: permissions@wkap.com Permissions for books published in Europe: permissions@wkap.nl Printed on acid-free paper.
3 INTRUSION DETECTION IN DISTRIBUTED SYSTEMS An Abstraction-Based Approach by PengNing North Carolina State University, U.S.A. Sushil Jajodia George Mason University, U.S.A. X. Sean Wang University of Vermont, u.s.a. SPRINGER SCIENCE+ BUSINESS MEDIA, LLC
4 Advances in Information Security Sushil Jajodia Consulting editor Center for Secure Information Systems George Mason University Fairfax, VA The goals of Kluwer International Series on ADVANCES IN INFORMATION SECURITY are, one, to establish the state of the art of, and set the course for future research in information security and, two, to serve as a central reference source for advanced and timely topics in information security research and development. The scope of this series includes all aspects of computer and network security and related areas such as fault tolerance and software assurance. ADVANCES IN INFORMATION SECURITY aims to publish thorough and cohesive overviews of specific topics in information security, as well as works that are larger in scope or that contain more detailed background information than can be accommodated in shorter survey articles. The series also serves as a forum for topics that may not have reached a level of maturity to warrant a comprehensive textbook treatment. Researchers as well as developers are encouraged to contact Professor Sushil Jajodia with ideas for books under this series. Additional titles in the series: SECURE ELECTRONIC VOTING edited by Dimitris A. Gritzalis; ISBN: DISSEMINATING SECURITY UPDATES AT INTERNET SCALE by Jun Li, Peter Reiher, Gerald J. Popek; ISBN: SECURE ELECTRONIC VOTING by Dimitris A. Gritzalis; ISBN: APPUCATIONS OF DATA MINING IN COMPUTER SECURITY, edited by Daniel Barbara, Sushil Jajodia; ISBN: MOBILE COMPUTATION WITH FUNCTIONS by Zeliha Dilsun Ktrh, ISBN: TRUSTED RECOVERY AND DEFENSIVE INFORMATION WARFARE by Peng Liu and Sushil Jajodia, ISBN: RECENT ADVANCES IN RSA CRYPTOGRAPHY by Stefan Katzenbeisser, ISBN: X E-COMMERCE SECURITY AND PRIVACY by Anup K. Ghosh, ISBN: INFORMATION HIDING: Steganography and Watermarking-Attacks and Countermeasures by Neil F. Johnson, Zoran Duric, and Sushil Jajodia, ISBN: Additional information about this series can be obtained from
5 To my grandma Huijun Wu, and parents Changcheng Ning and Kuiling Ao. -PN To my parents and my wife. -SJ To my children, with joy. -XW
6 Contents Dedication List of Figures List of Tables Preface Acknow ledgments 1. INTRODUCTION Computer Security and Intrusion Detection Intrusion Detection in Distributed Systems Summary of Contributions Organization 2. AN OVERVIEW OF RELATED RESEARCH 3. SYSTEM VIEW AND EVENT HISTORY 1 System View and Event History 1.1 Qualitative Temporal Relationships between Events V Xl xiii xv xvii MODELING REQUEST AMONG COOPERATING INTRUSION DETECTION SYSTEMS Query 1.1 Query Result Scaling to Large and Heterogeneous Environments 2.1 Expected View and Provided View 2.2 Mismatch and Mismatch Resolution Discussion 3.1 Comparison with Alternative Approaches 3.2 Relationship with Signature-based Intrusion Detection
7 viii 3.3 Implementation Issues EXTENDING COMMON INTRUSION DETECTION FRAMEWORK (CIDF) TO SUPPORT QUERIES 37 1 Background Common Intrusion Specification Language 39 2 A Query Facility for CIDF S-Patterns Format of Returning Message An Example - Tracing Suspicious Users 50 3 Impact on CIDF A HIERARCHICAL MODEL FOR DISTRIBUTED ATTACKS 55 1 Misuse Signature 56 2 Defining System Views Using Signatures: A Hierarchical Model 62 3 Discussion Extensions to ARMD Generic and Specific Signatures Clock Discrepancy DECENTRALIZED DETECTION OF DISTRIBUTED ATTACKS 71 1 Serializable Signatures 71 2 Detection Task and Workflow Tree 73 3 Execution of Detection Tasks 79 4 Optimization 84 5 Generating Workflow Tree A Heuristic Approach CARDS: AN EXPERIMENTAL SYSTEM FOR DETECTING DISTRIBUTED ATTACKS 91 1 CARDS Architecture Signature Manager Monitor Directory Service 94 2 System Design Issues Internal Languages Specific Signature Generation 96
8 Contents ix 2.3 Specific Signature Decomposition 3 Prototype Implementation 3.1 Directory Service and DirHelper 3.2 Signature Manager 3.3 Monitor 3.4 Limitations 9. CONCLUSION Appendices A Document Type Definitions (DTDs) Used in CARDS The DID for System Views The DTD for Signatures The DID for Detection Tasks 115 B Sample System Views, Signatures and Detection Tasks in CARDS System Views The System View DOSAttacks The System View LocalTCPConn The Generic Signature for the Mitnick Attack One Specific Signature for the Mitnick Attack The Detection Tasks for the Specific Signature of the Mitnick Attack Detection Task nl Detection Task n Detection Task n3 124 References Index
9 List of Figures 4.1 The query for tracing suspicious users The query for detecting a distributed port scanning attack A query aggregating TCP 3-way handshake into establish_conn events The signature for the Mitnick attack Events on the system views The view definition for deriving SYN flooding events from TCP packets A hierarchy of system views and signatures A non-serializable signature Examples of workflow trees The algorithm for executing detection task Event processing in a detection task Comparason of two workflow trees Generation of a workflow tree from a specific signature The CARDS architecture A typical configuration The monitor architecture The system view TCPDOSAttacks The generic signature for the Mitnick attack (some details omitted) Detection task n2 of a specific signature for the Mitnick attack (some details omitted) The screen shot of a signature manager The screen shot of a monitor 104
10 List of Tables 3.1 An event history on the system view TCPDOSAttacks An event history provided by a host-based IDS The qualitative temporal relationships between two events Events on host B Result of the query shown in figure Result of the query shown in figure Derivation of implied events Events in the derived history A list of monitors, probes and their system views 99
11 Preface Intrusions in an information system are the activities that violate the security policy of the system, and intrusion detection is the process to identify intrusions. Intrusion detection has been studied for over 20 years. It is based on the beliefs that an intruder's behavior will be noticeably different from that of a legitimate user and that many unauthorized actions will be detectable. Intrusion detection systems (IDSs) are usually deployed along with other preventive security mechanisms, such as access control and authentication, as a second line of defense that protects information systems. Intrusion detection complements the protective mechanisms to improve the system security. Moreover, even if the preventive security mechanisms can protect information systems successfully, it is still desirable to know what intrusion attempts have happened or are happening, so that the users can understand the security threats and risks, and thus be better prepared for future attacks. Intrusion detection techniques are traditionally categorized into two classes: anomaly detection and misuse detection. Anomaly detection is based on the normal behavior of a subject (e.g., a user or a system); any action that significantly deviates from the normal behavior is considered intrusive. Misuse detection catches intrusions in terms of the characteristics of known attacks or system vulnerabilities; any action that conforms to the pattern of a known attack or vulnerability is considered intrusive. Alternatively, IDSs may be classified into host-based IDSs, distributed IDSs, and network-based IDSs according to the sources of the audit information used by each IDS. Host-based IDSs get audit data from host audit trails, usually aiming at detecting attacks against a single host; distributed IDSs gather audit data from multiple hosts and possibly the network that connects the hosts, aiming at detecting attacks involving multiple hosts; network-based IDSs use network traffic as the audit data source, relieving the burden on the hosts that usually provide normal computing services.
12 xvi This monograph presents the research contributions in three areas with respect to intrusion detection in distributed systems. The first contribution is an abstraction-based approach to addressing heterogeneity and autonomy of distributed environments. Specifically, the concept of system view is introduced to provide an abstract interface between different systems. On the one hand, system views hide the difference between heterogeneous systems; on the other hand, they describe what information an autonomous system is willing to provide to other systems. The second contribution is a formal framework for modeling requests among cooperative IDSs and its application to Common Intrusion Detection Framework (CIDF). The first problem is how to enable.idss to request specific information from other IDSs. To address this problem, the proposed technique represents a request to an IDS as a pattern plus a transformation rule, where the pattern specifies the events that the requesting party is interested in and the transformation rule extracts interesting information from the events. The formal approach is also used to add a query facility to the Common Intrusion Detection Framework (CIDF), which allows an IDS to form flexible requests to other systems. The third contribution is a novel approach to coordinating different IDSs for distributed event correlation. The proposed technique represents the event correlation to be performed as a pattern (called a signature) among distributed events. A decentralized method is then presented for autonomous but cooperative IDSs to perform the event correlation specified by signatures. Specifically, a signature is decomposed into finer units called detection tasks, each of which represents the activity to be monitored in one place. The IDSs (involved in a signature) then perform the detection tasks cooperatively according to the "dependency" relationships among these tasks. Our approach is superior to the existing centralized or hierarchical approaches in that (1) communication is more efficient by having different IDSs communicate with each other only when necessary and (2) no centralized or hierarchical trust is required. As an important application of distributed event correlation, this approach can be used to represent and detect distributed (or coordinated) attacks that cannot be detected from a single place. An experimental system called CARDS has been implemented to test the feasibility of the proposed approaches. PENG NING, SUSHIL JAJODIA, AND X. SEAN WANG
13 Acknowledgments We are grateful to Joe Giordano of the Air Force Research LaboratorylRome, David Hislop of the Army Research Office, and Maria Zemankova of the National Science Foundation for sponsoring our research presented in this volume. It is also a pleasure to acknowledge the Association for Computing Machinery for allowing us to use material from ''Abstraction-based intrusion detection in distributed environments," ACM Transactions on Information and System Security, Vol. 4, No.4, November 2001, pages , and Elsevier Science for permission to use material from "Modeling requests among cooperating intrusion detection systems," Computer Communications, Vol. 23, No. 17, November 2000, pages , and "Design and Implementation of A Decentralized Prototype System for Detecting Distributed Attacks," Computer Communications, Vol. 25, No. 15, September 2002, pages
14 Series Foreword ADVANCES IN INFORMATION SECURITY Sushil Jajodia Consulting Editor Center for Secure Information Systems George Mason University Fairfax, VA Welcome to the ninth volume of the Kluwer International Series on ADVANCES IN INFORMATION SECURITY. The goals of this series are, one, to establish the state of the art of, and set the course for future research in information security and, two, to serve as a central reference source for advanced and timely topics in information security research and development. The scope of this series includes all aspects of computer and network security and related areas such as fault tolerance and software assurance. ADVANCES IN INFORMATION SECURITY aims to publish thorough and cohesive overviews of specific topics in information security, as well as works that are larger in scope or contain more detailed background information than can be accommodated in shorter survey articles. The series also serves as a forum for topics that may not have reached a level of maturity to warrant a comprehensive textbook treatment. The success of this series depends on contributions by researchers and developers such as you. If you have an idea for a book that is appropriate for this series, I encourage you to contact me. I would be happy to discuss any potential projects with you. Additional information about this series can be obtained from SUSHIL JAJODIA Consulting Editor
INTRUSION DETECTION AND CORRELATION. Challenges and Solutions
INTRUSION DETECTION AND CORRELATION Challenges and Solutions Advances in Information Security Sushil Jajodia Consulting editor Center for Secure Information Systems George Mason University Fairfax, VA
More informationDISSEMINATING SECURITY UPDATES AT INTERNET SCALE
DISSEMINATING SECURITY UPDATES AT INTERNET SCALE Advances in Information Security Sushil Jajodia Consulting editor Center for Secure Information Systems George Mason University Fairfax, VA 22030-4444 email:
More informationData Warehousing and Data Mining Techniques for Cyber Security
Data Warehousing and Data Mining Techniques for Cyber Security Advances in Information Security Sushil Jajodia Consulting Editor Center for Secure Information Systems George Mason University Fairfax, VA
More informationInsider Threats in Cyber Security
Insider Threats in Cyber Security Advances in Information Security Sushil Jajodia Consulting Editor Center for Secure Information Systems George Mason University Fairfax, VA 22030-4444 email: jajodia@gmu.edu
More informationCARDS: A DISTRIBUTED SYSTEM FOR DETECTING COORDINATED ATTACKS
CARDS: A DISTRIBUTED SYSTEM FOR DETECTING COORDINATED ATTACKS Jiahai Yang, Peng Ning, X. Sean Wang, and Sushil Jajodia Center for Secure Information Systems George Mason University Fairfax, VA 22030, USA
More informationPERFORMANCE ANALYSIS OF REAL-TIME EMBEDDED SOFTWARE
PERFORMANCE ANALYSIS OF REAL-TIME EMBEDDED SOFTWARE PERFORMANCE ANALYSIS OF REAL-TIME EMBEDDED SOFTWARE Yau-Tsun Steven Li Monterey Design Systems, Inc. Sharad Malik Princeton University ~. " SPRINGER
More informationPrivacy-Respecting Intrusion Detection
Privacy-Respecting Intrusion Detection ) Advances in Information Security Sushil Jajodia Consulting Editor Center for Secure Information Systems George Mason University Fairfax, VA 22030-4444 email: jajodia@gmu.edu
More informationWIRELESS ATM AND AD-HOC NETWORKS. Protocols and Architectures
WIRELESS ATM AND AD-HOC NETWORKS Protocols and Architectures WIRELESS ATM AND AD-HOC NETWORKS Protocols and Architectures C-K Toh, Ph.D. University of Cambridge Cambridge, United Kingdom SPRINGER-SCIENCE+BUSINESS
More informationTIME-CONSTRAINED TRANSACTION MANAGEMENT. Real-Time Constraints in Database Transaction Systems
TIME-CONSTRAINED TRANSACTION MANAGEMENT Real-Time Constraints in Database Transaction Systems The Kluwer International Series on ADV ANCES IN DATABASE SYSTEMS Other books in the Series: Series Editor Ahmed
More informationMULTIMEDIA DATABASE MANAGEMENT SYSTEMS
MULTIMEDIA DATABASE MANAGEMENT SYSTEMS THE KLUWER INTERNATIONAL SERIES IN ENGINEERING AND COMPUTER SCIENCE MULTIMEDIA SYSTEMS AND APPLICATIONS Recently Published Titles: Consulting Editor Borko Furht Florida
More informationTHE VERILOG? HARDWARE DESCRIPTION LANGUAGE
THE VERILOG? HARDWARE DESCRIPTION LANGUAGE THE VERILOGf HARDWARE DESCRIPTION LANGUAGE by Donald E. Thomas Carnegie Mellon University and Philip R. Moorby Cadence Design Systems, Inc. SPRINGER SCIENCE+BUSINESS
More informationClustering and Information Retrieval
Clustering and Information Retrieval Network Theory and Applications Volume 11 Managing Editors: Ding-ZhuDu University o/minnesota, U.S.A. Cauligi Raghavendra University 0/ Southern Califorina, U.S.A.
More informationIntrusion Detection and Containment in Database Systems. Abhijit Bhosale M.Tech (IT) School of Information Technology, IIT Kharagpur
in Database Systems Abhijit Bhosale M.Tech (IT) School of Information Technology, IIT Kharagpur Topics Intrusion and Intrusion Detection Intrusion Detection in Database Systems Data Mining Approach Intrusion
More informationSpringerBriefs in Computer Science
SpringerBriefs in Computer Science Series Editors Stan Zdonik Peng Ning Shashi Shekhar Jonathan Katz Xindong Wu Lakhmi C. Jain David Padua Xuemin (Sherman) Shen Borko Furht V.S. Subrahmanian Martial Hebert
More informationDOWNLOAD OR READ : COMPUTER INTRUSION DETECTION AND NETWORK MONITORING A STATISTICAL VIEWPOINT 1ST EDITION PDF EBOOK EPUB MOBI
DOWNLOAD OR READ : COMPUTER INTRUSION DETECTION AND NETWORK MONITORING A STATISTICAL VIEWPOINT 1ST EDITION PDF EBOOK EPUB MOBI Page 1 Page 2 computer intrusion detection and network monitoring a statistical
More informationTHE KLUWER INTERNATIONAL SERIES IN ENGINEERING AND COMPUTER SCIENCE
THE KLUWER INTERNATIONAL SERIES IN ENGINEERING AND COMPUTER SCIENCE ONTOLOGY LEARNING FOR THE SEMANTIC WEB ONTOLOGY LEARNING FOR THE SEMANTIC WEB by Alexander Maedche University of Karlsruhe, Germany SPRINGER
More informationWireless Networks. Series Editor Xuemin Sherman Shen University of Waterloo Waterloo, Ontario, Canada
Wireless Networks Series Editor Xuemin Sherman Shen University of Waterloo Waterloo, Ontario, Canada More information about this series at http://www.springer.com/series/14180 Sachin Shetty Xuebiao Yuchi
More informationRETARGETABLE CODE GENERATION FOR DIGITAL SIGNAL PROCESSORS
RETARGETABLE CODE GENERATION FOR DIGITAL SIGNAL PROCESSORS RETARGETABLE CODE GENERATION FOR DIGITAL SIGNAL PROCESSORS Rainer LEUPERS University of Dortmund Department of Computer Science Dortmund, Germany
More informationGuide to OSI and TCP/IP Models
SPRINGER BRIEFS IN COMPUTER SCIENCE Mohammed M. Alani Guide to OSI and TCP/IP Models SpringerBriefs in Computer Science Series editors Stan Zdonik Peng Ning Shashi Shekhar Jonathan Katz Xindong Wu Lakhmi
More informationA Hybrid Intrusion Detection System Of Cluster Based Wireless Sensor Networks
A Hybrid Intrusion Detection System Of Cluster Based Wireless Sensor Networks An efficient intrusion detection framework in cluster-based wireless sensor networks Paper: A lightweight hybrid security framework
More informationARCHITECTURE AND CAD FOR DEEP-SUBMICRON FPGAs
ARCHITECTURE AND CAD FOR DEEP-SUBMICRON FPGAs THE KLUWER INTERNATIONAL SERIES IN ENGINEERING AND COMPUTER SCIENCE ARCHITECTURE AND CAD FOR DEEP-SUBMICRON FPGAs Vaughn Betz Jonathan Rose Alexander Marquardt
More informationSPECC: SPECIFICATION LANGUAGE AND METHODOLOGY
SPECC: SPECIFICATION LANGUAGE AND METHODOLOGY SPECC: SPECIFICATION LANGUAGE AND METHODOLOGY Daniel D. Gajski Jianwen Zhu Rainer Dömer Andreas Gerstlauer Shuqing Zhao University of California, Irvine SPRINGER
More informationEssential Angular for ASP.NET Core MVC
Essential Angular for ASP.NET Core MVC Adam Freeman Essential Angular for ASP.NET Core MVC Adam Freeman London, UK ISBN-13 (pbk): 978-1-4842-2915-6 ISBN-13 (electronic): 978-1-4842-2916-3 DOI 10.1007/978-1-4842-2916-3
More informationLoop Tiling for Parallelism
Loop Tiling for Parallelism THE KLUWER INTERNATIONAL SERIES IN ENGINEERING AND COMPUTER SCIENCE LOOP TILING FOR PARALLELISM JINGLING XUE School of Computer Science and Engineering The University of New
More informationCOMMUNICATION SYSTEMS The State of the Art
COMMUNICATION SYSTEMS The State of the Art IFIP The International Federation for Information Processing lfip was founded in 1960 under the auspices of UNESCO, following the First World Computer Congress
More informationGroupware and the World Wide Web
Groupware and the World Wide Web Edited by Richard Bentley, Uwe Busbach, David Kerr & Klaas Sikkel German National Research Center for Information Technology, Institutefor Applied Information Technology
More informationMINING VERY LARGE DATABASES WITH PARALLEL PROCESSING
MINING VERY LARGE DATABASES WITH PARALLEL PROCESSING The Kluwer International Series on ADVANCES IN DATABASE SYSTEMS Series Editor Ahmed K. Elmagarmid Purdue University West Lafayette, IN 47907 Other books
More informationEnergy Efficient Microprocessor Design
Energy Efficient Microprocessor Design Energy Efficient Microprocessor Design by Thomas D. Burd Robert W. Brodersen with Contributions Irom Trevor Pering Anthony Stratakos Berkeley Wireless Research Center
More informationSpringerBriefs in Computer Science
SpringerBriefs in Computer Science Series editors Stan Zdonik, Brown University, Providence, Rhode Island, USA Shashi Shekhar, University of Minnesota, Minneapolis, Minnesota, USA Xindong Wu, University
More informationTopological Structure and Analysis of Interconnection Networks
Topological Structure and Analysis of Interconnection Networks Network Theory and Applications Volume 7 Managing Editors: Ding-Zhu Du, University of Minnesota, U.S.A. and Cauligi Raghavendra, University
More informationFundamentals of Operating Systems. Fifth Edition
Fundamentals of Operating Systems Fifth Edition Fundamentals of Operating Systems A.M. Lister University of Queensland R. D. Eager University of Kent at Canterbury Fifth Edition Springer Science+Business
More informationTCOM 663/CFRS Intrusion Detection and Forensics Department of Electrical and Computer Engineering George Mason University Fall, 2010
TCOM 663/CFRS 663 - Intrusion Detection and Forensics Department of Electrical and Computer Engineering George Mason University Fall, 2010 Course Syllabus Revised: June. 16, 2010. Instructor Dr. Kafi Hassan
More informationFlow-based Worm Detection using Correlated Honeypot Logs
Flow-based Worm Detection using Correlated Honeypot Logs Falko Dressler, Wolfgang Jaegers, and Reinhard German Computer Networks and Communication Systems, University of Erlangen, Martensstr. 3, 91058
More informationOverview of Information Security
Overview of Information Security Lecture By Dr Richard Boateng, UGBS, Ghana Email: richard@pearlrichards.org Original Slides by Elisa Bertino CERIAS and CS &ECE Departments, Pag. 1 and UGBS Outline Information
More informationINFORMATION RETRIEVAL SYSTEMS: Theory and Implementation
INFORMATION RETRIEVAL SYSTEMS: Theory and Implementation THE KLUWER INTERNATIONAL SERIES ON INFORMATION RETRIEVAL Series Editor W. Bruce Croft University of Massachusetts Amherst, MA 01003 Also in the
More informationEFFECTIVE INTRUSION DETECTION AND REDUCING SECURITY RISKS IN VIRTUAL NETWORKS (EDSV)
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 3, Issue. 8, August 2014,
More informationOnline Intrusion Alert Based on Aggregation and Correlation
Online Intrusion Alert Based on Aggregation and Correlation Kunchakarra Anusha 1, K.V.D.Sagar 2 1 Pursuing M.Tech(CSE), Nalanda Institute of Engineering & Technology,Siddharth Nagar, Sattenapalli, Guntur.,
More informationComputer Science Workbench. Editor: Tosiyasu L. Kunii
Computer Science Workbench Editor: Tosiyasu L. Kunii H. Kitagawa T.L. Kunii The U nnortnalized Relational Data Model F or Office Form Processor Design With 78 Figures Springer-Verlag Tokyo Berlin Heidelberg
More informationEnabling Technologies for Wireless E-Business
Enabling Technologies for Wireless E-Business Weidong Kou Yelena Yesha (Eds.) Enabling Technologies for Wireless E-Business With 141 Figures and 15 Tables ABC Editors Weidong Kou Chinese State Key Laboratory
More informationACS / Computer Security And Privacy. Fall 2018 Mid-Term Review
ACS-3921-001/4921-001 Computer Security And Privacy Fall 2018 Mid-Term Review ACS-3921/4921-001 Slides Used In The Course A note on the use of these slides: These slides has been adopted and/or modified
More informationCourse Curriculum for Master Degree in Network Engineering and Security
Course Curriculum for Master Degree in Network Engineering and Security The Master Degree in Network Engineering and Security is awarded by the Faculty of Graduate Studies at Jordan University of Science
More informationSYNTHESIS OF FINITE STATE MACHINES: LOGIC OPTIMIZATION
SYNTHESIS OF FINITE STATE MACHINES: LOGIC OPTIMIZATION SYNTHESIS OF FINITE STATE MACHINES: LOGIC OPTIMIZATION Tiziano Villa University of California/Berkeley Timothy Kam Intel Corporation Robert K. Brayton
More informationIntrusion Detection. Overview. Intrusion vs. Extrusion Detection. Concepts. Raj Jain. Washington University in St. Louis
Intrusion Detection Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: 22-1 1. Intruders 2. Intrusion
More informationWhitestein Series in software Agent Technologies. About whitestein Technologies
Whitestein Series in software Agent Technologies Series Editors: Marius Walliser Stefan Brantschen Monique Calisti Thomas Hempfling This series reports new developments in agent-based software technologies
More informationIT443 Network Security Administration Spring Gabriel Ghinita University of Massachusetts at Boston
IT443 Network Security Administration Spring 2018 Gabriel Ghinita University of Massachusetts at Boston Contact Information Instructor: Dr. Gabriel Ghinita Email: Gabriel.Ghinita@umb.edu (preferred contact)
More informationIntrusion Detection System
Intrusion Detection System Marmagna Desai March 12, 2004 Abstract This report is meant to understand the need, architecture and approaches adopted for building Intrusion Detection System. In recent years
More informationPARALLEL, OBJECT -ORIENTED, AND ACTIVE KNOWLEDGE BASE SYSTEMS
PARALLEL, OBJECT -ORIENTED, AND ACTIVE KNOWLEDGE BASE SYSTEMS The Kluwer International Series on ADVANCES IN DATABASE SYSTEMS Series Editor Ahmed K. Elmagarmid Purdue University West Lafayette, IN 47907
More informationSecured Information Retrieval using CIDS and Map Reducing in Cloud
Secured Information Retrieval using CIDS and Map Reducing in Cloud J.Indra Mercy Assistant Professor, CSE Saveetha Engineering College M. Kanimozhi, Assistant Professor, CSE, Saveetha Engineering College,.
More informationGDPR: An Opportunity to Transform Your Security Operations
GDPR: An Opportunity to Transform Your Security Operations McAfee SIEM solutions improve breach detection and response Is your security operations GDPR ready? General Data Protection Regulation (GDPR)
More informationINTRUSION DETECTION SYSTEM USING BIG DATA FRAMEWORK
INTRUSION DETECTION SYSTEM USING BIG DATA FRAMEWORK Abinesh Kamal K. U. and Shiju Sathyadevan Amrita Center for Cyber Security Systems and Networks, Amrita School of Engineering, Amritapuri, Amrita Vishwa
More informationAn Autonomic Framework for Integrating Security and Quality of Service Support in Databases
An Autonomic Framework for Integrating Security and Quality of Service Support in Databases Firas Alomari The Volgenau School of Engineering George Mason University Daniel A. Menasce Department of Computer
More informationA Survey of Self-Protecting Computing Systems
A Survey of Self-Protecting Computing Systems Essien Ayanam The Volgenau School of Engineering George Mason University Fairfax, Virginia, 22030, USA Email: eayanam@gmu.edu Outline Introduction Overview
More informationDeveloping the Sensor Capability in Cyber Security
Developing the Sensor Capability in Cyber Security Tero Kokkonen, Ph.D. +358504385317 tero.kokkonen@jamk.fi JYVSECTEC JYVSECTEC - Jyväskylä Security Technology - is the cyber security research, development
More informationDetection of Insiders Misuse in Database Systems
Detection of Insiders Misuse in Database Systems Nahla Shatnawi, Qutaibah Althebyan, and Wail Mardini Abstract Almost all systems all over the world suffer from outsider and insider attacks. Outsider attacks
More informationA fault tolerance honeypots network for securing E-government
A fault tolerance honeypots network for securing E-government Shahriar Mohammadi Bahman Nikkhahan smohammadi40@yahoo.com Nikkhahan@sina.kntu.ac.ir Information Technology Engineering Group, Department of
More informationDenial of Service, Traceback and Anonymity
Purdue University Center for Education and Research in Information Assurance and Security Denial of Service, Traceback and Anonymity Clay Shields Assistant Professor of Computer Sciences CERIAS Network
More informationITIL 2011 At a Glance. John O. Long
ITIL 2011 At a Glance John O. Long SpringerBriefs in Computer Science Series Editors Stan Zdonik Peng Ning Shashi Shekhar Jonathan Katz Xindong Wu Lakhmi C. Jain David Padua Xuemin Shen Borko Furht VS
More informationExam : Title : Security Solutions for Systems Engineers(SSSE) Version : Demo
Exam : 642-565 Title : Security Solutions for Systems Engineers(SSSE) Version : Demo 1. SomeCompany, Ltd. wants to implement the the PCI Data Security Standard to protect sensitive cardholder information.
More informationSoftware Development for SAP R/3
Software Development for SAP R/3 Springer-Verlag Berlin Heidelberg GmbH Ulrich Mende Software Development for SAP R/3 Data Dictionary, ABAP/4, Interfaces With Diskette With 124 Figures and Many Example
More informationAlgorithm Collections for Digital Signal Processing Applications Using Matlab
Algorithm Collections for Digital Signal Processing Applications Using Matlab Algorithm Collections for Digital Signal Processing Applications Using Matlab E.S. Gopi National Institute of Technology, Tiruchi,
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 19: Intrusion Detection Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline Intruders Intrusion detection host-based network-based
More informationINFORMATION SECURITY FOR MANAGERS
INFORMATION SECURITY FOR MANAGERS INFORMATION SECURITY FOR MANAGERS William Caelli Dennis Longley Michael Shain M stockton press Macmillan Publishers Ltd, 1989 Softcover reprint of the hardcover 1st edition
More informationWireless Networks. Series Editor: Xuemin (Sherman) Shen University of Waterloo, Waterloo, Ontario, Canada
Wireless Networks Series Editor: Xuemin (Sherman) Shen University of Waterloo, Waterloo, Ontario, Canada More information about this series at http://www.springer.com/series/14180 Rongxing Lu Privacy-Enhancing
More informationAutomated Planning for Open Network Architectures
UNIVERSITY OF CALIFORNIA Los Angeles Automated Planning for Open Network Architectures A dissertation submitted in partial satisfaction of the requirements for the degree Doctor of Philosophy in Computer
More informationVERILOG QUICKSTART. James M. Lee Cadence Design Systems, Inc. SPRINGER SCIENCE+BUSINESS MEDIA, LLC
VERILOG QUICKSTART VERILOG QUICKSTART by James M. Lee Cadence Design Systems, Inc. ~. " SPRINGER SCIENCE+BUSINESS MEDIA, LLC ISBN 978-1-4613-7801-3 ISBN 978-1-4615-6113-2 (ebook) DOI 10.1007/978-1-4615-6113-2
More informationCYBERBIT P r o t e c t i n g a n e w D i m e n s i o n
CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n CYBETBIT in a Nutshell A leader in the development and integration of Cyber Security Solutions A main provider of Cyber Security solutions for the
More informationMobile Agent Based Adaptive Intrusion Detection and Prevention Systems
Vol. 5, 108 Mobile Agent Based Adaptive Intrusion Detection and Prevention Systems 1 Ameya Gangamwar, 2 Anand Kanani, 3 Vivek Singh, 4 Rachana Srivastav and 5 Deven Shah Abstract- The proposed system using
More informationARC VIEW. Critical Industries Need Continuous ICS Security Monitoring. Keywords. Summary. By Sid Snitkin
ARC VIEW FEBRUARY 1, 2018 Critical Industries Need Continuous ICS Security Monitoring By Sid Snitkin Keywords Anomaly and Breach Detection, Continuous ICS Security Monitoring, Nozomi Networks Summary Most
More informationResearch on Industrial Security Theory
Research on Industrial Security Theory Menggang Li Research on Industrial Security Theory Menggang Li China Centre for Industrial Security Research Beijing, People s Republic of China ISBN 978-3-642-36951-3
More informationIntroduction and Statement of the Problem
Chapter 1 Introduction and Statement of the Problem 1.1 Introduction Unlike conventional cellular wireless mobile networks that rely on centralized infrastructure to support mobility. An Adhoc network
More informationSecurity Technologies for Dynamic Collaboration
Special Issue Advanced Technologies Driving Dynamic Collaboration Featuring System Technologies Security Technologies for Dynamic Collaboration By Hiroshi MIYAUCHI,* Ayako KOMATSU, Masato KAWATSU and Masashi
More informationDatabase Replication
Database Replication Synthesis Lectures on Data Management Editor M. Tamer Özsu, University of Waterloo Synthesis Lectures on Data Management is edited by Tamer Özsu of the University of Waterloo. The
More informationMobile Phone Security and Forensics
Mobile Phone Security and Forensics Iosif I. Androulidakis Mobile Phone Security and Forensics A Practical Approach Second Edition Iosif I. Androulidakis Pedini Ioannina Greece ISBN 978-3-319-29741-5
More informationDetecting Denial of Service using BENEF Model: An Alternative Approach. Abstract
Detecting Denial of Service using BENEF Model: An Alternative Approach Urupoj Kanlayasiri, Surasak Sanguanpong, and Yuen Poovarawan Applied Network Research Group Department of Computer Engineering Kasetsart
More informationNetwork Security: Firewall, VPN, IDS/IPS, SIEM
Security: Firewall, VPN, IDS/IPS, SIEM Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr What is a Firewall? A firewall is hardware, software, or a combination of both that is used to prevent unauthorized
More information2. INTRUDER DETECTION SYSTEMS
1. INTRODUCTION It is apparent that information technology is the backbone of many organizations, small or big. Since they depend on information technology to drive their business forward, issues regarding
More informationNetwork Performance Analysis System. White Paper
Network Performance Analysis System White Paper Copyright Copyright 2018 Colasoft. All rights reserved. Information in this document is subject to change without notice. No part of this document may be
More informationNew York Cybersecurity. New York Cybersecurity. Requirements for Financial Services Companies (23NYCRR 500) Solution Brief
Publication Date: March 10, 2017 Requirements for Financial Services Companies (23NYCRR 500) Solution Brief EventTracker 8815 Centre Park Drive, Columbia MD 21045 About EventTracker EventTracker s advanced
More information19.1. Security must consider external environment of the system, and protect it from:
Module 19: Security The Security Problem Authentication Program Threats System Threats Securing Systems Intrusion Detection Encryption Windows NT 19.1 The Security Problem Security must consider external
More informationCyber Defense & Network Assurance (CyberDNA) Center. Professor Ehab Al Shaer, Director of CyberDNA Center UNC Charlotte
Cyber Defense & Network Assurance (CyberDNA) Center Professor Ehab Al Shaer, Director of CyberDNA Center UNC Charlotte March 5, 2012 About CyberDNA Vision CyberDNA Center is to enable assurable and usable
More informationDifferent attack manifestations Network packets OS calls Audit records Application logs Different types of intrusion detection Host vs network IT
Different attack manifestations Network packets OS calls Audit records Application logs Different types of intrusion detection Host vs network IT environment (e.g., Windows vs Linux) Levels of abstraction
More informationINFORMATION SECURITY MANAGEMENT & SMALL SYSTEMS SECURITY
INFORMATION SECURITY MANAGEMENT & SMALL SYSTEMS SECURITY IFIP - The International Federation for Information Processing IFIP was founded in 1960 under the auspices of UNESCO, following the First World
More informationFRONT RUNNER DIPLOMA PROGRAM Version 8.0 INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months
FRONT RUNNER DIPLOMA PROGRAM Version 8.0 INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months MODULE: INTRODUCTION TO INFORMATION SECURITY INFORMATION SECURITY ESSENTIAL TERMINOLOGIES
More informationA Firewall Architecture to Enhance Performance of Enterprise Network
A Firewall Architecture to Enhance Performance of Enterprise Network Hailu Tegenaw HiLCoE, Computer Science Programme, Ethiopia Commercial Bank of Ethiopia, Ethiopia hailutegenaw@yahoo.com Mesfin Kifle
More informationIntroduction to Security
IS 2150 / TEL 2810 Introduction to Security James Joshi Professor, SIS Lecture 12 2016 Intrusion Detection, Auditing System Firewalls & VPN 1 Intrusion Detection 2 Intrusion Detection/Response Denning:
More informationWindows 10 Revealed. The Universal Windows Operating System for PC, Tablets, and Windows Phone. Kinnary Jangla
Windows 10 Revealed The Universal Windows Operating System for PC, Tablets, and Windows Phone Kinnary Jangla Windows 10 Revealed Kinnary Jangla Bing Maps San Francisco, California, USA ISBN-13 (pbk): 978-1-4842-0687-4
More informationCryptography and Network Security Chapter 1
Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 1 Introduction The art of war teaches us to rely not on the likelihood of the enemy's
More informationSOFTWARE MODELING AND DESIGN. UML, Use Cases, Patterns, and. Software Architectures. Ki Cambridge UNIVERSITY PRESS. Hassan Gomaa
SOFTWARE MODELING AND DESIGN UML, Use Cases, Patterns, and Software Architectures Hassan Gomaa George Mason University, Fairfax, Virginia Ki Cambridge UNIVERSITY PRESS Contents Preface P"U
More informationIPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions
IPS Effectiveness IPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions An Intrusion Prevention System (IPS) is a critical layer of defense that helps you protect
More informationHierarchical Scheduling in Parallel and Cluster Systems
Hierarchical Scheduling in Parallel and Cluster Systems SERIES IN COMPUTER SCIENCE Series Editor: Rami G. Melhem University of Pittsburgh Pittsburgh, Pennsylvania ENGINEERING ELECTRONIC NEGOTIATIONS A
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 6 Intrusion Detection First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Intruders significant issue hostile/unwanted
More informationIntrusion Detection Systems (IDS)
Intrusion Detection Systems (IDS) Presented by Erland Jonsson Department of Computer Science and Engineering Intruders & Attacks Cyber criminals Activists State-sponsored organizations Advanced Persistent
More informationCYSE 411/AIT 681 Secure Software Engineering Topic #3. Risk Management
CYSE 411/AIT 681 Secure Software Engineering Topic #3. Risk Management Instructor: Dr. Kun Sun Outline 1. Risk management 2. Standards on Evaluating Secure System 3. Security Analysis using Security Metrics
More informationPramod Bide 1, Rajashree Shedge 2 1,2 Department of Computer Engg, Ramrao Adik Institute of technology/mumbai University, India
Comparative Study and Analysis of Cloud Intrusion Detection System Pramod Bide 1, Rajashree Shedge 2 1,2 Department of Computer Engg, Ramrao Adik Institute of technology/mumbai University, India ABSTRACT
More informationJAVA Projects. 1. Enforcing Multitenancy for Cloud Computing Environments (IEEE 2012).
JAVA Projects I. IEEE based on CLOUD COMPUTING 1. Enforcing Multitenancy for Cloud Computing Environments 2. Practical Detection of Spammers and Content Promoters in Online Video Sharing Systems 3. An
More informationOverview Intrusion Detection Systems and Practices
Overview Intrusion Detection Systems and Practices Chapter 13 Lecturer: Pei-yih Ting Intrusion Detection Concepts Dealing with Intruders Detecting Intruders Principles of Intrusions and IDS The IDS Taxonomy
More informationIntrusion Detection System in Wireless Sensor Networks
Intrusion Detection System in Wireless Sensor Networks Pooja Thakre 1, Mohammad Hassan 2, Irfan Javed 3, Sneha Sambare 4 Professor, Department of EJ, NCET, NAGPUR, India 1 Lecturer, Department of EJ, NCET,
More informationFISMAand the Risk Management Framework
FISMAand the Risk Management Framework The New Practice of Federal Cyber Security Stephen D. Gantz Daniel R. Phi I pott Darren Windham, Technical Editor ^jm* ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON
More informationRaj Jain. Washington University in St. Louis
Intrusion Detection Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/
More informationHardware Acceleration of EDA Algorithms
Hardware Acceleration of EDA Algorithms Kanupriya Gulati Sunil P. Khatri Hardware Acceleration of EDA Algorithms Custom ICs, FPGAs and GPUs 123 Kanupriya Gulati 109 Branchwood Trl Coppell TX 75019 USA
More information