Christopher Kruegel - Böcker

Virtually all organizations face increasing threats to their networks and the services they provide. Intrusion detection systems (IDSs) take an increased pounding for failing to meet the expectations researchers and IDS vendors continually raise. Promises that IDSs are capable of reliably identifying malicious activity in large networks were premature and never turned into reality. While virus scanners and firewalls have visible benefits and remain virtually unnoticed during normal operations, the situation is different with intrusion detection sensors. State-of-the-art IDSs produce hundreds or even thousands of alerts every day. Unfortunately, almost all of these alerts are false positives, that is, they are not related to security-relevant incidents.

Intrusion Detection and Correlation: Challenges and Solutions presents intrusion detection systems (IDSs) and addresses the problem of managing and correlating the alerts produced. This volume discusses the role of intrusion detection in the realm of network security with comparisons to traditional methods such as firewalls and cryptography.The Internet is omnipresent and companies have increasingly put critical resources online. This has given rise to the activities of cyber criminals. Virtually all organizations face increasing threats to their networks and the services they provide. Intrusion detection systems (IDSs) take increased pounding for failing to meet the expectations researchers and IDS vendors continually raise. Promises that IDSs are capable of reliably identifying malicious activity in large networks were premature and never tuned into reality.While virus scanners and firewalls have visible benefits and remain virtually unnoticed during normal operations, the situation is different with intrusion detection sensors. State-of-the-art IDSs produce hundreds or even thousands of alerts every day. Unfortunately, almost all of these alerts are false positives, that is, they are not related to security-relevant incidents.Intrusion Detection and Correlation: Challenges and Solutions analyzes the challenges in interpreting and combining (i.e., correlating) alerts produced by these systems. In addition, existing academic and commercial systems are classified; their advantage and shortcomings are presented, especially in the case of deployment in large, real-world sites.

Das Buch gibt eine leicht verständliche Einführung in die Thematik der Technischen Informatik, die heute für das Verständnis technischer Hard- und Softwaresysteme unverzichtbar ist. Zahlreiche Abbildungen sollen technische Zusammenhänge in Computersystemen verdeutlichen. Folgende Themenbereiche werden behandelt:• Entwurf logischer Schaltungen• Very High Speed Integrated Circuit Hardware Description Language (VHDL)• Endliche Automaten• Mikroprozessoren • Computersysteme• Betriebssysteme und Systemsoftware• Programmprozesse• Speicherverwaltung• Interprozess-Kommunikation• Netzwerke• Resource-Management• Sicherheit in BetriebssystemenDie Neuauflage wurde um ein Kapitel über USB und Firewire sowie um eines über Netzwerke ergänzt. Das Kapitel "Betriebssysteme" wurde um einen Abschnitt "Sicherheit" erweitert.

On behalf of the Program Committee, it is our pleasure to present to you the proceedings of the 2nd GI SIG SIDAR Conference on Detection of Intrusions & Malware, and Vulnerability Assessment (DIMVA). DIMVA is organized by the Special Interest Group Security — Intrusion Detection and Response (SIDAR) of the German Informatics Society (GI) as an annual conference that brings together experts from throughout the world to discuss the state of the art in the areas of intrusion detection, detection of malware, and assessment of vulnerabilities. TheDIMVA2005ProgramCommitteereceived51submissionsfrom18co- tries. This represents an increase of approximately 25% compared with the n- ber of submissions last year. All submissions were carefully reviewed by at least three Program Committee members or external experts according to the cri- ria of scienti?c novelty, importance to the ?eld, and technical quality. The ?nal selection took place at a meeting held on March 18, 2005, in Zurich, Switz- land. Fourteen full papers were selected for presentation and publication in the conference proceedings. In addition, three papers were selected for presentation in the industry track of the conference. The program featured both theoretical and practical research results, which were grouped into six sessions. Philip Att?eld from the Northwest Security Institute gave the opening keynote speech. The slides presented by the authors are available on the DIMVA 2005 Web site at http://www.dimva.org/dimva2005 We sincerely thank all those who submitted papers as well as the Program Committee members and the external reviewers for their valuable contributions.

This book constitutes the refereed proceedings of the 9th International Symposium on Recent Advances in Intrusion Detection, RAID 2006, held in Hamburg, Germany in September 2006. The 16 revised full papers presented were carefully reviewed and selected from 93 submissions. The papers are organized in topical sections on anomaly detection, attacks, system evaluation and threat assessment, malware collection and analysis, anomaly- and specification-based detection, and network intrusion detection.

On behalf of the Program Committee, it is our pleasure to present to you the proceedings of the Sixth Symposium on Recent Advances in Intrusion Detection (RAID 2003). Theprogramcommitteereceived44fullpapersubmissionsfrom10countries. All submissions were carefully reviewed by at least three program committee members or additional intrusion detection experts according to the criteria of scienti?c novelty, importance to the ?eld, and technical quality. The program committee meeting was held in Berkeley, USA on May 14-15. Thirteen papers were selected for presentation and publication in the conference proceedings. The conference technical program included both fundamental research and practical issues, and was shaped around the following topics: network infr- tructure, anomaly detection, correlation, modeling and speci?cation, and sensor technologies. The slides presented by the authors are available on the RAID 2003 web site, http://www.raid-symposium.org/raid2003. We would like to thank the authors that submitted papers as well as the p- gram committee members and the additional reviewers who volunteered their time to create a quality program.In addition, we want to thank the Conf- ence General Chair, John McHugh, for organizing the conference in Pittsburgh, Joshua Haines for publicizing the conference, Don McGillen for ?nding support from our sponsors, and Christopher Kruegel for maintaining the RAID web site and preparing the conference proceedings. Special thanks go to our sponsors Cisco Systems and Symantec, who p- vided ?nancial support for student participation to the symposium, and to CERT/CMU for hosting the conference.