Giovanni Vigna – författare

Virtually all organizations face increasing threats to their networks and the services they provide. Intrusion detection systems (IDSs) take an increased pounding for failing to meet the expectations researchers and IDS vendors continually raise. Promises that IDSs are capable of reliably identifying malicious activity in large networks were premature and never turned into reality. While virus scanners and firewalls have visible benefits and remain virtually unnoticed during normal operations, the situation is different with intrusion detection sensors. State-of-the-art IDSs produce hundreds or even thousands of alerts every day. Unfortunately, almost all of these alerts are false positives, that is, they are not related to security-relevant incidents.

Intrusion Detection and Correlation: Challenges and Solutions presents intrusion detection systems (IDSs) and addresses the problem of managing and correlating the alerts produced. This volume discusses the role of intrusion detection in the realm of network security with comparisons to traditional methods such as firewalls and cryptography.The Internet is omnipresent and companies have increasingly put critical resources online. This has given rise to the activities of cyber criminals. Virtually all organizations face increasing threats to their networks and the services they provide. Intrusion detection systems (IDSs) take increased pounding for failing to meet the expectations researchers and IDS vendors continually raise. Promises that IDSs are capable of reliably identifying malicious activity in large networks were premature and never tuned into reality.While virus scanners and firewalls have visible benefits and remain virtually unnoticed during normal operations, the situation is different with intrusion detection sensors. State-of-the-art IDSs produce hundreds or even thousands of alerts every day. Unfortunately, almost all of these alerts are false positives, that is, they are not related to security-relevant incidents.Intrusion Detection and Correlation: Challenges and Solutions analyzes the challenges in interpreting and combining (i.e., correlating) alerts produced by these systems. In addition, existing academic and commercial systems are classified; their advantage and shortcomings are presented, especially in the case of deployment in large, real-world sites.

This book constitutes the refereed proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection, RAID 2002, held in Zurich, Switzerland, in October 2002. The 16 revised full papers presented were carefully reviewed and selected from a total of 81 submissions. The papers are organized in topical sections on stepping stone detection, anomality detection, correlation, legal aspects and intrusion tolerance, assessment of intrusion detection systems, adaptive intrusion detection systems, intrusion detection analysis.

On behalf of the program committee, it is our pleasure to present to you the proceedings of the Fifth Symposium on Recent Advances in Intrusion Detection (RAID). Since its ?rst edition in 1998, RAID has established itself as the main annual intrusion detection event, attracting researchers, practitioners, and v- dors from all over the world. The RAID 2002 program committee received 81 submissions (64 full papers and 17 extended abstracts) from 20 countries. This is about 50% more than last year. All submissions were carefully reviewed by at least three program comm- tee members or additional intrusion-detection experts according to the criteria ofscienti?cnovelty,importancetothe?eld,andtechnicalquality.Finalselection took place at a meeting held on May 15–16, 2002, in Oakland, USA. Sixteen full papers were selected for presentation and publication in the conference proc- dings. In addition, three extended abstracts of work in progress were selected for presentation. The program included both fundamental research and practical issues. The seven sessions were devoted to the following topics: anomaly detection, steppi- stonedetection,correlationofintrusion-detectionalarms,assessmentofintrusi- detectionsystems,intrusiontolerance,legalaspects,adaptiveintrusion-detection systems, and intrusion-detection analysis. RAID 2002 also hosted a panel on “Cybercrime,” a topic of major concern for both security experts and the public. Marcus J. Ranum, the founder of Network Flight Recorder, Inc., delivered a keynote speech entitled “Challenges for the Future of Intrusion Detection”.

On behalf of the Program Committee, it is our pleasure to present to you the proceedings of the Sixth Symposium on Recent Advances in Intrusion Detection (RAID 2003). Theprogramcommitteereceived44fullpapersubmissionsfrom10countries. All submissions were carefully reviewed by at least three program committee members or additional intrusion detection experts according to the criteria of scienti?c novelty, importance to the ?eld, and technical quality. The program committee meeting was held in Berkeley, USA on May 14-15. Thirteen papers were selected for presentation and publication in the conference proceedings. The conference technical program included both fundamental research and practical issues, and was shaped around the following topics: network infr- tructure, anomaly detection, correlation, modeling and speci?cation, and sensor technologies. The slides presented by the authors are available on the RAID 2003 web site, http://www.raid-symposium.org/raid2003. We would like to thank the authors that submitted papers as well as the p- gram committee members and the additional reviewers who volunteered their time to create a quality program.In addition, we want to thank the Conf- ence General Chair, John McHugh, for organizing the conference in Pittsburgh, Joshua Haines for publicizing the conference, Don McGillen for ?nding support from our sponsors, and Christopher Kruegel for maintaining the RAID web site and preparing the conference proceedings. Special thanks go to our sponsors Cisco Systems and Symantec, who p- vided ?nancial support for student participation to the symposium, and to CERT/CMU for hosting the conference.

New paradigms can popularize old technologies. A new \standalone" paradigm, the electronic desktop, popularized the personal computer. A new \connected" paradigm, the web browser, popularized the Internet. Another new paradigm, the mobile agent, may further popularize the Internet by giving people greater access to it with less eort. MobileAgentParadigm The mobile agent paradigm integrates a network of computers in a novel way designed to simplify the development of network applications. To an application developer the computers appear to form an electronic world of places occupied by agents. Each agent or place in the electronic world has the authority of an individual or an organization in the physical world. The authority can be established, for example, cryptographically. A mobile agent can travel from one place to another subject to the des- nation place’s approval. The source and destination places can be in the same computer or in di erent computers. In either case,the agentinitiates the trip by executing a \go" instruction which takes as an argument the name or address of the destination place. The next instruction in the agent’s program is executed in the destination place, rather than in the source place. Thus, in a sense, the mobile agent paradigm reduces networking to a program instruction. A mobile agent can interact programmatically with the places it visits and, if the other agents approve, with the other agents it encounters in those places.