Peng Ning - Böcker

The recent technological advances have made it possible to deploy small, l- power, low-bandwidth, and multi-functional wireless sensor nodes to monitor and report the conditions and events in their local environments. A large collection of these sensor nodes can thus form a wireless sensor network in an ad hoc manner, creating a new type of information systems. Such sensor networks have recently emerged as an important means to study and interact with the physical world and have received a lot of attention due to their wide applications in military and civilian operations such as target tracking and data acquisition. However, in many of these applications, wireless sensor networks could be deployed in hostile environments where there are malicious attacks against the network. Providing security services in sensor networks, however, turns out to be a very challenging task. First, sensor nodes usually have limited resources such as storage, bandwidth, computation and energy. It is often undesirable to implement expensive algorithms (e. g. , frequent public key operations) on sensor nodes. Second, sensor nodes are usually deployed unattended and built without compromise prevention in mind. An attacker can easily capture and compromise a few sensor nodes without being noticed. When sensor nodes are compromised, the attacker can learn all the secrets stored on them and launch a variety of attacks. Thus, any security mechanism for sensor networks has to be resilient to compromised sensor nodes.

Intrusion detection systems (IDS) are usually deployed along with other preventive security mechanisms, such as access control and authentication, as a second line of defense that protects information systems. Intrusion detection complements the protective mechanisms to improve the system security. Moreover, even if the preventive security mechanisms can protect information systems successfully, it is still desirable to know what intrusions have happened or are happening, so that the users can understand the security threats and risks and thus be better prepared for future attacks. Intrusion detection techniques are traditionally categorized into two classes: anomaly detection and misuse detection. Anomaly detection is based on the normal behavior of a subject (a user or a system); any action that significantly deviates from the normal behaviour is considered intrusive. Misuse detection catches intrusions in terms of characteristics of known attacks or system vulnerabilities; any action that conforms to the pattern of known attack or vulnerability is considered intrusive.Alternatively, IDS may be classified into host-based IDSs, distributed IDSs, and network based IDSs according to the source of the audit information used by each IDS. Host-based IDSs get audit data from host audit trails and usually aim at detecting attacks against a single host; distributed IDSs gather audit data from multiple hosts and possibly the network and connects the hosts, aiming at detecting attacks involving multiple hosts; network-based IDSs use network traffic as the audit data source, relieving the burden on the hosts that usually provide normal computing services. Intrusion Detection In Distributed Systems: An Abstraction-Based Approach presents research contributions in three areas with respect to intrusion detection in distributed systems. The first contribution is an abstraction-based approach to addressing heterogeneity and autonomy of distributed environments. The second contribution is a formal framework for modelling requests among co-operative IDSs and its application to Common Intrusion Detection Framework (CIDF). The third contribution is a novel approach to coordinating different IDSs for distributed event correlation.

The recent technological advances have made it possible to deploy small, l- power, low-bandwidth, and multi-functional wireless sensor nodes to monitor and report the conditions and events in their local environments. A large collection of these sensor nodes can thus form a wireless sensor network in an ad hoc manner, creating a new type of information systems. Such sensor networks have recently emerged as an important means to study and interact with the physical world and have received a lot of attention due to their wide applications in military and civilian operations such as target tracking and data acquisition. However, in many of these applications, wireless sensor networks could be deployed in hostile environments where there are malicious attacks against the network. Providing security services in sensor networks, however, turns out to be a very challenging task. First, sensor nodes usually have limited resources such as storage, bandwidth, computation and energy. It is often undesirable to implement expensive algorithms (e. g. , frequent public key operations) on sensor nodes. Second, sensor nodes are usually deployed unattended and built without compromise prevention in mind. An attacker can easily capture and compromise a few sensor nodes without being noticed. When sensor nodes are compromised, the attacker can learn all the secrets stored on them and launch a variety of attacks. Thus, any security mechanism for sensor networks has to be resilient to compromised sensor nodes.

Intrusion Detection In Distributed Systems: An Abstraction-Based Approach presents research contributions in three areas with respect to intrusion detection in distributed systems. The first contribution is an abstraction-based approach to addressing heterogeneity and autonomy of distributed environments. The second contribution is a formal framework for modeling requests among cooperative IDSs and its application to Common Intrusion Detection Framework (CIDF). The third contribution is a novel approach to coordinating different IDSs for distributed event correlation.

It is our great pleasure to welcome you to the Eighth International Conference on Information and Communications Security (ICICS 2006), held in Raleigh, North Carolina, USA, December 4–7, 2006. The ICICS conference series is an established forum that brings together researchersand scholars involved in m- tiple disciplines of Information and Communications Security in order to foster exchangeof ideas. The past sevenICICS conferences wereheld in Beijing, China (ICICS 1997); Sydney, Australia (ICICS 1999); Xi’an China (ICICS 2001); S- gapore (ICICS 2002); Hohhot City, China (ICICS 2003); Malaga, Spain (ICICS 2004); and Beijing, China (ICICS 2005). The conference proceedings of the past seven events have been published by Springer in the Lecture Notes in Computer Science series, in LNCS1334,LNCS1726,LNCS2229,LNCS 2513,LNCS 2836, LNCS 3269, and LNCS 3783, respectively. This year we received a total of 119 submissions on various aspects of - hoc and sensor network security. The Program Committee selected 22 regular papers and 17 short papers that cover a variety of topics, including security protocols, applied cryptography and cryptanalysis, access control in distributed systems, privacy, malicious code, network and systems security, and security implementations. Putting together ICICS 2006 was a team e?ort. First of all, we would like to thank the authors of every paper, whether accepted or not, for submitting their papers to ICICS 2006. We would like to express our gratitude to the Program Committee members and the external reviewers, who worked very hard in - viewing the papers and providing suggestions for their improvements.