Apress Access

Intrusion Detection and Correlation

Challenges and Solutions

By Christopher Kruegel , Fredrik Valeur , Giovanni Vigna

  • eBook Price: $129.00
Buy eBook Buy Print Book

Intrusion Detection and Correlation Cover Image

  • Add to Wishlist
  • ISBN13: 978-0-3872-3398-7
  • 136 Pages
  • User Level: Science
  • Publication Date: December 30, 2005
  • Available eBook Formats: PDF
Full Description
Intrusion Detection and Correlation: Challenges and Solutions presents intrusion detection systems (IDSs) and addresses the problem of managing and correlating the alerts produced. This volume discusses the role of intrusion detection in the realm of network security with comparisons to traditional methods such as firewalls and cryptography. The Internet is omnipresent and companies have increasingly put critical resources online. This has given rise to the activities of cyber criminals. Virtually all organizations face increasing threats to their networks and the services they provide. Intrusion detection systems (IDSs) take increased pounding for failing to meet the expectations researchers and IDS vendors continually raise. Promises that IDSs are capable of reliably identifying malicious activity in large networks were premature and never tuned into reality. While virus scanners and firewalls have visible benefits and remain virtually unnoticed during normal operations, the situation is different with intrusion detection sensors. State-of-the-art IDSs produce hundreds or even thousands of alerts every day. Unfortunately, almost all of these alerts are false positives, that is, they are not related to security-relevant incidents. Intrusion Detection and Correlation: Challenges and Solutions analyzes the challenges in interpreting and combining (i.e., correlating) alerts produced by these systems. In addition, existing academic and commercial systems are classified; their advantage and shortcomings are presented, especially in the case of deployment in large, real-world sites.
Table of Contents

Table of Contents

  1. Preface.
  2. List of Figures.
  3. List of Tables.
  4. Introduction.
  5. Computer Security and Intrusion Detection.
  6. Alert Correlation.
  7. Alert Collection.
  8. Alert Aggregation and Verification.
  9. High
  10. Level Alert Structures.
  11. Large
  12. Scale Correlation.
  13. Evaluation.
  14. Open Issues.
  15. Conclusions.
  16. References.
  17. Index.

If you think that you've found an error in this book, please let us know by emailing to editorial@apress.com . You will find any confirmed erratum below, so you can check if your concern has already been addressed.
No errata are currently published