Intrusion detection in distributed systems : an abstraction-based approach

Intrusion Detection In Distributed Systems: An Abstraction-Based Approach presents research contributions in three areas with respect to intrusion detection in distributed systems. The first contribution is an abstraction-based approach to addressing heterogeneity and autonomy of distributed environments. The second contribution is a formal framework for modeling requests among cooperative IDSs and its application to Common Intrusion Detection Framework (CIDF). The third contribution is a novel approach to coordinating different IDSs for distributed event correlation.

Dedication. List of Figures. List of Tables. Preface. Acknowledgments. 1: Introduction. 2: An Overview of Related Research. 3: System View and Event History. 4: Modeling Request Among Cooperating Intrusion Detection Systems. 5: Extending Common Intrusion Detection Framework (CIDF) to Support Queries. 6: A Hierarchical Model for Distributed Attacks. 7: Decentralized Detection of Distributed Attacks. 8: CARDS: An Experimental System for Detecting Distributed Attacks. 9: Conclusion. Appendices: A. B. References. Index.