Intrusion Detection In Distributed Systems: An Abstraction-Based Approach presents research contributions in three areas with respect to intrusion detection in distributed systems. The first contribution is an abstraction-based approach to addressing heterogeneity and autonomy of distributed environments. The second contribution is a formal framework for modeling requests among cooperative IDSs and its application to Common Intrusion Detection Framework (CIDF). The third contribution is a novel approach to coordinating different IDSs for distributed event correlation.

Dr. Sushil Jajodia is Professor and Chairman of the Dept. of Information and Software Engineering, and Director of the Center for Secure Information Systems at the George Mason University, Fairfax, Virginia, USA

Dedication. List of Figures. List of Tables. Preface. Acknowledgments. 1: Introduction. 2: An Overview of Related Research. 3: System View and Event History. 4: Modeling Request Among Cooperating Intrusion Detection Systems. 5: Extending Common Intrusion Detection Framework (CIDF) to Support Queries. 6: A Hierarchical Model for Distributed Attacks. 7: Decentralized Detection of Distributed Attacks. 8: CARDS: An Experimental System for Detecting Distributed Attacks. 9: Conclusion. Appendices: A. B. References. Index.