|
|
|
Several books describe intrusion detection in detail. Bace [52] provides a wonderful overview with much historical information. Amoroso [22] presents a technical introduction. Northcutt [780] gives a practitioner's overview. Cooper, Northcutt, Fearnow, and Frederick [233] discuss intrusion detection and analysis, again from a practitioner's viewpoint. Proctor [821] presents both managerial and technical information.
Helman and Liepins [466] discuss the statistical foundations of intrusion detection. Immunological approaches to intrusion detection distinguish between normal and abnormal program behavior [291, 366, 368, 949]. Other approaches abound [264, 611, 620, 705]. Sekar, Bowen, and Segal [902] discuss the use of specification-based detection for automated response at the system call level. Badger discusses the relationship among wrappers, reference monitors, and trusted systems [53].
Several papers have been written about testing of intrusion detection systems [313, 377, 638, 639, 677, 823]. Axelsson [49] discusses the relationship between false positives and false negatives. Ptacek and Newsham [822] discuss how attackers might evade detection. Securing of mobile agents arises in many contexts [423, 1011].
Techniques for response are varied. Some are technical [339, 1067], whereas others are procedural and legal and involve special response teams [15, 356, 382, 507, 1010].
Sobirey, Fischer-Hübner, and Rannenberg raise the issue of privacy in an intrusion detection context [945]. Others have analyzed this problem and suggested approaches [120, 646].
|
|
|
| Top |