20.1 Intruders Intruder Behavior Patterns Intrusion Techniques 20.2 Intrusion Detection Audit Records Statistical Anomaly Detection Rule-Based Intrusion Detection The Base-Rate Fallacy Distributed Intrusion Detection Honeypots Intrusion Detection Exchange Format 20.3 Password Management Password Protection Password Selection Strategies 20.4 Recommended Reading and Web Sites 20.5 Key Terms, Revi...

Most intrusion detection systems available today are using a single audit source for detecting all attacks, even though attacks have distinct manifestations in different parts of the system. In this paper we carry out a theoretical investigation of the role of the audit source for the detection capability of the intrusion detection system (IDS). Concentrating on web server attacks, we examine t...

There are many Intrusion Detection Systems (IDS) for networks and operating systems and there are few for Databasesdespite the fact that the most valuable resources of every organization are in its databases. The number of database attacks has grown, especially since most databases are accessible from the web and satisfactory solutions to these kinds of attacks are still lacking. We present DIW...

Intrusion detection is a key technology for self-healing systems designed to prevent or manage damage caused by security threats. Protecting web server-based applications using intrusion detection is challenging, especially when autonomy is required (i.e., without signature updates or extensive administrative overhead). Web applications are difficult to protect because they are large, complex, ...

Nowadays, information plays an important role in organizations. Sensitive information is often stored in databases. Traditional mechanisms such as encryption, access control, and authentication cannot provide a high level of confidence. Therefore, the existence of Intrusion Detection Systems in databases is necessary. In this paper, we propose an intrusion detection system for detecting attacks...

Web servers and server-side applications constitute the key components of modern Internet services. We present a pattern recognition system to the detection of intrusion attempts that target such components. Our system is anomaly-based, i.e., we model the normal (legitimate) traffic and intrusion attempts are identified as anomalous traffic. In order to address the presence of attacks (noise) i...