Effective response to misuse or abusive activity in IT systems requires the capability to detect and understand improper activity. Intrusion Detection Systems observe IT activity, record these observations in audit data, and analyze the collected audit data to detect misuse. Privacy-Respecting Intrusion Detection introduces the concept of technical purpose binding, which restricts the linkability of pseudonyms in audit data to the amount necessary for misuse detection. Also, it limits the recovery of personal data to pseudonyms involved in a detected misuse scenario. The book includes case studies demonstrating this theory, and solutions that are constructively validated by providing algorithms.
This book introduces the concept of technical purpose binding, which restricts the linkability of pseudonyms in audit data to the amount necessary for misuse detection, and limits the recovery of personal data. Includes case studies and solutions, with algorithms.
Computer and network security is an issue that has been studied for many years. The Ware Report, which was published in 1970, pointed out the need for c- puter security and highlighted the di?culties in evaluating a system to determine if it provided the necessary security for particular applications. The Anderson Report, published in 1972, was the outcome of an Air Force Planning Study whose intent was to de?ne the research and development paths required to make secure computers a reality in the USAF. A major contribution of this report was the de?nition of the reference monitor concept, which led to security kernel architectures. In the mid to late 1970s a number of systems were designed and implemented using a security kernel architecture. These systems were mostly sponsored by the defense establishment and were not in wide use. Fast forwarding to more recent times, the advent of the world-wide web, inexp- sive workstatlóÑ