An artificial immune system is described which incorporates many properties of natural immune systems, including diversity, distributed computation, error tolerance, dynamic learning and adaptation and slef-monitoring….

Automated intrusion response is an important unsolved problem in computer security.  A system called pH (for process homeostasis) is described which can successfully detect and stop intrusions before the target system is compromised….

AAFID is a distributed intrusion detection architecture and system, developed in CERIAS at Purdue University.  AAFID was the first architecture that proposed the use of autonomous agents for doing intrusion detection…...

State politico-military are re-evaluating definitions of state security and threats posed to it by the Internet.  Numerous initiatives have been undertaken at state-level to attempt to limit the possible consequences of information warfare….

Computer network attacks are a relatively recent phenomenon.  CNA have been tentatively described as operations to disrupt, deny, degrade, or destroy information resident in computers and computer networks, or the computers and networks themselves…..

The Internet has brought with it a whole revolution and new challenges that were previously unanticipated.  Countries, both small and large, face a myriad of challenges in teh legal, policy, and technical realms….

Critical infrastructure protection is not only a national problem but, because so many parts of the infrastructure are connected, it’s also a global one and international fora such as this will go a long way, we believe, in helping us deal with this significant challenge…

The concept of one event happening before another in a distributed system is examined, and is shown to define a partial ordering of the events.  A distributed algorithm is given for synchronizing a system of logical clocks which can be used to totally order the events…

The Intrusion Detection and Response Data Sharing Workshop, held at the Universityof California at Davis on July 15, 1998, had three goals.  First, identify the needs of practitioners and researchers and identify opportunities for co-operation.  Secondly, broker exchanges of research prototypes and better products to practitioners, and real incident data to researchers.  Thirdly, provide funding agencies with a set of hard research problems for possible future funding.

The Computer Misuse Detection System is a computer security product that enables real-time detection of unauthorized computer use through audit data analysis.  Audit data analysis is a non-invasive method for secuirty assurance that may be used to detect computer misuse and mitigate security risks in large, distributed, open architecture environments…..

Next generation cyberspace intrusion detection systems will fuse data from heterogeneous distributed network sensors o create cyberspace situational awareness.  This paper provides a few first steps toward developing the engineering requirements using the art and science of multisensor data fusion as the underlying model.  Current generations internet-based intrusion detection systems and basic multisensor data fusion constructs are summarized.  The TCP/IP model is used to develop framework sensor and database models.  The SNMP ASN.1 MIB construct is recommended for the representation of context-dependent threat & vulnerabilities databases.

The Internet protocol suit TCP/IP, was first proposed fifteen years ago.  It was developed by the Defense Advanced Research Projects Agency (DARPA), and has been papers and specifications that describe how the protocols work, it is sometimes difficult to deduce from these why the protocol is as it is.  For example, the Internet protocol is based on a connectionless or datagram mode of service.  The motivation for this has been greatly misunderstood.  This paper attempts to capture some of the early reasoning which has shaped the Internet protocols.