This tutorial presents an overview of two facets of intrusion detection: the general problem of correlating detection information, and issues that arise in detecting intruders by monitoring network traffic. For the first, we discuss different types of data to correlate, current operational practices, pattern matching and data mining approaches, related standardization efforts, and the problem of assessing the efficacy of the different approaches. For the second, we give an overview of the benefits and difficulties of network-based intrusion detection systems, and discuss stateless versus stateful approaches, the fundamental problem of evasion, and recent work on activity-based techniques.
Designers and builders of modern software systems must be aware of and responsive to a wide range of threats, from the adversarial hacker who seeks to compromise system security, to the unethical consumer who seeks to subvert copy-protection and watermarking mechanisms. In addition, software engineering practices can benefit by using security techniques to protect intellectual property, build trust in useful off-the-shelf software artifacts, etc. In this tutorial we will highlight several current topics on the interactions between software engineering and security, including: