Introduction

Along with the growing dependence of our society on information technology systems (IT), issues regarding IT security are becoming more urgent. While until recently in practice primarily preventive safeguards were deployed, it becomes more and more apparent that IT security cannot be achieved by prevention alone. Rather, preventive safeguards and reactive aspects need to complement one another.

To be able to react to violations of a given security policy, one needs to detect such violations in the first place. We acknowledge that violations of security policies may come in many forms, however, for the remainder of this book we subsume such violations under the term of misuse. While the history of scientific research on the detection of misuse goes back to the seminal work of Anderson in 1980 [5], only recently software for detecting misuse is widely available and in use. Such software systems are commonly denoted as intrusion detection systems (IDSs). While commercial IDS products are available today, they notoriously stay behind the expectations of their users. Hence, research in this area is an ongoing effort of the scientific community that has been strongly intensified during the recent years. Nowadays, there are even two international conferences devoted to this area, annually bringing together leading scientists and experts (RAID since 1998 [57] and DIMVA since 2004 [95]).