The book is largely technical, as opposed to philosophical, legal, or policy-oriented, focusing on methods, algorithms, and architectures for performing intrusion detection in Internet environments. It includes case studies of different products, systems, or organizations to illustrate the general intrusion detection concepts. It provides an overview of the critical issues in intrusion detection and covers basic methods for intrusion detection. Audit trail analysis and on-the-fly processing techniques are the major areas of focus. It presents a generic architectural schema for intrusion detection and covers topics related to intrusion and attack modeling. The book describes techniques for promoting or tracing identity and anonymity and discusses correlation. A chapter is devoted to traps and honey pots and related concepts, an area that the book describes as "the future of law enforcement on the Internet." Finally, it discusses incident response, knowing what to do after an intrusion has been suspected or detected. Figures, notes, bibliography, index