Computer Intrusion Detection and Network Monitoring

by Marchette, David J.

ISBN13:
9780387952819
ISBN10:
0387952810
Format: Hardcover
Copyright: 2001-07-01
Publisher: Springer Verlag
More Book Details
Purchase Benefits

Free Shipping On Orders Over $35!

Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
Get Rewarded for Ordering Your Textbooks! Enroll Now
Customer Reviews Read Reviews
Write a Review
Computer Intrusion Detection and Network Monitoring > ISBN13: 9780387952819

List Price: ~~$159.99~~ Save up to $124.35

Digital

$77.22*

More Prices

Digital
$77.22*

Add to Cart

DURATION

PRICE

Online: 30 Days

Downloadable: 30 Days - VitalSource

$35.64*

Online: 60 Days

Downloadable: 60 Days - VitalSource

$47.52*

Online: 90 Days

Downloadable: 90 Days - VitalSource

$59.40*

Online: 120 Days

Downloadable: 120 Days - VitalSource

$71.28*

Online: 180 Days

Downloadable: 180 Days - VitalSource

$77.22*

Online: 1825 Days

Downloadable: Lifetime Access - VitalSource

$118.80*

*To support the delivery of the digital material to you, a digital delivery fee of $3.99 will be charged on each digital item.

Marketplace

$42.02

More Prices

Summary

This book covers the basic statistical and analytical techniques of computer intrusion detection. It is aimed at both statisticians looking to become involved in the data analysis aspects of computer security and computer scientists looking to expand their toolbox of techniques for detecting intruders.The book is self-contained, assumng no expertise in either computer security or statistics. It begins with a description of the basics of TCP/IP, followed by chapters dealing with network traffic analysis, network monitoring for intrusion detection, host based intrusion detection, and computer viruses and other malicious code. Each section develops the necessary tools as needed. There is an extensive discussion of visualization as it relates to network data and intrusion detection. The book also contains a large bibliography covering the statistical, machine learning, and pattern recognition literature related to network monitoring and intrusion detection.David Marchette is a scientist at the Naval Surface Warfacre Center in Dalhgren, Virginia. He has worked at Navy labs for 15 years, doing research in pattern recognition, computational statistics, and image analysis. He has been a fellow by courtesy in the mathematical sciences department of the Johns Hopkins University since 2000. He has been working in conputer intrusion detection for several years, focusing on statistical methods for anomaly detection and visualization. Dr. Marchette received a Masters in Mathematics from the University of California, San Diego in 1982 and a Ph.D. in Computational Sciences and Informatics from George Mason University in 1996.

Author Biography

David J. Marchette is a scientist at the Naval Surface Warfare Center in Dahlgren, Virginia.

Preface

Acknowledgments

vii

Introduction

xiii

Part I Networking Basics

TCP/IP Networking

(40)

Overview of Networking

(3)

tcpdump

(3)

Network Layering

(1)

Data Encapsulation

(1)

Header Information

(10)

Fragmentation

(1)

Routing

(1)

Domain Name Service

(4)

Miscellaneous Utilities

(15)

Further Reading

(1)

Network Statistics

(30)

Introduction

(1)

Network Traffic Intensities

(10)

Modeling Network Traffic

(5)

Mapping the Internet

(2)

Visualizing Network Traffic

(10)

Further Reading

(3)

Evaluation

(16)

Introduction

(2)

Evaluating Classifiers

(4)

Receiver Operator Characteristic Curves

(1)

The DARPA/MITLL ID Testbed

(3)

Live Network Testing

(2)

Further Reading

(5)

Part II Intrusion Detection

Network Monitoring

(70)

Introduction

(1)

tcpdump Filters

(1)

Common Attacks

(15)

Shadow

106

(3)

Activity Profiling

109

(37)

Emerald

146

(4)

Watchers

150

(1)

GrIDS

150

(1)

Miscellaneous Utilities

151

(6)

Further Reading

157

(2)

Host Monitoring

159

(56)

Introduction

159

(1)

Common Attacks

159

(12)

Nides

171

(7)

Computer Immunology

178

(5)

User Profiling

183

(18)

Miscellaneous Utilities

201

(8)

Further Reading

209

(6)

Part III Viruses and Other Creatures

Computer Viruses and Worms

215

(26)

Introduction

215

(1)

How Viruses Replicate

216

(2)

How Viruses Scanners Work

218

(3)

Epidemiology

221

(8)

An Immunology Approach

229

(2)

Virus Phylogenies

231

(1)

Computer Worms

232

(7)

Further Reading

239

(2)

Trojan Programs and Covert Channels

241

(16)

Introduction

241

(1)

Covert Channels

242

(4)

Steganography

246

(3)

Back Doors

249

(3)

Miscellaneous Trojans

252

(2)

Detecting Trojans

254

(1)

Further Reading

255

(2)

Appendix A Well-Known Port Numbers

257

(8)

Appendix B Trojan Port Numbers

265

(10)

Appendix C Country Codes

275

(6)

Appendix D Security Web Sites

281

(10)

D.1 Introduction

281

(1)

D.2 General Information Web Sites

282

(2)

D.3 Security

284

(3)

D.4 Cyber Crime

287

(1)

D.5 Software

288

(1)

D.6 Data

289

(1)

D.7 Intrusion Detection

289

(2)

Bibliography

291

(20)

Glossary

311

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.