9780387887708

With the complexity of today's networks, it is impossible to know you are actually secure. You can prepare your network's defenses, but what threats will be thrown at it, what combinations will be tried, and what directions they will come from are all unknown variables. Most medium and large-scale network infrastructures include multiple high-speed connections to the Internet and support many customer collaborative networks, thousands of internal users and various web servers. Many of these systems are faced with an ever-increasing likelihood of unplanned downtime due to various attacks and security breaches. In this environment of uncertainty, which is full of hackers and malicious threats, those systems that are the best at maintaining the continuity of their services (i.e., survive the attacks) enjoy a significant competitive advantage. Minimizing unexpected and unplanned downtime can be done by identifying, prioritizing and defending against misuse, attacks and vulnerabilities.

Network Attacks	p. 1
Attack Taxonomies	p. 2
Probes	p. 4
EPSweep and PortSweep	p. 5
NMap	p. 5
MScan	p. 5
SAINT	p. 5
Satan	p. 6
Privilege Escalation Attacks	p. 6
Buffer Overflow Attacks	p. 7
Misconfiguration Attacks	p. 7
Race-condition Attacks	p. 8
Man-in-the-Middle Attacks	p. 9
Social Engineering Attacks	p. 10
Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attacks	p. 11
Detection Approaches for DoS and DDoS Attacks	p. 11
Prevention and Response for DoS and DDoS Attacks	p. 13
Examples of DoS and DDoS Attacks	p. 14
Worms Attacks	p. 16
Modeling and Analysis of Worm Behaviors	p. 16
Detection and Monitoring of Worm Attacks	p. 17
Worms Containment	p. 18
Examples of Well Known Worm Attacks	p. 19
Routing Attacks	p. 19
OSPF Attacks	p. 20
BGP Attacks	p. 21
References	p. 22
Detection Approaches	p. 27
Misuse Detection	p. 27
Pattern Matching	p. 28
Rule-based Techniques	p. 29
State-based Techniques	p. 31
Techniques based on Data Mining	p. 34
Anomaly Detection	p. 34
Advanced Statistical Models	p. 36
Rule based Techniques	p. 37
Biological Models	p. 39
Learning Models	p. 40
Specification-based Detection	p. 45
Hybrid Detection	p. 46
References	p. 49
Data Collection	p. 55
Data Collection for Host-Based IDSs	p. 55
Audit Logs	p. 56
System Call Sequences	p. 58
Data Collection for Network-Based IDSs	p. 61
SNMP	p. 61
Packets	p. 62
Limitations of Network-Based IDSs	p. 66
Data Collection for Application-Based IDSs	p. 67
Data Collection for Application-Integrated IDSs	p. 68
Hybrid Data Collection	p. 69
References	p. 69
Theoretical Foundation of Detection	p. 73
Taxonomy of Anomaly Detection Systems	p. 73
Fuzzy Logic	p. 75
Fuzzy Logic in Anomaly Detection	p. 77
Bayes Theory	p. 77
Naive Bayes Classifier	p. 78
Bayes Theory in Anomaly Detection	p. 78
Artificial Neural Networks	p. 79
Processing Elements	p. 79
Connections	p. 82
Network Architectures	p. 83
Learning Process	p. 84
Artificial Neural Networks in Anomaly Detection	p. 85
Support Vector Machine (SVM)	p. 86
Support Vector Machine in Anomaly Detection	p. 89
Evolutionary Computation	p. 89
Evolutionary Computation in Anomaly Detection	p. 91
Association Rules	p. 92
The Apriori Algorithm	p. 93
Association Rules in Anomaly Detection	p. 93
Clustering	p. 94
Taxonomy of Clustering Algorithms	p. 95
K-Means Clustering	p. 96
Y-Means Clustering	p. 97
Maximum-Likelihood Estimates	p. 98
Unsupervised Learning of Gaussian Data	p. 100
Clustering Based on Density Distribution Functions	p. 101
Clustering in Anomaly Detection	p. 102
Signal Processing Techniques Based Models	p. 104
Comparative Study of Anomaly Detection Techniques	p. 109
References	p. 110
Architecture and Implementation	p. 115
Centralized	p. n5
Distributed	p. 115
Intelligent Agents	p. 116
Mobile Agents	p. 123
Cooperative Intrusion Detection	p. 125
References	p. 126
Alert Management and Correlation	p. 129
Data Fusion	p. 129
Alert Correlation	p. 131
Preprocess	p. 132
Correlation Techniques	p. 139
Postprocess	p. 145
Alert Correlation Architectures	p. 150
Validation of Alert Correlation Systems	p. 152
Cooperative Intrusion Detection	p. 153
Basic Principles of Information Sharing	p. 153
Cooperation Based on Goal-tree Representation of Attack Strategies	p. 154
Cooperative Discovery of Intrusion Chain	p. 154
Abstraction-Based Intrusion Detection	p. 155
Interest-Biased Communication and Cooperation	p. 155
Agent-Based Cooperation	p. 156
Secure Communication Using Public-key Encryption	p. 157
References	p. 157
Evaluation Criteria	p. 161
Accuracy	p. 161
False Positive and Negative	p. 162
Confusion Matrix	p. 163
Precision, Recall, and F-Measure	p. 164
ROC Curves	p. 166
The Base-Rate Fallacy	p. 168
Performance	p. 171
Completeness	p. 172
Timely Response	p. 172
Adaptation and Cost-Sensitivity	p. 175
Intrusion Tolerance and Attack Resistance	p. 177
Redundant and Fault Tolerance Design	p. 177
Obstructing Methods	p. 179
Test, Evaluation and Data Sets	p. 180
References	p. 182
Intrusion Response	p. 185
Response Type	p. 185
Passive Alerting and Manual Response	p. 185
Active Response	p. 186
Response Approach	p. 186
Decision Analysis	p. 186
Control Theory	p. 189
Game theory	p. 189
Fuzzy theory	p. 190
Survivability and Intrusion Tolerance	p. 194
References	p. 197
Examples of Commercial and Open Source IDSs	p. 199
Bro Intrusion Detection System	p. 199
Prelude Intrusion Detection System	p. 199
Snort Intrusion Detection System	p. 200
Ethereal Application - Network Protocol Analyzer	p. 200
Multi Router Traffic Grapher (MRTG)	p. 201
Tamandua Network Intrusion Detection System	p. 202
Other Commercial IDSs	p. 202
Index	p. 209
Table of Contents provided by Ingram. All Rights Reserved.

Amazon no longer offers textbook rentals. We do!

Amazon no longer offers textbook rentals. We do!

We're the #1 textbook rental company. Let us show you why.

Network Intrusion Detection and Prevention

0387887709

Supplemental Materials

Summary

Table of Contents

Supplemental Materials

Rewards Program