What is included with this book?
Network Attacks | p. 1 |
Attack Taxonomies | p. 2 |
Probes | p. 4 |
EPSweep and PortSweep | p. 5 |
NMap | p. 5 |
MScan | p. 5 |
SAINT | p. 5 |
Satan | p. 6 |
Privilege Escalation Attacks | p. 6 |
Buffer Overflow Attacks | p. 7 |
Misconfiguration Attacks | p. 7 |
Race-condition Attacks | p. 8 |
Man-in-the-Middle Attacks | p. 9 |
Social Engineering Attacks | p. 10 |
Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attacks | p. 11 |
Detection Approaches for DoS and DDoS Attacks | p. 11 |
Prevention and Response for DoS and DDoS Attacks | p. 13 |
Examples of DoS and DDoS Attacks | p. 14 |
Worms Attacks | p. 16 |
Modeling and Analysis of Worm Behaviors | p. 16 |
Detection and Monitoring of Worm Attacks | p. 17 |
Worms Containment | p. 18 |
Examples of Well Known Worm Attacks | p. 19 |
Routing Attacks | p. 19 |
OSPF Attacks | p. 20 |
BGP Attacks | p. 21 |
References | p. 22 |
Detection Approaches | p. 27 |
Misuse Detection | p. 27 |
Pattern Matching | p. 28 |
Rule-based Techniques | p. 29 |
State-based Techniques | p. 31 |
Techniques based on Data Mining | p. 34 |
Anomaly Detection | p. 34 |
Advanced Statistical Models | p. 36 |
Rule based Techniques | p. 37 |
Biological Models | p. 39 |
Learning Models | p. 40 |
Specification-based Detection | p. 45 |
Hybrid Detection | p. 46 |
References | p. 49 |
Data Collection | p. 55 |
Data Collection for Host-Based IDSs | p. 55 |
Audit Logs | p. 56 |
System Call Sequences | p. 58 |
Data Collection for Network-Based IDSs | p. 61 |
SNMP | p. 61 |
Packets | p. 62 |
Limitations of Network-Based IDSs | p. 66 |
Data Collection for Application-Based IDSs | p. 67 |
Data Collection for Application-Integrated IDSs | p. 68 |
Hybrid Data Collection | p. 69 |
References | p. 69 |
Theoretical Foundation of Detection | p. 73 |
Taxonomy of Anomaly Detection Systems | p. 73 |
Fuzzy Logic | p. 75 |
Fuzzy Logic in Anomaly Detection | p. 77 |
Bayes Theory | p. 77 |
Naive Bayes Classifier | p. 78 |
Bayes Theory in Anomaly Detection | p. 78 |
Artificial Neural Networks | p. 79 |
Processing Elements | p. 79 |
Connections | p. 82 |
Network Architectures | p. 83 |
Learning Process | p. 84 |
Artificial Neural Networks in Anomaly Detection | p. 85 |
Support Vector Machine (SVM) | p. 86 |
Support Vector Machine in Anomaly Detection | p. 89 |
Evolutionary Computation | p. 89 |
Evolutionary Computation in Anomaly Detection | p. 91 |
Association Rules | p. 92 |
The Apriori Algorithm | p. 93 |
Association Rules in Anomaly Detection | p. 93 |
Clustering | p. 94 |
Taxonomy of Clustering Algorithms | p. 95 |
K-Means Clustering | p. 96 |
Y-Means Clustering | p. 97 |
Maximum-Likelihood Estimates | p. 98 |
Unsupervised Learning of Gaussian Data | p. 100 |
Clustering Based on Density Distribution Functions | p. 101 |
Clustering in Anomaly Detection | p. 102 |
Signal Processing Techniques Based Models | p. 104 |
Comparative Study of Anomaly Detection Techniques | p. 109 |
References | p. 110 |
Architecture and Implementation | p. 115 |
Centralized | p. n5 |
Distributed | p. 115 |
Intelligent Agents | p. 116 |
Mobile Agents | p. 123 |
Cooperative Intrusion Detection | p. 125 |
References | p. 126 |
Alert Management and Correlation | p. 129 |
Data Fusion | p. 129 |
Alert Correlation | p. 131 |
Preprocess | p. 132 |
Correlation Techniques | p. 139 |
Postprocess | p. 145 |
Alert Correlation Architectures | p. 150 |
Validation of Alert Correlation Systems | p. 152 |
Cooperative Intrusion Detection | p. 153 |
Basic Principles of Information Sharing | p. 153 |
Cooperation Based on Goal-tree Representation of Attack Strategies | p. 154 |
Cooperative Discovery of Intrusion Chain | p. 154 |
Abstraction-Based Intrusion Detection | p. 155 |
Interest-Biased Communication and Cooperation | p. 155 |
Agent-Based Cooperation | p. 156 |
Secure Communication Using Public-key Encryption | p. 157 |
References | p. 157 |
Evaluation Criteria | p. 161 |
Accuracy | p. 161 |
False Positive and Negative | p. 162 |
Confusion Matrix | p. 163 |
Precision, Recall, and F-Measure | p. 164 |
ROC Curves | p. 166 |
The Base-Rate Fallacy | p. 168 |
Performance | p. 171 |
Completeness | p. 172 |
Timely Response | p. 172 |
Adaptation and Cost-Sensitivity | p. 175 |
Intrusion Tolerance and Attack Resistance | p. 177 |
Redundant and Fault Tolerance Design | p. 177 |
Obstructing Methods | p. 179 |
Test, Evaluation and Data Sets | p. 180 |
References | p. 182 |
Intrusion Response | p. 185 |
Response Type | p. 185 |
Passive Alerting and Manual Response | p. 185 |
Active Response | p. 186 |
Response Approach | p. 186 |
Decision Analysis | p. 186 |
Control Theory | p. 189 |
Game theory | p. 189 |
Fuzzy theory | p. 190 |
Survivability and Intrusion Tolerance | p. 194 |
References | p. 197 |
Examples of Commercial and Open Source IDSs | p. 199 |
Bro Intrusion Detection System | p. 199 |
Prelude Intrusion Detection System | p. 199 |
Snort Intrusion Detection System | p. 200 |
Ethereal Application - Network Protocol Analyzer | p. 200 |
Multi Router Traffic Grapher (MRTG) | p. 201 |
Tamandua Network Intrusion Detection System | p. 202 |
Other Commercial IDSs | p. 202 |
Index | p. 209 |
Table of Contents provided by Ingram. All Rights Reserved. |
The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.
The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.