gogogo
Syndetics cover image
Image from Syndetics

Network intrusion detection and prevention : concepts and techniques / Ali A. Ghorbani, Wei Lu, Mahbod Taballaee.

By: Contributor(s): Material type: TextTextSeries: Advances in information securityPublication details: New York : Springer, c2010.Description: xviii, 212 p. : ill. ; 24 cmISBN:
  • 0387887709 (hbk.)
  • 9780387887708 (hbk.)
Subject(s): DDC classification:
  • 005.8 GHO
Summary: Intrusion Detection and Prevention is a rapidly growing field that deals with detecting and responding to malicious network traffic and computer misuse. Intrusion detection is the process of identifying and (possibly) responding to malicious activities targeted at computing and network resources. Any hardware or software automation that monitors, detects or responds to events occurring in a network or on a host computer is considered relevant to the intrusion detection approach. Different intrusion detection systems provide varying functionalities and benefits. Network Intrusion Detection and Prevention: Concepts and Techniques provides detailed and concise information on different types of attacks, theoretical foundation of attack detection approaches, implementation, data collection, evaluation, and intrusion response. Additionally, it provides an overview of some of the commercially/publicly available intrusion detection and response systems--Cover.
Holdings
Item type Current library Call number Copy number Status Date due Barcode
Standard Loan Moylish Library Main Collection 005.8 GHO (Browse shelf(Opens below)) 1 Available 39002100475749

Enhanced descriptions from Syndetics:

Network Intrusion Detection and Prevention: Concepts and Techniques provides detailed and concise information on different types of attacks, theoretical foundation of attack detection approaches, implementation, data collection, evaluation, and intrusion response. Additionally, it provides an overview of some of the commercially/publicly available intrusion detection and response systems. On the topic of intrusion detection system it is impossible to include everything there is to say on all subjects. However, we have tried to cover the most important and common ones.

Network Intrusion Detection and Prevention: Concepts and Techniques is designed for researchers and practitioners in industry. This book is suitable for advanced-level students in computer science as a reference book as well.

Includes bibliographical references and index.

Intrusion Detection and Prevention is a rapidly growing field that deals with detecting and responding to malicious network traffic and computer misuse. Intrusion detection is the process of identifying and (possibly) responding to malicious activities targeted at computing and network resources. Any hardware or software automation that monitors, detects or responds to events occurring in a network or on a host computer is considered relevant to the intrusion detection approach. Different intrusion detection systems provide varying functionalities and benefits. Network Intrusion Detection and Prevention: Concepts and Techniques provides detailed and concise information on different types of attacks, theoretical foundation of attack detection approaches, implementation, data collection, evaluation, and intrusion response. Additionally, it provides an overview of some of the commercially/publicly available intrusion detection and response systems--Cover.

Table of contents provided by Syndetics

  • 1 Network Attacks (p. 1)
  • 1.1 Attack Taxonomies (p. 2)
  • 1.2 Probes (p. 4)
  • 1.2.1 EPSweep and PortSweep (p. 5)
  • 1.2.2 NMap (p. 5)
  • 1.2.3 MScan (p. 5)
  • 1.2.4 SAINT (p. 5)
  • 1.2.5 Satan (p. 6)
  • 1.3 Privilege Escalation Attacks (p. 6)
  • 1.3.1 Buffer Overflow Attacks (p. 7)
  • 1.3.2 Misconfiguration Attacks (p. 7)
  • 1.3.3 Race-condition Attacks (p. 8)
  • 1.3.4 Man-in-the-Middle Attacks (p. 9)
  • 1.3.5 Social Engineering Attacks (p. 10)
  • 1.4 Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attacks (p. 11)
  • 1.4.1 Detection Approaches for DoS and DDoS Attacks (p. 11)
  • 1.4.2 Prevention and Response for DoS and DDoS Attacks (p. 13)
  • 1.4.3 Examples of DoS and DDoS Attacks (p. 14)
  • 1.5 Worms Attacks (p. 16)
  • 1.5.1 Modeling and Analysis of Worm Behaviors (p. 16)
  • 1.5.2 Detection and Monitoring of Worm Attacks (p. 17)
  • 1.5.3 Worms Containment (p. 18)
  • 1.5.4 Examples of Well Known Worm Attacks (p. 19)
  • 1.6 Routing Attacks (p. 19)
  • 1.6.1 OSPF Attacks (p. 20)
  • 1.6.2 BGP Attacks (p. 21)
  • References (p. 22)
  • 2 Detection Approaches (p. 27)
  • 2.1 Misuse Detection (p. 27)
  • 2.1.1 Pattern Matching (p. 28)
  • 2.1.2 Rule-based Techniques (p. 29)
  • 2.1.3 State-based Techniques (p. 31)
  • 2.1.4 Techniques based on Data Mining (p. 34)
  • 2.2 Anomaly Detection (p. 34)
  • 2.2.1 Advanced Statistical Models (p. 36)
  • 2.2.2 Rule based Techniques (p. 37)
  • 2.2.3 Biological Models (p. 39)
  • 2.2.4 Learning Models (p. 40)
  • 2.3 Specification-based Detection (p. 45)
  • 2.4 Hybrid Detection (p. 46)
  • References (p. 49)
  • 3 Data Collection (p. 55)
  • 3.1 Data Collection for Host-Based IDSs (p. 55)
  • 3.1.1 Audit Logs (p. 56)
  • 3.1.2 System Call Sequences (p. 58)
  • 3.2 Data Collection for Network-Based IDSs (p. 61)
  • 3.2.1 SNMP (p. 61)
  • 3.2.2 Packets (p. 62)
  • 3.2.3 Limitations of Network-Based IDSs (p. 66)
  • 3.3 Data Collection for Application-Based IDSs (p. 67)
  • 3.4 Data Collection for Application-Integrated IDSs (p. 68)
  • 3.5 Hybrid Data Collection (p. 69)
  • References (p. 69)
  • 4 Theoretical Foundation of Detection (p. 73)
  • 4.1 Taxonomy of Anomaly Detection Systems (p. 73)
  • 4.2 Fuzzy Logic (p. 75)
  • 4.2.1 Fuzzy Logic in Anomaly Detection (p. 77)
  • 4.3 Bayes Theory (p. 77)
  • 4.3.1 Naive Bayes Classifier (p. 78)
  • 4.3.2 Bayes Theory in Anomaly Detection (p. 78)
  • 4.4 Artificial Neural Networks (p. 79)
  • 4.4.1 Processing Elements (p. 79)
  • 4.4.2 Connections (p. 82)
  • 4.4.3 Network Architectures (p. 83)
  • 4.4.4 Learning Process (p. 84)
  • 4.4.5 Artificial Neural Networks in Anomaly Detection (p. 85)
  • 4.5 Support Vector Machine (SVM) (p. 86)
  • 4.5.1 Support Vector Machine in Anomaly Detection (p. 89)
  • 4.6 Evolutionary Computation (p. 89)
  • 4.6.1 Evolutionary Computation in Anomaly Detection (p. 91)
  • 4.7 Association Rules (p. 92)
  • 4.7.1 The Apriori Algorithm (p. 93)
  • 4.7.2 Association Rules in Anomaly Detection (p. 93)
  • 4.8 Clustering (p. 94)
  • 4.8.1 Taxonomy of Clustering Algorithms (p. 95)
  • 4.8.2 K-Means Clustering (p. 96)
  • 4.8.3 Y-Means Clustering (p. 97)
  • 4.8.4 Maximum-Likelihood Estimates (p. 98)
  • 4.8.5 Unsupervised Learning of Gaussian Data (p. 100)
  • 4.8.6 Clustering Based on Density Distribution Functions (p. 101)
  • 4.8.7 Clustering in Anomaly Detection (p. 102)
  • 4.9 Signal Processing Techniques Based Models (p. 104)
  • 4.10 Comparative Study of Anomaly Detection Techniques (p. 109)
  • References (p. 110)
  • 5 Architecture and Implementation (p. 115)
  • 5.1 Centralized (p. n5)
  • 5.2 Distributed (p. 115)
  • 5.2.1 Intelligent Agents (p. 116)
  • 5.2.2 Mobile Agents (p. 123)
  • 5.3 Cooperative Intrusion Detection (p. 125)
  • References (p. 126)
  • 6 Alert Management and Correlation (p. 129)
  • 6.1 Data Fusion (p. 129)
  • 6.2 Alert Correlation (p. 131)
  • 6.2.1 Preprocess (p. 132)
  • 6.2.2 Correlation Techniques (p. 139)
  • 6.2.3 Postprocess (p. 145)
  • 6.2.4 Alert Correlation Architectures (p. 150)
  • 6.2.5 Validation of Alert Correlation Systems (p. 152)
  • 6.3 Cooperative Intrusion Detection (p. 153)
  • 6.3.1 Basic Principles of Information Sharing (p. 153)
  • 6.3.2 Cooperation Based on Goal-tree Representation of Attack Strategies (p. 154)
  • 6.3.3 Cooperative Discovery of Intrusion Chain (p. 154)
  • 6.3.4 Abstraction-Based Intrusion Detection (p. 155)
  • 6.3.5 Interest-Biased Communication and Cooperation (p. 155)
  • 6.3.6 Agent-Based Cooperation (p. 156)
  • 6.3.7 Secure Communication Using Public-key Encryption (p. 157)
  • References (p. 157)
  • 7 Evaluation Criteria (p. 161)
  • 7.1 Accuracy (p. 161)
  • 7.1.1 False Positive and Negative (p. 162)
  • 7.1.2 Confusion Matrix (p. 163)
  • 7.1.3 Precision, Recall, and F-Measure (p. 164)
  • 7.1.4 ROC Curves (p. 166)
  • 7.1.5 The Base-Rate Fallacy (p. 168)
  • 7.2 Performance (p. 171)
  • 7.3 Completeness (p. 172)
  • 7.4 Timely Response (p. 172)
  • 7.5 Adaptation and Cost-Sensitivity (p. 175)
  • 7.6 Intrusion Tolerance and Attack Resistance (p. 177)
  • 7.6.1 Redundant and Fault Tolerance Design (p. 177)
  • 7.6.2 Obstructing Methods (p. 179)
  • 7.7 Test, Evaluation and Data Sets (p. 180)
  • References (p. 182)
  • 8 Intrusion Response (p. 185)
  • 8.1 Response Type (p. 185)
  • 8.1.1 Passive Alerting and Manual Response (p. 185)
  • 8.1.2 Active Response (p. 186)
  • 8.2 Response Approach (p. 186)
  • 8.2.1 Decision Analysis (p. 186)
  • 8.2.2 Control Theory (p. 189)
  • 8.2.3 Game theory (p. 189)
  • 8.2.4 Fuzzy theory (p. 190)
  • 8.3 Survivability and Intrusion Tolerance (p. 194)
  • References (p. 197)
  • A Examples of Commercial and Open Source IDSs (p. 199)
  • A.l Bro Intrusion Detection System (p. 199)
  • A.2 Prelude Intrusion Detection System (p. 199)
  • A.3 Snort Intrusion Detection System (p. 200)
  • A.4 Ethereal Application - Network Protocol Analyzer (p. 200)
  • A.5 Multi Router Traffic Grapher (MRTG) (p. 201)
  • A.6 Tamandua Network Intrusion Detection System (p. 202)
  • A.7 Other Commercial IDSs (p. 202)
  • Index (p. 209)

Powered by Koha