John Wiley & Sons Ltd | ISBN-978-0-470-02324-2 | English | PDF | 1.82 MB RAR Compressed | 356 Pages | No Password
Preface
Computer and network technologies have empowered us and transformed our business and life inmany ways. However, our increasing dependence on computer and network systems has also exposed us to a wide range of cyber security risks involving system vulnerabilities and threats to our assets and transactions on those systems. Computer and network security is concerned with availability, con?dentiality, integrity, non-repudiation, trust, and many other aspects of computer and network assets which may be compromised by cyber attacks from external and insider threats through exploiting system vulnerabilities. The protection of computer and network security must cover prevention to reduce system vulnerabilities, detection to identify ongoing cyber attacks that break through prevention mechanisms, and response to stop and control cyber attacks, recover systems and correct exploited system vulnerabilities.
SCOPE AND PURPOSE OF THE BOOK
This book presents a collection of the researchwork that I have carried outwithmy students and research associates in the past ten years to address the following issues in protecting computer and network security:
1. Prevention
(a) How to enhance the architecture of computer and network systems for security protection through the speci?cation and enforcement of digital security policies, with the following research outcome:
(i) An Asset Protection-Driven Security Architecture (APDSA) which is developed based on a proactive asset protection-driven paradigm of security protection, in comparison with the threat-driven security protection paradigmthat is often adopted in existing security products.
(b) How to manage the admission control, scheduling, reservation and execution of computer and network jobs to assure the service stability and end-to-end delay of those jobs even under Denial of Service attacks or overwhelming amounts of job demands, with the following research outcomes:
(i) A Batch Scheduled Admission Control (BSAC) method to reduce the variability of job waiting time for service stability, in comparison with no admission control in the existing best effort service model that is commonly adopted on computers and networks but is a major system vulnerability exploited by Denial of Service (DoS) attacks.
(ii) Several job scheduling methods to schedule the service of jobs on single or multiple computer/network resources for service stability, including the Weighted Shortest Processing Time –Adjusted (WSPT-A)method, theVeri?ed Spiral (VS)method, the Balanced Spiral (BS) method, and the Dynamic VS and BS methods, in comparison with the First-In-First-Out (FIFO) method used in the existing best effort model which can be exploited by DoS attacks.
(iii) Instantaneous Resource reSerVation Protocol (I-RSVP) and a Stable Instantaneous Resource reSerVation Protocol (SI-RSVP) that are developed to allow job reservation and service for instantaneous jobs on computer networks for the end-to-end delay guarantee to those jobs, in comparison with the existing Resource reSerVation Protocol (RSVP) based on the Integrated Service (InteServ) model to provide the end-to-end delay guarantee for computer and network jobs with continuous data ?ows; and the existing Differentiated Service (DiffServ) model.
2. Detection
(a) How to achieve the accuracy and earliness of cyber attack detection when monitoring the observed data from computers and networks that contains much noise due to the mixed data effects of an attack and ongoing normal use activities, with the following research outcomes:
(i) the attack norm separation methodology, in comparison with two conventional methodologies of cyber attack detection: signature recognition and anomaly detection.
(ii) the cuscore detection models that are used to perform cyber attack detection based on the attack norm separation methodology, in comparison with
the Arti?cial Neural Network (ANN) models based on the signature recognition methodology;
the univariate Statistical Process Control (SPC) technique, the Exponential WeightedMovingAverage (EWMA) control charts, and theMarkov chainmodels of event transitions, which are developed based on the anomaly detection methodology;
the multivariate SPC technique, the Chi-Square Distance Monitoring (CSDM) method based on the anomaly detection methodology.
(iii) the Clustering and Classi?cation Algorithm – Supervised (CCAS) which is a scalable data mining algorithm with the incremental learning capability to learn signature patterns of attack data and normal use data, in comparison with
conventional clustering methods, such as hierarchical clustering,
conventional data mining algorithms, such as decision trees.
(i) the statistical methods of extracting the mean, probability distribution and autocorrelation features of attack data and normal use data;
(ii) themathematicalmethod of extracting the time-frequencywavelet feature of attack data and normal use data;
(iii) the statistical and mathematical methods of uncovering attack data characteristics and normal use data characteristics in the mean, probability distribution, autocorrelation and wavelet features;
(iv) the illustration and summary of the uncovered attack data characteristics of eleven representative attacks, including:
the Apache Resource DoS attack
the ARP Poison attack
the Distributed DoS attack
the Fork Bomb attack
the FTP Buffer Over?ow attack
the Hardware Keylogger attack
the Software Keylogger attack
the Remote Dictionary attack
the Rootkit attack
the Security Audit attack using Nessus
the Vulnerability Scan attack using NMAP.
Contd....................
Download
(ii) themathematicalmethod of extracting the time-frequencywavelet feature of attack data and normal use data;
(iii) the statistical and mathematical methods of uncovering attack data characteristics and normal use data characteristics in the mean, probability distribution, autocorrelation and wavelet features;
(iv) the illustration and summary of the uncovered attack data characteristics of eleven representative attacks, including:
the Apache Resource DoS attack
the ARP Poison attack
the Distributed DoS attack
the Fork Bomb attack
the FTP Buffer Over?ow attack
the Hardware Keylogger attack
the Software Keylogger attack
the Remote Dictionary attack
the Rootkit attack
the Security Audit attack using Nessus
the Vulnerability Scan attack using NMAP.
Contd....................
Download
Code:
http://www.uploading.com/files/ND9FT8XA/Secure.Computer.and.Network.Systems.M.A....rar.html
