Network Intrusion Detection and Prevention

Concepts and Techniques

By: Ali A. Ghorbani, Wei Lu, Mahbod Tavallaee

Write A Review

Hardcover | 28 October 2009

At a Glance

Hardcover
232 Pages

Dimensions(cm)
23.5 x 16.51 x 1.91

Hardcover

$229.00

or 4 interest-free payments of $57.25 with

Ships in 5 to 7 business days

With the complexity of today's networks, it is impossible to know you are actually secure. You can prepare your network's defenses, but what threats will be thrown at it, what combinations will be tried, and what directions they will come from are all unknown variables. Most medium and large-scale network infrastructures include multiple high-speed connections to the Internet and support many customer collaborative networks, thousands of internal users and various web servers. Many of these systems are faced with an ever-increasing likelihood of unplanned downtime due to various attacks and security breaches. In this environment of uncertainty, which is full of hackers and malicious threats, those systems that are the best at maintaining the continuity of their services (i.e., survive the attacks) enjoy a significant competitive advantage. Minimizing unexpected and unplanned downtime can be done by identifying, prioritizing and defending against misuse, attacks and vulnerabilities.

Intrusion Detection and Prevention is a rapidly growing field that deals with detecting and responding to malicious network traffic and computer misuse. Intrusion detection is the process of identifying and (possibly) responding to malicious activities targeted at computing and network resources. Any hardware or software automation that monitors, detects or responds to events occurring in a network or on a host computer is considered relevant to the intrusion detection approach. Different intrusion detection systems provide varying functionalities and benefits.

Network Intrusion Detection and Prevention: Concepts and Techniques provides detailed and concise information on different types of attacks, theoretical foundation of attack detection approaches, implementation, data collection, evaluation, and intrusion response. Additionally, it provides an overview of some of the commercially/publicly available intrusion detection and response systems. On the topic of intrusion detection system it is impossible to include everything there is to say on all subjects. However, we have tried to cover the most important and common ones.

Network Intrusion Detection and Prevention: Concepts and Techniques is designed for researchers and practitioners in industry. This book is suitable for advanced-level students in computer science as a reference book as well.

Shipping

	Standard Shipping	Express Shipping
Metro postcodes:	$9.99	$14.95
Regional postcodes:	$9.99	$14.95
Rural postcodes:	$9.99	$14.95

Orders over $79.00 qualify for free shipping.

How to return your order

At Booktopia, we offer hassle-free returns in accordance with our returns policy. If you wish to return an item, please get in touch with Booktopia Customer Care.

Additional postage charges may be applicable.

Defective items

If there is a problem with any of the items received for your order then the Booktopia Customer Care team is ready to assist you.

For more info please visit our Help Centre.

You Can Find This Book In

Non-Fiction Computing & I.T.Computer Science Computer Networking & Communications Network Security Computer Security Data Encryption Computer Hardware Network Hardware Computer Programming & Software Development Software Engineering

Other Editions and Formats

Paperback

Published: 25th February 2012

View Product

Network Attacks	p. 1
Attack Taxonomies	p. 2
Probes	p. 4
EPSweep and PortSweep	p. 5
NMap	p. 5
MScan	p. 5
SAINT	p. 5
Satan	p. 6
Privilege Escalation Attacks	p. 6
Buffer Overflow Attacks	p. 7
Misconfiguration Attacks	p. 7
Race-condition Attacks	p. 8
Man-in-the-Middle Attacks	p. 9
Social Engineering Attacks	p. 10
Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attacks	p. 11
Detection Approaches for DoS and DDoS Attacks	p. 11
Prevention and Response for DoS and DDoS Attacks	p. 13
Examples of DoS and DDoS Attacks	p. 14
Worms Attacks	p. 16
Modeling and Analysis of Worm Behaviors	p. 16
Detection and Monitoring of Worm Attacks	p. 17
Worms Containment	p. 18
Examples of Well Known Worm Attacks	p. 19
Routing Attacks	p. 19
OSPF Attacks	p. 20
BGP Attacks	p. 21
References	p. 22
Detection Approaches	p. 27
Misuse Detection	p. 27
Pattern Matching	p. 28
Rule-based Techniques	p. 29
State-based Techniques	p. 31
Techniques based on Data Mining	p. 34
Anomaly Detection	p. 34
Advanced Statistical Models	p. 36
Rule based Techniques	p. 37
Biological Models	p. 39
Learning Models	p. 40
Specification-based Detection	p. 45
Hybrid Detection	p. 46
References	p. 49
Data Collection	p. 55
Data Collection for Host-Based IDSs	p. 55
Audit Logs	p. 56
System Call Sequences	p. 58
Data Collection for Network-Based IDSs	p. 61
SNMP	p. 61
Packets	p. 62
Limitations of Network-Based IDSs	p. 66
Data Collection for Application-Based IDSs	p. 67
Data Collection for Application-Integrated IDSs	p. 68
Hybrid Data Collection	p. 69
References	p. 69
Theoretical Foundation of Detection	p. 73
Taxonomy of Anomaly Detection Systems	p. 73
Fuzzy Logic	p. 75
Fuzzy Logic in Anomaly Detection	p. 77
Bayes Theory	p. 77
Naive Bayes Classifier	p. 78
Bayes Theory in Anomaly Detection	p. 78
Artificial Neural Networks	p. 79
Processing Elements	p. 79
Connections	p. 82
Network Architectures	p. 83
Learning Process	p. 84
Artificial Neural Networks in Anomaly Detection	p. 85
Support Vector Machine (SVM)	p. 86
Support Vector Machine in Anomaly Detection	p. 89
Evolutionary Computation	p. 89
Evolutionary Computation in Anomaly Detection	p. 91
Association Rules	p. 92
The Apriori Algorithm	p. 93
Association Rules in Anomaly Detection	p. 93
Clustering	p. 94
Taxonomy of Clustering Algorithms	p. 95
K-Means Clustering	p. 96
Y-Means Clustering	p. 97
Maximum-Likelihood Estimates	p. 98
Unsupervised Learning of Gaussian Data	p. 100
Clustering Based on Density Distribution Functions	p. 101
Clustering in Anomaly Detection	p. 102
Signal Processing Techniques Based Models	p. 104
Comparative Study of Anomaly Detection Techniques	p. 109
References	p. 110
Architecture and Implementation	p. 115
Centralized	p. n5
Distributed	p. 115
Intelligent Agents	p. 116
Mobile Agents	p. 123
Cooperative Intrusion Detection	p. 125
References	p. 126
Alert Management and Correlation	p. 129
Data Fusion	p. 129
Alert Correlation	p. 131
Preprocess	p. 132
Correlation Techniques	p. 139
Postprocess	p. 145
Alert Correlation Architectures	p. 150
Validation of Alert Correlation Systems	p. 152
Cooperative Intrusion Detection	p. 153
Basic Principles of Information Sharing	p. 153
Cooperation Based on Goal-tree Representation of Attack Strategies	p. 154
Cooperative Discovery of Intrusion Chain	p. 154
Abstraction-Based Intrusion Detection	p. 155
Interest-Biased Communication and Cooperation	p. 155
Agent-Based Cooperation	p. 156
Secure Communication Using Public-key Encryption	p. 157
References	p. 157
Evaluation Criteria	p. 161
Accuracy	p. 161
False Positive and Negative	p. 162
Confusion Matrix	p. 163
Precision, Recall, and F-Measure	p. 164
ROC Curves	p. 166
The Base-Rate Fallacy	p. 168
Performance	p. 171
Completeness	p. 172
Timely Response	p. 172
Adaptation and Cost-Sensitivity	p. 175
Intrusion Tolerance and Attack Resistance	p. 177
Redundant and Fault Tolerance Design	p. 177
Obstructing Methods	p. 179
Test, Evaluation and Data Sets	p. 180
References	p. 182
Intrusion Response	p. 185
Response Type	p. 185
Passive Alerting and Manual Response	p. 185
Active Response	p. 186
Response Approach	p. 186
Decision Analysis	p. 186
Control Theory	p. 189
Game theory	p. 189
Fuzzy theory	p. 190
Survivability and Intrusion Tolerance	p. 194
References	p. 197
Examples of Commercial and Open Source IDSs	p. 199
Bro Intrusion Detection System	p. 199
Prelude Intrusion Detection System	p. 199
Snort Intrusion Detection System	p. 200
Ethereal Application - Network Protocol Analyzer	p. 200
Multi Router Traffic Grapher (MRTG)	p. 201
Tamandua Network Intrusion Detection System	p. 202
Other Commercial IDSs	p. 202
Index	p. 209
Table of Contents provided by Ingram. All Rights Reserved.

Network Intrusion Detection and Prevention

Concepts and Techniques

At a Glance

Hardcover

Shipping

How to return your order

Defective items

You Can Find This Book In

Other Editions and Formats

Paperback

More in Data Encryption

The New Age of Sexism

How the AI Revolution is Reinventing Misogyny

Computer Security

Art and Science

Foundations of Information Security

Cybersecurity All-in-One For Dummies

For Dummies

Rinsed

From Cartels to Crypto: How the Tech Industry Washes Money for the World's Deadliest Crooks

Supremacy

AI, ChatGPT and the Race that Will Change the World

Security Risk Management Body of Knowledge

Wiley Series in Systems Engineering and Management

Black Hat Python, 2nd Edition

Python Programming for Hackers and Pentesters

Crafting an Information Security Playbook

CompTIA Security+

8th Edition - Guide to Network Security Fundamentals

Hackers & Painters

Principles of Information Security

7th edition

Cryptography and Network Security

8th Edition - Principles and Practice, Global Edition

Quantum Leaps

How Maths is Shaping the Future

Cloud Native Application Protection Platforms

A Guide to CNAPPs and the Foundations of Comprehensive Cloud Security

The Web Application Hacker's Handbook

Finding and Exploiting Security Flaws 2E

Container Security

Fundamental Technology Concepts That Protect Containerized Applications

The New Age of Sexism

How the AI Revolution is Reinventing Misogyny

Fire Brigades to Firewalls

A Public Safety Guide to Cybersecurity

Fire Brigades to Firewalls

A Public Safety Guide to Cybersecurity

Audio Spoof Detection from Theory to Practical Application

AI-driven Cyber Risk Management

River Publishers Series in Digital Security and Forensics

Bridging the Gap

Strengthening the Bond between Audit Committee and Internal Audit

Managing Organizational and Societal Challenges of AI

Insights from Education and Cyber Security

This product is categorised by