Computer Intrusion Detection and Network Monitoring - A Statistical Viewpoint

Read more

This book covers the basic statistical and analytical techniques of computer intrusion detection. It is aimed at both statisticians looking to become involved in the data analysis aspects of computer security and computer scientists looking to expand their toolbox of techniques for detecting intruders. The book is self-contained, assumng no expertise in either computer security or statistics. It begins with a description of the basics of TCP/IP, followed by chapters dealing with network traffic analysis, network monitoring for intrusion detection, host based intrusion detection, and computer viruses and other malicious code. Each section develops the necessary tools as needed. There is an extensive discussion of visualization as it relates to network data and intrusion detection. The book also contains a large bibliography covering the statistical, machine learning, and pattern recognition literature related to network monitoring and intrusion detection. David Marchette is a scientist at the Naval Surface Warfacre Center in Dalhgren, Virginia. He has worked at Navy labs for 15 years, doing research in pattern recognition, computational statistics, and image analysis. He has been a fellow by courtesy in the mathematical sciences department of the Johns Hopkins University since 2000. He has been working in conputer intrusion detection for several years, focusing on statistical methods for anomaly detection and visualization. Dr. Marchette received a Masters in Mathematics from the University of California, San Diego in 1982 and a Ph.D. in Computational Sciences and Informatics from George Mason University in 1996.

List of contents

From the contents:
Part I: Networking Basics: TCP/IP. Network Statistics. Evaluation
- Part II: Intrusion Detection: Network Monitoring. Host Monitoring
- Part III: Viruses and Other Creatures: Computer Viruses and Worms. Trojan Programs and Covert Channels
- Appendices: Well Known Port Numbers. Trojan Port Numbers. Country Codes. Security Web Sites.

About the author

David J. Marchette is a scientist at the Naval Surface Warfacre Center in Dalhgren, Virginia. He has worked at Navy labs for 15 years, doing research in pattern recognition, computational statistics, and image analysis. He has been a fellow by courtesy in the mathematical sciences department of the Johns Hopkins University since 2000. He has been working in conputer intrusion detection for several years, focusing on statistical methods for anomaly detection and visualization. Dr. Marchette received a Masters in Mathematics from the University of California, San Diego in 1982 and a Ph.D. in Computational Sciences and Informatics from George Mason University in 1996.

Summary

In the fall of 1999, I was asked to teach a course on computer intrusion detection for the Department of Mathematical Sciences of The Johns Hopkins University. That course was the genesis of this book. I had been working in the field for several years at the Naval Surface Warfare Center, in Dahlgren, Virginia, under the auspices of the SHADOW program, with some funding by the Office of Naval Research. In designing the class, I was concerned both with giving an overview of the basic problems in computer security, and with providing information that was of interest to a department of mathematicians. Thus, the focus of the course was to be more on methods for modeling and detecting intrusions rather than one on how to secure one's computer against intrusions. The first task was to find a book from which to teach. I was familiar with several books on the subject, but they were all at either a high level, focusing more on the political and policy aspects of the problem, or were written for security analysts, with little to interest a mathematician. I wanted to cover material that would appeal to the faculty members of the department, some of whom ended up sitting in on the course, as well as providing some interesting problems for students. None of the books on the market at the time had an adequate discussion of mathematical issues related to intrusion detection.

Additional text

From the reviews:

TECHNOMETRICS

"After reading this book…I believe that many readers would benefit from the skillful joint development of problem context and statistical application. As a bridge between the computer science and mathematical communities, this book is a fine addition to both the computer science and statistics literature and will likely stimulate valuable research by awakening mathematicians and statisticians to the potential of the problems in this area…This book would be appropriate for an upper-level undergraduate or graduate course in computer science and statistics. It would also be a useful introductory reference for the mathematics and statistics researcher who would like to pursue problems in this area. It is both informative and accessible."

SHORT BOOK REVIEWS

"The book provides an excellent introduction to the area. I recommend it to any computer- (and Unix-) literate statistcian who wishes to make an impact in an area, which will continue to be of great importance."
ISI Short Book Reviews, April 2002

"This book is a very good text on intrusion detection, written by an author who has direct practical experience … . Each chapter has a rich and detailed annotated bibliography, which makes this text a true gold-mine for researchers and practitioners. … the book is a good example of cross-fertilization between the networking and statistical fields, and will be appreciated both by the specialist and the general reader. It is an example … of interdisciplinarity, which is necessary in fields so complex as computer security." (Antonio Lioy, The Computer Journal, Vol. 45 (6), 2002)

"This book is about one of those areas that provides rich opportunities for statisticians … . The tools for computer intrusion detection are essentially statistical … . The book effectively provides the necessary background material for this intensely jargon-strewn area. The book includes many realexamples … . The book provides an excellent introduction to the area. I recommend it to any computer- (and Unix-) literate statistician who wishes to make an impact in an area, which will continue to be of great importance." (D. J. Hand, Short Book Reviews, Vol. 22 (1), 2002)

Report

From the reviews:
TECHNOMETRICS
"After reading this book I believe that many readers would benefit from the skillful joint development of problem context and statistical application. As a bridge between the computer science and mathematical communities, this book is a fine addition to both the computer science and statistics literature and will likely stimulate valuable research by awakening mathematicians and statisticians to the potential of the problems in this area This book would be appropriate for an upper-level undergraduate or graduate course in computer science and statistics. It would also be a useful introductory reference for the mathematics and statistics researcher who would like to pursue problems in this area. It is both informative and accessible."
SHORT BOOK REVIEWS
"The book provides an excellent introduction to the area. I recommend it to any computer- (and Unix-) literate statistcian who wishes to make an impact in an area, which will continue to be of great importance."
ISI Short Book Reviews, April 2002
"This book is a very good text on intrusion detection, written by an author who has direct practical experience . Each chapter has a rich and detailed annotated bibliography, which makes this text a true gold-mine for researchers and practitioners. the book is a good example of cross-fertilization between the networking and statistical fields, and will be appreciated both by the specialist and the general reader. It is an example of interdisciplinarity, which is necessary in fields so complex as computer security." (Antonio Lioy, The Computer Journal, Vol. 45 (6), 2002)
"This book is about one of those areas that provides rich opportunities for statisticians . The tools for computer intrusion detection are essentially statistical . The book effectively provides the necessary background material for this intensely jargon-strewn area. The book includes many real examples . The book provides an excellent introduction to the area. I recommend it to any computer- (and Unix-) literate statistician who wishes to make an impact in an area, which will continue to be of great importance." (D. J. Hand, Short Book Reviews, Vol. 22 (1), 2002)