Modeling, Analysis and Design
Nong Ye, Arizona State University, USA
Computer and network systems have given us unlimited opportunities of reducing cost, improving efficiency, and increasing revenues, as demonstrated by an increasing number of computer and network applications. Yet, our dependence on computer and network systems has also exposed us to new risks, which threaten the security of, and present new challenges for protecting our assets and information on computer and network systems. The reliability of computer and network systems ultimately depends on security and quality of service (QoS) performance.
This book presents quantitative modeling and analysis techniques to address these numerous challenges in cyber attack prevention and detection for security and QoS, including:
the latest research on computer and network behavior under attack and normal use conditions;
new design principles and algorithms, which can be used by engineers and practitioners to build secure computer and network systems, enhance security practice and move to providing QoS assurance on the Internet;
mathematical and statistical methods for achieving the accuracy and timeliness of cyber attack detection with the lowest computational overhead;
guidance on managing admission control, scheduling, reservation and service of computer and network jobs to assure the service stability and end–to–end delay of those jobs even under Denial of Service attacks or abrupt demands.
Secure Computer and Network Systems: Modeling, Analysis and Design is an up–to–date resource for practising engineers and researchers involved in security, reliability and quality management of computer and network systems. It is also a must–read for postgraduate students developing advanced technologies for improving computer network dependability.
PART I. An Overview of Computer and Network Security.
Chapter 1. Assets, Vulnerabilities and Threats of Computer and Network Systems.
1.1 Risk Assessment.
1.2 Assets and Asset Attributes.
1.5 Asset Risk Framework.
Chapter 2. Protection of Computer and Network Systems.
2.1 Cyber Attack Prevention.
2.2 Cyber Attack Detection.
2.3 Cyber Attack Response.
PART II. Secure System Architecture and Design.
Chapter 3. Asset Protection Driven, Policy Based Security Protection Architecture.
3.1 Limitation of a Threat Driven Security Protection Paradigm.
3.2 A New, Asset Protection Driven Paradigm of Security Protection.
3.3 Digital Security Policies and Policy–Based Security Protection.
3.4 Enabling Architecture and Methodology.
3.5 Further Research Issues.
Chapter 4. Job Admission Control for Service Stability.
4.1 A Token Bucket Method of Admission Control in DiffServ and InteServ Models.
4.2 Batch Scheduled Admission Control (BSAC) for Service Stability.
Chapter 5. Job Scheduling Methods for Service Differentiation and Service Stability.
5.1 Job Scheduling Methods for Service Differentiation.
5.2 Job Scheduling Methods for Service Stability.
Chapter 6. Job Reservation and Service Protocols for End–to–End Delay Guarantee.
6.1 Job Reservation and Service in InteServ and RSVP.
6.2 Job Reservation and Service in I–RSVP.
6.3 Job Reservation and Service in SI–RSVP.
6.4. Service Performance of I–RSVP and SI–RSVP in Comparison with the Best Effort Model.
PART III. Mathematical/Statistical Features and Characteristics of Attack and Normal Use Data.
Chapter 7. Collection of Windows Performance Objects Data under Attack and Normal Use Conditions.
7.1 Windows Performance Objects Data.
7.2 Description of Attacks and Normal Use Activities.
7.3 Computer Network Setup for Data Collection.
7.4 Procedure of Data Collection.
Chapter 8. Mean Shift Characteristics of Attack and Normal Use Data.
8.1 The Mean Feature of Data and Two–Sample Test of Mean Difference.
8.2 Procedure of Data Pre–processing.
8.3 Procedure of Discovering Mean Shift Data Characteristics for Attacks.
8.4 Mean Shift Attack Characteristics.
Chapter 9. Probability Distribution Change Characteristics of Attack and Normal Use Data.
9.1 Observation of Data Patterns.
9.2 Skewness and Mode Tests to Identify Five Types of Probability Distributions.
9.3 Procedure for Discovering Probability Distribution Change Data Characteristics for Attacks.
9.4 Distribution Change Attack Characteristics.
Chapter 10. Autocorrelation Change Characteristics of Attack and Normal Use Data.
10.1 The Autocorrelation Feature of Data.
10.2 Procedure of Discovering the Autocorrelation Change Characteristics for Attacks.
10.3 Autocorrelation Change Attack Characteristics.
Chapter 11. Wavelet Change Characteristics of Attack and Normal Use Data.
11.1 The Wavelet Feature of Data.
11.2 Procedure of Discovering the Wavelet Change Characteristics for Attacks.
11.3 Wave Change Attack Characteristics.
PART IV. Cyber Attack Detection: Signature Recognition.
Chapter 12. Clustering and Classifying Attack and Normal Use Data.
12.1. Clustering and Classification Algorithm Supervised (CCAS).
12.2 Training and Testing Data.
12.3 Application of CCAS to Cyber Attack Detection.
12.4 Detection Performance of CCAS.
Chapter 13. Learning and Recognizing Attack Signatures Using Artificial Neural Networks.
13.1 The Structure and Back–Propagation Learning Algorithm of Feedforward ANNs.
13.2. The ANN Application to Cyber Attack Detection.
PART V. Cyber Attack Detection: Anomaly Detection.
Chapter 14. Statistical Anomaly Detection with Univariate and Multivariate Data.
14.1 EWMA Control Charts.
14.2. Application of the EWMA Control Chart to Cyber Attack Detection.
14.3 Chi–Square Distance Monitoring (CSDM) Method.
14.4 Application of the CSDM Method to Cyber Attack Detection.
Chapter 15. Stochastic Anomaly Detection Using the Markov Chain Model of Event Transitions.
15.1 The Markov Chain Model of Event Transitions for Cyber Attack Detection.
15.2 Detection Performance of the Markov Chain Model Based Anomaly Detection Technique and Performance Degradation with the Increased Mixture of Attack and Normal Use Data.
PART VI. Cyber Attack Detection: Attack Norm Separation.
Chapter 16. Mathematical and Statistical Models of Attack Data and Normal Use Data.
16.1 The Training Data for Data Modeling.
16.2 Statistical Data Models for the Mean Feature.
16.3 Statistical Data Models for the Distribution Feature.
16.4 Time–Series Based Statistical Data Models for the Autocorrelation Feature.
16.5 The Wavelet–based Mathematical Model for the Wavelet Feature.
Chapter 17. Cuscore–Based Attack Norm Separation Models.
17.1 The Cuscore.
17.2 Application of the Cuscore Models to Cyber Attack Detection.
17.3 Detection Performance of the Cuscore Detection Models.
PART VII. Security Incident Assessment.
Chapter 18. Optimal Selection and Correlation of Attack Data Characteristics in Attack Profiles.
18.1 Integer Programming for Selecting an Optimal Set of Attack Data Characteristics.
18.2 Attack Profiling.
"Since the next generation of computer network systems and information infrastructure relies on scientific and engineering approaches to provide security, QoS, and ultimately system dependability, this book might help people in academia and industry working to achieve this goal." (IEEE Computer Magazine, June 2008)