图书介绍

基于数据分析的网络安全PDF|Epub|txt|kindle电子书版本网盘下载

基于数据分析的网络安全
  • (美)柯林(MichaelCollins)著 著
  • 出版社: 南京:东南大学出版社
  • ISBN:9787564150075
  • 出版时间:2014
  • 标注页数:327页
  • 文件大小:38MB
  • 文件页数:346页
  • 主题词:计算机网络-安全技术-英文

PDF下载


点此进入-本书在线PDF格式电子书下载【推荐-云解压-方便快捷】直接下载PDF格式图书。移动端-PC端通用
种子下载[BT下载速度快]温馨提示:(请使用BT下载软件FDM进行下载)软件下载地址页直链下载[便捷但速度慢]  [在线试读本书]   [在线获取解压码]
点击复制MD5值:448eb6c933326968e87a89035ba03f88

下载说明

基于数据分析的网络安全PDF格式电子书版下载

下载的文件为RAR压缩包。需要使用解压软件进行解压得到PDF格式图书。

点击复制85GB完整离线版磁力链接到迅雷FDM等BT下载工具进行下载  详情点击-查看共享计划
建议使用BT下载工具Free Download Manager进行下载,简称FDM(免费,没有广告,支持多平台)。本站资源全部打包为BT种子。所以需要使用专业的BT下载软件进行下载。如BitComet qBittorrent uTorrent等BT下载工具。迅雷目前由于本站不是热门资源。不推荐使用!后期资源热门了。安装了迅雷也可以迅雷进行下载!

(文件页数 要大于 标注页数,上中下等多册电子书除外)

注意:本站所有压缩包均有解压码: 点击下载压缩包解压工具

图书目录

Part Ⅰ.Data3

1.Sensors and Detectors:An Introduction3

Vantages:How Sensor Placement Affects Data Collection4

Domains:Determining Data That Can Be Collected7

Actions:What a Sensor Does with Data10

Conclusion13

2.Network Sensors15

Network Layering and Its Impact on Instrumentation16

Network Layers and Vantage18

Network Layers and Addressing23

Packet Data24

Packet and Frame Formats24

Rolling Buffers25

Limiting the Data Captured from Each Packet25

Filtering Specific Types of Packets25

What If It's Not Ethernet?29

NetFlow30

NetFlow v5 Formats and Fields30

NetFlow Generation and Collection32

Further Reading33

3.Host and Service Sensors:Logging Traffic at the Source35

Accessing and Manipulating Logfiles36

The Contents of Logfiles38

The Characteristics of a Good Log Message38

Existing Logfiles and How to Manipulate Them41

Representative Logfile Formats43

HTTP:CLF and ELF43

SMTP47

Microsoft Exchange:Message Tracking Logs49

Logfile Transport:Transfers,Syslog,and Message Queues50

Transfer and Logfile Rotation51

Syslog51

Further Reading53

4.Data Storage for Analysis:Relational Databases,Big Data,and Other Options55

Log Data and the CRUD Paradigm56

Creating a Well-Organized Flat File System:Lessons from SiLK57

A Brief Introduction to NoSQL Systems59

What Storage Approach to Use62

Storage Hierarchy,Query Times,and Aging64

Part Ⅱ.Tools69

5.The SiLK Suite69

What Is SiLK and How Does It Work?69

Acquiring and Installing SiLK70

The Datafiles70

Choosing and Formatting Output Field Manipulation:rwcut71

Basic Field Manipulation:rwfilter76

Ports and Protocols77

Size78

IP Addresses78

Time80

TCP Options80

Helper Options82

Miscellaneous Filtering Options and Some Hacks82

rwfileinfo and Provenance83

Combining Information Flows:rwcount86

rwset and IP Sets88

rwuniq91

rwbag93

Advanced SiLK Facilities93

pmaps93

Collecting SiLK Data95

YAF96

rwptoflow98

rwtuc98

Further Reading100

6.An Introduction to R for Security Analysts101

Installation and Setup102

Basics of the Language102

The R Prompt102

R Variables104

Writing Functions109

Conditionals and Iteration111

Using the R Workspace113

Data Frames114

Visualization117

Visualization Commands117

Parameters to Visualization118

Annotating a Visualization120

Exporting Visualization121

Analysis: Statistical Hypothesis Testing121

Hypothesis Testing122

Testing Data124

Further Reading127

7.Classification and Event Tools:IDS,AV,and SEM129

How an IDS Works130

Basic Vocabulary130

Classifier Failure Rates:Understanding the Base-Rate Fallacy134

Applying Classification136

Improving IDS Performance138

Enhancing IDS Detection138

Enhancing IDS Response143

Prefetching Data144

Further Reading145

8.Reference and Lookup:Tools for Figuring Out Who Someone Is147

MAC and Hardware Addresses147

IP Addressing150

IPv4 Addresses,Their Structure,and Significant Addresses150

IPv6 Addresses,Their Structure and Significant Addresses152

Checking Connectivity:Using ping to Connect to an Address153

Tracerouting155

IP Intelligence:Geolocation and Demographics157

DNS158

DNS Name Structure158

Forward DNS Querying Using dig159

The DNS Reverse Lookup167

Using whois to Find Ownership168

Additional Reference Tools171

DNSBLs171

9.More Tools175

Visualization175

Graphviz175

Communications and Probing178

netcat179

nmap180

Scapy181

Packet Inspection and Reference184

Wireshark184

GeoIP185

The NVD,Malware Sites,and the C*Es186

Search Engines,Mailing Lists,and People187

Further Reading188

Part Ⅲ.Analytics191

10.Exploratory Data Analysis and Visualization191

The Goal of EDA:Applying Analysis193

EDA Workflow194

Variables and Visualization196

Univariate Visualization:Histograms,QQ Plots,Boxplots,and Rank Plots197

Histograms198

Bar Plots(Not Pie Charts)200

The Quantile-Quantille(QQ)Plot201

The Five-Number Summary and the Boxplot203

Generating a Boxplot204

Bivariate Description207

Scatterplots207

Contingency Tables210

Multivariate Visualization211

Operationalizing Security Visualization213

Further Reading220

11.On Fumbling221

Attack Models221

Fumbling:Misconfiguration,Automation,and Scanning224

Lookup Failures224

Automation225

Scanning225

Identifying Fumbling226

TCP Fumbling:The State Machine226

ICMP Messages and Fumbling229

Identifying UDP Fumbling231

Fumbling at the Service Level231

HTTP Fumbling231

SMTP Fumbling233

Analyzing Fumbling233

Building Fumbling Alarms234

Forensic Analysis of Fumbling235

Engineering a Network to Take Advantage of Fumbling236

Further Reading236

12.Volume and Time Analysis237

The Workday and Its Impact on Network Traffic Volume237

Beaconing240

File Transfers/Raiding243

Locality246

DDoS,Flash Crowds,and Resource Exhaustion249

DDoS and Routing Infrastructure250

Applying Volume and Locality Analysis256

Data Selection256

Using Volume as an Alarm258

Using Beaconing as an Alarm259

Using Locality as an Alarm259

Engineering Solutions260

Further Reading260

13.Graph Analysis261

Graph Attributes:What Is a Graph?261

Labeling,Weight,and Paths265

Components and Connectivity270

Clustering Coefficient271

Analyzing Graphs273

Using Component Analysis as an Alarm273

Using Centrality Analysis for Forensics275

Using Breadth-First Searches Forensically275

Using Centrality Analysis for Engineering277

Further Reading277

14.Application Identification279

Mechanisms for Application Identification279

Port Number280

Application Identification by Banner Grabbing283

Application Identification by Behavior286

Application Identification by Subsidiary Site290

Application Banners:Identifying and Classifying291

Non-Web Banners291

Web Client Banners:The User-Agent String292

Further Reading294

15.Network Mapping295

Creating an Initial Network Inventory and Map295

Creating an Inventory:Data,Coverage,and Files296

Phase Ⅰ:The First Three Questions297

Phase Ⅱ:Examining the IP Space300

Phase Ⅲ:Identifying Blind and Confusing Traffic305

Phase Ⅳ:Identifying Clients and Servers309

Identifying Sensing and Blocking Infrastructure311

Updating the Inventory:Toward Continuous Audit311

Further Reading312

Index313

热门推荐