Atnaujinkite slapukų nuostatas

El. knyga: Cyber Situational Awareness: Issues and Research

Edited by , Edited by , Edited by , Edited by
  • Formatas: PDF+DRM
  • Serija: Advances in Information Security 46
  • Išleidimo metai: 03-Oct-2009
  • Leidėjas: Springer-Verlag New York Inc.
  • Kalba: eng
  • ISBN-13: 9781441901408
Kitos knygos pagal šią temą:
Cyber Situational Awareness: Issues and ResearchDidesnis paveikslėlis
  • Formatas: PDF+DRM
  • Serija: Advances in Information Security 46
  • Išleidimo metai: 03-Oct-2009
  • Leidėjas: Springer-Verlag New York Inc.
  • Kalba: eng
  • ISBN-13: 9781441901408
Kitos knygos pagal šią temą:

DRM apribojimai

  • Kopijuoti:

    neleidžiama

  • Spausdinti:

    neleidžiama

  • El. knygos naudojimas:

    Skaitmeninių teisių valdymas (DRM)
    Leidykla pateikė šią knygą šifruota forma, o tai reiškia, kad norint ją atrakinti ir perskaityti reikia įdiegti nemokamą programinę įrangą. Norint skaityti šią el. knygą, turite susikurti Adobe ID . Daugiau informacijos  čia. El. knygą galima atsisiųsti į 6 įrenginius (vienas vartotojas su tuo pačiu Adobe ID).

    Reikalinga programinė įranga
    Norint skaityti šią el. knygą mobiliajame įrenginyje (telefone ar planšetiniame kompiuteryje), turite įdiegti šią nemokamą programėlę: PocketBook Reader (iOS / Android)

    Norint skaityti šią el. knygą asmeniniame arba „Mac“ kompiuteryje, Jums reikalinga  Adobe Digital Editions “ (tai nemokama programa, specialiai sukurta el. knygoms. Tai nėra tas pats, kas „Adobe Reader“, kurią tikriausiai jau turite savo kompiuteryje.)

    Negalite skaityti šios el. knygos naudodami „Amazon Kindle“.

Motivation for the Book This book seeks to establish the state of the art in the cyber situational awareness area and to set the course for future research. A multidisciplinary group of leading researchers from cyber security, cognitive science, and decision science areas elab orate on the fundamental challenges facing the research community and identify promising solution paths. Today, when a security incident occurs, the top three questions security admin istrators would ask are in essence: What has happened? Why did it happen? What should I do? Answers to the ?rst two questions form the core of Cyber Situational Awareness. Whether the last question can be satisfactorily answered is greatly de pendent upon the cyber situational awareness capability of an enterprise. A variety of computer and network security research topics (especially some sys tems security topics) belong to or touch the scope of Cyber Situational Awareness. However, the Cyber Situational Awareness capability of an enterprise is still very limited for several reasons: Inaccurate and incomplete vulnerability analysis, intrusion detection, and foren sics. Lack of capability to monitor certain microscopic system/attack behavior. Limited capability to transform/fuse/distill information into cyber intelligence. Limited capability to handle uncertainty. Existing system designs are not very friendly to Cyber Situational Awareness.
Part I Overview of Cyber Situational Awareness
Cyber SA: Situational Awareness for Cyber Defense
3(12)
P. Barford
M. Dacier
T. G. Dietterich
M. Fredrikson
J. Giffin
S. Jajodia
S. Jha
J. Li
P. Liu
P. Ning
X. Ou
D. Song
L. Strater
V. Swarup
G. Tadda
C. Wang
J. Yen
Scope of the Cyber SA Problem
3(2)
Background
5(1)
Research Goals
6(1)
Research Agenda
7(6)
Principles and Rationales
7(1)
A Collection of Viewpoints on the Research Agenda
7(6)
Conclusion
13(1)
References
14(1)
Overview of Cyber Situation Awareness
15(24)
George P. Tadda
John S. Salerno
What is Situation Awareness (SA)?
15(3)
Situation Awareness Reference and Process Models
18(8)
Situation Awareness Reference Model
18(6)
Situation Awareness Process Model
24(2)
Visualization
26(1)
Application to the Cyber Domain
27(1)
Measures of Performance and Effectiveness
28(6)
Confidence
29(2)
Purity
31(1)
Cost Utility
32(1)
Timeliness
33(1)
Measures of Effectiveness
33(1)
Conclusion
34(1)
References
34(5)
Part II The Reasoning and Decision Making Aspects
RPD-based Hypothesis Reasoning for Cyber Situation Awareness
39(12)
John Yen
Michael McNeese
Tracy Mullen
David Hall
Xiaocong Fan
Peng Liu
Introduction
39(2)
Naturalistic Decision Making as a Holistic Model for Cyber SA
41(1)
Decision and Hypotheses
41(1)
The Recognition-Primed Decision (RPD) Model
41(1)
RPD-based Hypothesis Generation and Reasoning for Cyber SA
42(3)
Recognition-based Hypothesis Generation
43(1)
Hypothesis-driven story Building
43(1)
Collaborative RPD-based Hypothesis Generation and Reasoning
44(1)
Hypergraph-based Hypothesis Reasoning
45(2)
Modeling Events as Network Entities
46(1)
Hypergraph-based Network Analysis Techniques
46(1)
Market-based Evidence Gathering
47(1)
Summary
48(1)
References
49(2)
Uncertainty and Risk Management in Cyber Situational Awareness
51(20)
Jason Li
Xinming Ou
Raj Rajagopalan
Reasoning about Uncertainty is a Necessity
51(1)
Two Approaches to Handling Dynamic Uncertainty
52(1)
The logical approach
52(1)
The statistical approach
53(1)
From Attack Graphs to Bayesian Networks
53(4)
A case study
54(1)
Desired properties of Bayesian Networks in Intrusion Analysis
55(1)
Building BN's from attack graphs
56(1)
An Empirical Approach to Developing a Logic for Uncertainty in Situation Awareness
57(6)
A case study
57(1)
Encoding the case study in logic
58(4)
Comparison with previous approaches
62(1)
Static Uncertainty and Risk Management
63(2)
CVSS metrics
63(2)
Combining CVSS and Attack Graphs
65(1)
Conclusion
65(1)
References
65(6)
Part III Macroscopic Cyber Situational Awareness
Employing Honeynets For Network Situational Awareness
71(32)
P. Barford
Y. Chen
A. Goyal
Z. Li
V. Paxson
V. Yegneswaran
Introduction
72(1)
Background
73(1)
Classifying Honeynet Activity
74(2)
Experiences With Activity Classification
76(1)
Situational Awareness In-depth
77(7)
Source Arrivals
79(1)
Destination/Source Net Coverage
80(1)
Source Macro-analysis
81(3)
Towards Automated Classification
84(1)
Assessing Botnet Scanning Patterns
85(2)
Monotonic Trend Checking
85(1)
Checking for Liveness-Aware Scanning
86(1)
Uniformity Checking
87(1)
Dependency Checking
87(1)
Extrapolating Global Properties
87(5)
Assumptions and Requirements
88(1)
Estimating Global Population
89(1)
Exploiting IPID/Port Continuity
90(2)
Extrapolating from Interarrival Times
92(1)
Evaluation of Automated Classification
92(9)
Basic Characteristics of Botnet Events
94(1)
Event Correlation
95(1)
Property-Checking Results
95(3)
Extrapolation Evaluation & Validation
98(3)
Summary
101(1)
References
101(2)
Assessing Cybercrime Through the Eyes of the WOMBAT
103(36)
Marc Dacier
Corrado Leita
Olivier Thonnard
Van-Hau Pham
Engin Kirda
Foreword
103(1)
Introduction
104(1)
Leurre.com v1.0 Honeyd
104(8)
Historical background
104(1)
Some technical aspects
105(2)
Generic picture
107(1)
Some illustrative examples
108(4)
Leurre.com v2.0: SGNET
112(5)
Increasing the level of interaction
112(1)
ScriptGen
112(1)
SGNET: a ScriptGen-based honeypot deployment
113(4)
Analysis of Attack Events
117(6)
Identification of Attack Events
117(2)
Armies of Zombies
119(3)
Impact of Observation View Point
122(1)
Multi-Dimensional Analysis of Attack Events
123(6)
Methodology
123(1)
Clique-based Clustering
124(3)
Combining Cliques of Attackers
127(2)
Beyond Events Correlation: Exploring the epsilon-gamma-pi-mu space
129(4)
Degrees of freedom
130(1)
Interesting cases
131(2)
Conclusions
133(1)
References
134(5)
Part IV Enterprise Cyber Situational Awareness
Topological Vulnerability Analysis
139(16)
Sushil Jajodia
Steven Noel
Introduction
139(1)
System Architecture
140(2)
Illustrative Example
142(3)
Network Attack Modeling
145(2)
Analysis and Visualization
147(2)
Scalability
149(3)
Related Work
152(1)
Summary
152(1)
References
153(2)
Cross-Layer Damage Assessment for Cyber Situational Awareness
155(24)
Peng Liu
Xiaoqi Jia
Shengzhi Zhang
Xi Xiong
Yoon-Chan Jhi
Kun Bai
Jason Li
Introduction
155(6)
A Multi-Level Damage Assessment Framework
156(3)
Existing Damage Assessment Techniques
159(1)
Focus of This Work: Damage Assessment Cross Instruction Level and OS Level
160(1)
PEDA: An Architecture For Fine-Grained Damage Assessment in a Production Environment
161(2)
VM-Based Cross-Layer Damage Assessment: An Overview
163(2)
System Model
163(1)
Problem Statement
164(1)
Overview of Our Approach
165(1)
Design and Implementation
165(6)
Cross-Layer Damage Assessment when the Guest Kernel is Not Compromised
166(2)
Cross-Layer Damage Assessment when the Guest Kernel is Compromised
168(1)
``What-if'' Damage Assessment
169(2)
Preliminary Evaluation
171(2)
Compromised Process Damage Assessment Experiment
171(1)
Malicious Kernel Module Experiment
172(1)
Related Work
173(1)
Limitations
174(1)
Conclusion
174(1)
References
174(5)
Part V Microscopic Cyber Situational Awareness
A Declarative Framework for Intrusion Analysis
179(22)
Matt Fredrikson
Mihai Christodorescu
Jonathon Giffin
Somesh Jha
Introduction
179(1)
A Survey of Related Work
180(7)
Forensic Analysis of Intrusions
180(2)
Recovery From and Remediation of Intrusions
182(1)
Intrusion Detection
182(1)
Security Analysis
183(1)
Event Collection and Processing Infrastructure
184(2)
Common Characteristics of Existing Techniques
186(1)
Overview and Case Study
187(2)
Intrusion Scenario
188(1)
System Auditing
188(1)
Intrusion Analysis Framework
189(3)
Information Extraction and Normalization
190(1)
Event Correlation and Dependence Analysis
191(1)
Simplification and Refinement
192(1)
The Slog Declarative Programming Language
192(3)
Language Constructs and Syntax
192(2)
Semantics
194(1)
Functional Evaluation
195(1)
Collected Data
195(1)
Usage and Results
195(1)
Conclusion
196(1)
References
197(4)
Automated Software Vulnerability Analysis
201(26)
Emre C. Sezer
Chongkyung Kil
Peng Ning
Introduction
201(2)
Common Ground
203(1)
MemSherlock: An Automated Debugger for Unknown Memory Corruption Vulnerabilities
203(8)
Generating Write Sets
204(3)
Debugging Vulnerabilities
207(2)
Automated Debugging Using MemSherlock
209(2)
CBones: Security Debugging Using Program Structural Constraints
211(7)
Program Structural Constraints
212(2)
Security Debugging through Constraints Verification
214(2)
Extracting Constraints
216(1)
Runtime Monitoring
216(1)
Security Debugging Using CBones
217(1)
Comparison
218(1)
Conclusion
219(1)
References
219(8)
Part VI The Machine Learning Aspect
Machine Learning Methods for High Level Cyber Situation Awareness
227(22)
Thomas G. Dietterich
Xinlong Bao
Victoria Keiser
Jianqiang Shen
Introduction
227(1)
The Task Tracer System
228(4)
Tracking the User's Current Project
228(1)
Assisting the User
229(3)
Instrumentation
232(1)
Machine Learning for Project Associations
232(8)
The Email Tagger
232(2)
Project Switch Detector
234(4)
The Folder Predictor
238(2)
Discovering User Workflows
240(5)
Building the Information Flow Graph
242(1)
Mining the Information Flow Graph
242(1)
Recognizing Workflows
243(1)
Experimental Evaluation
243(2)
Discussion
245(1)
Concluding Remarks
246(1)
References
246(3)
Author Index 249
Daugiau apie elektronines knygas Daugiau apie elektronines knygas
Pastovi nuoroda: https://www.kriso.lt/db/97814419014082e.html
Raktažodžiai: