Secure Computer and Network Systems: Modeling, Analysis and Design

PART I. An Overview of Computer and Network Security.

Chapter 1. Assets, Vulnerabilities and Threats of Computer and Network Systems.

1.1 Risk Assessment.

1.2 Assets and Asset Attributes.

1.3 Vulnerabilities.

1.4 Threats.

1.5 Asset Risk Framework.

1.6 Summary.

References.

Chapter 2. Protection of Computer and Network Systems.

2.1 Cyber Attack Prevention.

2.2 Cyber Attack Detection.

2.3 Cyber Attack Response.

2.4 Summary.

References.

PART II. Secure System Architecture and Design.

Chapter 3. Asset Protection Driven, Policy Based Security Protection Architecture.

3.1 Limitation of a Threat Driven Security Protection Paradigm.

3.2 A New, Asset Protection Driven Paradigm of Security Protection.

3.3 Digital Security Policies and Policy-Based Security Protection.

3.4 Enabling Architecture and Methodology.

3.5 Further Research Issues.

3.6 Summary.

References.

Chapter 4. Job Admission Control for Service Stability.

4.1 A Token Bucket Method of Admission Control in DiffServ and InteServ Models.

4.2 Batch Scheduled Admission Control (BSAC) for Service Stability.

4.3 Summary.

References.

Chapter 5. Job Scheduling Methods for Service Differentiation and Service Stability.

5.1 Job Scheduling Methods for Service Differentiation.

5.2 Job Scheduling Methods for Service Stability.

5.3 Summary.

References.

Chapter 6. Job Reservation and Service Protocols for End-to-End Delay Guarantee.

6.1 Job Reservation and Service in InteServ and RSVP.

6.2 Job Reservation and Service in I-RSVP.

6.3 Job Reservation and Service in SI-RSVP.

6.4. Service Performance of I-RSVP and SI-RSVP in Comparison with the Best Effort Model.

6.5 Summary.

References.

PART III. Mathematical/Statistical Features and Characteristics of Attack and Normal Use Data.

Chapter 7. Collection of Windows Performance Objects Data under Attack and Normal Use Conditions.

7.1 Windows Performance Objects Data.

7.2 Description of Attacks and Normal Use Activities.

7.3 Computer Network Setup for Data Collection.

7.4 Procedure of Data Collection.

7.5 Summary.

References.

Chapter 8. Mean Shift Characteristics of Attack and Normal Use Data.

8.1 The Mean Feature of Data and Two-Sample Test of Mean Difference.

8.2 Procedure of Data Pre-processing.

8.3 Procedure of Discovering Mean Shift Data Characteristics for Attacks.

8.4 Mean Shift Attack Characteristics.

8.5 Summary.

References.

Chapter 9. Probability Distribution Change Characteristics of Attack and Normal Use Data.

9.1 Observation of Data Patterns.

9.2 Skewness and Mode Tests to Identify Five Types of Probability Distributions.

9.3 Procedure for Discovering Probability Distribution Change Data Characteristics for Attacks.

9.4 Distribution Change Attack Characteristics.

9.5 Summary.

References.

Chapter 10. Autocorrelation Change Characteristics of Attack and Normal Use Data.

10.1 The Autocorrelation Feature of Data.

10.2 Procedure of Discovering the Autocorrelation Change Characteristics for Attacks.

10.3 Autocorrelation Change Attack Characteristics.

10.4 Summary.

References.

Chapter 11. Wavelet Change Characteristics of Attack and Normal Use Data.

11.1 The Wavelet Feature of Data.

11.2 Procedure of Discovering the Wavelet Change Characteristics for Attacks.

11.3 Wave Change Attack Characteristics.

11.4 Summary.

References.

PART IV. Cyber Attack Detection: Signature Recognition.

Chapter 12. Clustering and Classifying Attack and Normal Use Data.

12.1. Clustering and Classification Algorithm—Supervised (CCAS).

12.2 Training and Testing Data.

12.3 Application of CCAS to Cyber Attack Detection.

12.4 Detection Performance of CCAS.

12.5 Summary.

References.

Chapter 13. Learning and Recognizing Attack Signatures Using Artificial Neural Networks.

13.1 The Structure and Back-Propagation Learning Algorithm of Feedforward ANNs.

13.2. The ANN Application to Cyber Attack Detection.       

13.3 Summary.

References.

PART V. Cyber Attack Detection: Anomaly Detection.

Chapter 14. Statistical Anomaly Detection with Univariate and Multivariate Data.

14.1 EWMA Control Charts.

14.2. Application of the EWMA Control Chart to Cyber Attack Detection.

14.3 Chi-Square Distance Monitoring (CSDM) Method.

14.4 Application of the CSDM Method to Cyber Attack Detection.

14.5 Summary. 

References.

Chapter 15. Stochastic Anomaly Detection Using the Markov Chain Model of Event Transitions.

15.1 The Markov Chain Model of Event Transitions for Cyber Attack Detection.

15.2 Detection Performance of the Markov Chain Model Based Anomaly Detection Technique and Performance Degradation with the Increased Mixture of Attack and Normal Use Data.

15.3 Summary.

References.

PART VI. Cyber Attack Detection: Attack Norm Separation.

Chapter 16. Mathematical and Statistical Models of Attack Data and Normal Use Data.

16.1 The Training Data for Data Modeling.

16.2 Statistical Data Models for the Mean Feature.

16.3 Statistical Data Models for the Distribution Feature.

16.4 Time-Series Based Statistical Data Models for the Autocorrelation Feature.

16.5 The Wavelet-based Mathematical Model for the Wavelet Feature.

16.6 Summary.

References.

Chapter 17. Cuscore-Based Attack Norm Separation Models.

17.1 The Cuscore.

17.2 Application of the Cuscore Models to Cyber Attack Detection.

17.3 Detection Performance of the Cuscore Detection Models.

17.4 Summary.

References.

PART VII. Security Incident Assessment.

Chapter 18. Optimal Selection and Correlation of Attack Data Characteristics in Attack Profiles.

18.1 Integer Programming for Selecting an Optimal Set of Attack Data Characteristics.

18.2 Attack Profiling.

18.3 Summary.

References.