Computer Intrusion Detection and Network Monitoring: A Statistical Viewpoint (Information Science and Statistics) [Hardcover]

David J. Marchette (Author)

Book Description

ISBN-10: 0387952810 | ISBN-13: 978-0387952819 | Publication Date: June 26, 2001 | Edition: 1

This book covers the basic statistical and analytical techniques of computer intrusion detection. It is aimed at both statisticians looking to become involved in the data analysis aspects of computer security and computer scientists looking to expand their toolbox of techniques for detecting intruders. The book is self-contained, assumng no expertise in either computer security or statistics. It begins with a description of the basics of TCP/IP, followed by chapters dealing with network traffic analysis, network monitoring for intrusion detection, host based intrusion detection, and computer viruses and other malicious code. Each section develops the necessary tools as needed. There is an extensive discussion of visualization as it relates to network data and intrusion detection. The book also contains a large bibliography covering the statistical, machine learning, and pattern recognition literature related to network monitoring and intrusion detection. David Marchette is a scientist at the Naval Surface Warfacre Center in Dalhgren, Virginia. He has worked at Navy labs for 15 years, doing research in pattern recognition, computational statistics, and image analysis. He has been a fellow by courtesy in the mathematical sciences department of the Johns Hopkins University since 2000. He has been working in conputer intrusion detection for several years, focusing on statistical methods for anomaly detection and visualization. Dr. Marchette received a Masters in Mathematics from the University of California, San Diego in 1982 and a Ph.D. in Computational Sciences and Informatics from George Mason University in 1996.

Editorial Reviews

Review

From the reviews: TECHNOMETRICS "After reading this book…I believe that many readers would benefit from the skillful joint development of problem context and statistical application. As a bridge between the computer science and mathematical communities, this book is a fine addition to both the computer science and statistics literature and will likely stimulate valuable research by awakening mathematicians and statisticians to the potential of the problems in this area…This book would be appropriate for an upper-level undergraduate or graduate course in computer science and statistics. It would also be a useful introductory reference for the mathematics and statistics researcher who would like to pursue problems in this area. It is both informative and accessible." SHORT BOOK REVIEWS "The book provides an excellent introduction to the area. I recommend it to any computer- (and Unix-) literate statistcian who wishes to make an impact in an area, which will continue to be of great importance."ISI Short Book Reviews, April 2002 "This book is a very good text on intrusion detection, written by an author who has direct practical experience … . Each chapter has a rich and detailed annotated bibliography, which makes this text a true gold-mine for researchers and practitioners. … the book is a good example of cross-fertilization between the networking and statistical fields, and will be appreciated both by the specialist and the general reader. It is an example … of interdisciplinarity, which is necessary in fields so complex as computer security." (Antonio Lioy, The Computer Journal, Vol. 45 (6), 2002) "This book is about one of those areas that provides rich opportunities for statisticians … . The tools for computer intrusion detection are essentially statistical … . The book effectively provides the necessary background material for this intensely jargon-strewn area. The book includes many real examples … . The book provides an excellent introduction to the area. I recommend it to any computer- (and Unix-) literate statistician who wishes to make an impact in an area, which will continue to be of great importance." (D. J. Hand, Short Book Reviews, Vol. 22 (1), 2002)

Product Details

• Hardcover: 332 pages
• Publisher: Springer; 1 edition (June 26, 2001)
• Language: English
• ISBN-10: 0387952810
• ISBN-13: 978-0387952819
• Product Dimensions: 9.4 x 6.2 x 0.9 inches
• Shipping Weight: 1.4 pounds
• Average Customer Review: 4.0 out of 5 stars  See all reviews (1 customer review)
• Amazon Best Sellers Rank: #2,501,576 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

1 of 1 people found the following review helpful:

4.0 out of 5 stars Concise, readable, and useful, January 16, 2009

By 

S. Plowright (Sydney, NSW Australia) - See all my reviews
(REAL NAME)   

Amazon Verified Purchase

This review is from: Computer Intrusion Detection and Network Monitoring: A Statistical Viewpoint (Information Science and Statistics) (Hardcover)

For anyone interested in network traffic analysis, particularly IDS/IPS, this is a unique and valuable book. It does assume a basic knowledge of networking (maybe CCNA level), and mathematical statistics to about 2nd year university.

The book focuses on practical approaches to computing useful estimators, including performance optimisation for real-time analysis. It also has examples of data visualisation methods.

Despite its compact size, the scope of the book is quite broad, ranging from traffic modeling, to user profiling, to viral epidemiology. It describes various attack types. It also covers some useful tools for data acquisition, integrity checking, etc.

I did have to go back to my old textbooks to fill in the gaps in my grasp of probability density functions, but the concepts are discussed clearly.

The only slight criticism, is that commercial IDS/IPS systems have come so far since the book was written, and the scale of the problem has also expanded exponentially. I would like to see a revised edition some time. However, the theory and most of the practicalities discussed still hold, and the book should still be useful for some time to come.