Customer Reviews

Intrusion Detection: An Introduction to Internet Surveillance, Correlation, Trace Back, Traps, and Response

5 star:		(2)
4 star:		(2)
3 star:		(1)
2 star:		(1)
1 star:		(0)

 

 

This book is not intended as a practitioner's handbook--that is what Northcutt's book is for. Amoroso's book is used as a text in his graduate classes.

If you want to understand the subject from a conceptual level, this book succeeds admirably. It is a bit dry, but acceptably so. Given that Amoroso has taught the subject several times, the organization is logical. The sources are extensive (although other academics who have performed research in this area complain that several important references are missing).

Don't expect to be able to build an intrusion detection system after reading this book, but if you want an in-depth understanding of the subject, you should probably read it.

I am responsible for a 50+ person intrusion detection mission, and I read this book in August 1999. Had I not read Stephen Northcutt's "Network Intrusion Detection," I may not have given Dr. Amoroso's work three stars. Unfortunately, by catering to a niche audience (probably graduate students), this book is not very helpful to folks under fire from malicious Internet users. Dr. Amoroso is very respected in the field, but I would have preferred less process charts and taxonomy descriptions. The publisher does a disservice by stating on the back cover "System administrators, programmers, system and software engineers, and managers of technology will find this book invaluable." Had the book been advertised as a college text, I would have been less critical. Sorry Dr. Amoroso -- I look forward to your next book, though!

I came across this book as a required text for Dr. Amoroso's graduate course, Software System Security (SE513), at Monmouth University.

The book is well organized into eight chapters that give you the primary definitions in chapter one. In chapter two the methods of intrusion detection, such as audit trail processing, are intorduced. The author then procedes to the architecture of intrusion detection in chapter 3.

The taxonomy of intrusion detection systems in chapter four helps one categorize the different types of intrusions that are possible. All kinds of intrusions are considered whether they result from a software vulnerability or a physical facility security breach. Even if the reader were to put the book down at this point he or she would have a good conversational knowledge of what intrusions are and why it is hard to implement thorough and efficient intrusion detection systems.

The material in chapter five on Internet Identity was easy to understand yet exact in its descriptions. Topics such as browser cookies which every novice should be aware of right up to the UNIX samuri techniques of the "finger program" and "trace back" were covered. I believe the material in chapter five alone would make an interesting short course in internet security for users at all levels.

The most interesting chapter in the second half of the book is chapter seven on internet traps and honey pots, which are used to catch "crackers".

In general, I found the book quite useful for suggesting possible research topics. The research topic I found most interesting was the denial of service attacks, which inspired me to do a paper on the principles of writing effective macro viruses.

While I think that Dr. Amoroso is quite intelligent and obviously knows his subject, his writing style is typical of a Ph. D. One of my favorite sections is found on page 153:

"A given packet P might therefore be processed using approach A if one instance of P is detected in a given sampling size, versus being processed using approach B if multiple instances are detected in the sample. Another example is that a packet P might be processed one way it it follows packet P' and another way if it follows some different packet P."

There is good information in this book, but it appears that the author's desire is more to impress us with his vocabulary and intellect then to convey infomation.

To quote the author, the book contains "Lots of information and no quick fixes." And the book contains exactly that! Bravo!

The book is concise, relevant, and very well written. It provides excellent information without getting bogged down in minute theory or implementation details.

The book provides a solid but practical theoretical background to intrusion detection. It contains relevant real world examples. It does not contain a bunch of dated "quick fixes" for each type of intrusion problem. (If that is what you want, you need BUGTRAQ or CERT, not a book. By the time an intrusion schema fix hits the press, its solution is out of date!)

The book is full of good ideas that are practical and often readily implementable. If you have a hacker/cracker problem, I highly recommend you read this book! It will give you good insight into the types of weaknesses that are exploitable and the types of defenses that are appropriate. There is even a chapter on setting traps to catch hackers.

(Hackers and Crackers: Please do not read this book!)

Jon R. Kibler, Systems Architect, Advanced Systems Engineering Technology Inc.

This is one of at least three books you need if you are doing academic research on intrusion detection. This book is a graduate-level text with theory and references. The second book you will need is Intrusion Detection (MTP) which also contains theory and references, but from a different angle. The third book you will need is Network Intrusion Detection (3rd Edition) (Voices (New Riders)) which explains how to actually practice intrusion detection, but without unnecessary theory and references. If you are non-academic, then the third book is the one for you.