Posts

Security framework

Security Framework for Attack Detection in Computer Networks

One of Research Series’s leading consultant authored this book. The book offers useful advice on how to detect distributed and organisation-wide network attacks that impact most organisations today. It’s worth a read!

Computer network security is concerned with safeguards, responses and controls to prevent, react and respond to attacks perceived on valued information assets. Unfortunately, current technical controls use by enterprises to protect their IT investments are often stand-alone systems, such as intrusion detection systems, firewalls, antivirus systems, anti-malware etc. But these systems provide independent protection to sections of the network or particular systems in the network. Hence, defences offered by these stand-alone systems are often isolated or localised, and consequently, their responses may be insufficient in adequately protecting networks.

Security Framework for Attack Detection in Computer Networks provides an approach in Computer Network protection that combines and integrates the defences offered by stand-alone systems in order to adequately detect widespread attacks. The approach demonstrated in the book is underpinned by sensor, analysis and response defence paradigm. In the framework:

Sensors are used to gather pieces of attack evidence perceived on the entire network, and to communicate their beliefs to the analysis component.
At the analysis component, beliefs from sensors are correlated and combined in order to detect and identify perceived attacks.
Responses are executed in order to mitigate the perceived attacks.

The two fundamental techniques employed in the framework to analyse network data and attack evidence were: security visualisation and data fusion.

With security visualisation, pieces of attack evidence perceived in the network are visualised and inspected.
With data fusion, pieces of attack evidence perceived in the network are combined in order to reduce false positives (errors in data) and accurately identify and detect genuine attacks.

This book provides in-depth practical scenarios and principles, which are very useful for its intended readers such as decision makers, students, researchers, security administrators and analysts.