Network Security Through Data Analysis
Building Situational Awareness
Publisher: O'Reilly Media
Final Release Date: February 2014
Pages: 348

Traditional intrusion detection and logfile analysis are no longer enough to protect today’s complex networks. In this practical guide, security researcher Michael Collins shows you several techniques and tools for collecting and analyzing network traffic datasets. You’ll understand how your network is used, and what actions are necessary to protect and improve it.

Divided into three sections, this book examines the process of collecting and organizing data, various tools for analysis, and several different analytic scenarios and techniques. It’s ideal for network administrators and operational security analysts familiar with scripting.

  • Explore network, host, and service sensors for capturing security data
  • Store data traffic with relational databases, graph databases, Redis, and Hadoop
  • Use SiLK, the R language, and other tools for analysis and visualization
  • Detect unusual phenomena through Exploratory Data Analysis (EDA)
  • Identify significant structures in networks with graph analysis
  • Determine the traffic that’s crossing service ports in a network
  • Examine traffic volume and behavior to spot DDoS and database raids
  • Get a step-by-step process for network mapping and inventory
Product Details
About the Author
Colophon
Recommended for You
Customer Reviews

REVIEW SNAPSHOT®

by PowerReviews
oreillyNetwork Security Through Data Analysis
 
5.0

(based on 2 reviews)

Ratings Distribution

  • 5 Stars

     

    (2)

  • 4 Stars

     

    (0)

  • 3 Stars

     

    (0)

  • 2 Stars

     

    (0)

  • 1 Stars

     

    (0)

Reviewed by 2 customers

Displaying reviews 1-2

Back to top

 
5.0

Excellent resource on Cyber Data Analytics

By Sven Hardy

from New York

About Me Developer

Pros

  • Accurate
  • Concise
  • Easy to understand
  • Helpful examples
  • Well-written

Cons

    Best Uses

    • Intermediate
    • Novice

    Comments about oreilly Network Security Through Data Analysis:

    This is the best reference and resource I've found for thinking about how to bring data science to bear on the cyber security problem. It's a hands on focused book that has specific vignettes and examples that will help you get up and running with science techniques in your cyber security efforts.

    The author assumes the reader is not an expert on cyber security or data science. He takes time to explain cyber security concepts, so if you aren't a network person you can still grasp the examples. Likewise, he walks through some basic data science concepts as well which is helpful if you don't have a strong background in data analytics or stats. So, based on your starting perspective, you can skip certain chapters, and delve deeper into others.

    The best part of the book is the examples that are weaved into the chapters. Every example is focused on the cyber security problem domain--IDS, DDOS, Botnets, etc. Even the "hello world" examples are cyber focused. So it really primes the reader into a new way of thinking.

    (5 of 6 customers found this review helpful)

     
    5.0

    When Security meets Data Analysis...

    By Valhal

    from Brussels

    Verified Reviewer

    Pros

    • Accurate
    • Concise
    • Easy to understand
    • Helpful examples
    • Well-written

    Cons

      Best Uses

      • Intermediate
      • Novice

      Comments about oreilly Network Security Through Data Analysis:

      Dr. Michael S Collins is the Chief Scientist for RedJack LLC. The company aims at protecting networks against attacks with the help of data analysis. The latest statement is the starting point of the book: " How the data generated by the network usages can help us to detect intrusions or corrupted processes? ". The book presents a global approach to answer to this big question. The answer is divided into three main steps: capture, store/refine and process.

      This data is implicitly generated when our computers are connected and communicate. Revealing the data means installing sensors that will capture the events, and the big picture of the network activity at different levels (network or hosts sensors, for instance). The first part of the book presents various tools to achieve the installation of sensors (such as tcpdump).

      Once the data are captured, where can we store them or even centralize them if the sensors are installed in various parts of the network? How to process them? With which tools? The second part of the book presents the different possible storage and how to design the data space to optimize the future analysis. Among the proposed tools, SiLK and R are covered. But what if you are not familiar with the tools? no problem! This book will guide you to learn them and the further reading provided gives you a path to mastery. Many other tools are also covered and they will refine the raw data to prepare it to the last step.

      The third part is dedicated to exploratory data analysis to reveal the hidden informations out of raw data. This part is really interesting and the core of the data analysis helps the network security engineer to develop its skills in recognition of misbehaviors. The visuals and the examples are well chosen and the explanations well structured and balanced.

      Finally, I found the book really interesting and opens interesting possibilities if a closer look is given at the recent developments in the world of networking and mobility (VPN, etc). Since the number of flows increases everyday, I have found the approach really helpful to extract security informations out of the noise.

      Since this is one of the first book to cover this area of skills, the book is really introductive and the pedagogical quality helps the reader to learn and acquire them through different techniques and tools. Some professionals could find some of the topics not enough deeply covered, but something will be found in the book for everyone interested in the subject.

      This review is part of the reader review program

      Displaying reviews 1-2

      Back to top

       
      Buy 2 Get 1 Free Free Shipping Guarantee
      Buying Options
      Immediate Access - Go Digital what's this?
      Ebook:  $42.99
      Formats:  DAISY, ePub, Mobi, PDF
      Print & Ebook:  $54.99
      Print:  $49.99