Traditional intrusion detection and logfile analysis are no longer enough to protect today’s complex networks. In this practical guide, security researcher Michael Collins shows you several techniques and tools for collecting and analyzing network traffic datasets. You’ll understand how your network is used, and what actions are necessary to protect and improve it.
Divided into three sections, this book examines the process of collecting and organizing data, various tools for analysis, and several different analytic scenarios and techniques. It’s ideal for network administrators and operational security analysts familiar with scripting.
- Explore network, host, and service sensors for capturing security data
- Store data traffic with relational databases, graph databases, Redis, and Hadoop
- Use SiLK, the R language, and other tools for analysis and visualization
- Detect unusual phenomena through Exploratory Data Analysis (EDA)
- Identify significant structures in networks with graph analysis
- Determine the traffic that’s crossing service ports in a network
- Examine traffic volume and behavior to spot DDoS and database raids
- Get a step-by-step process for network mapping and inventory