Network Security Through Data Analysis
Building Situational Awareness
Publisher: O'Reilly Media
Final Release Date: February 2014
Pages: 348

Traditional intrusion detection and logfile analysis are no longer enough to protect today’s complex networks. In this practical guide, security researcher Michael Collins shows you several techniques and tools for collecting and analyzing network traffic datasets. You’ll understand how your network is used, and what actions are necessary to protect and improve it.

Divided into three sections, this book examines the process of collecting and organizing data, various tools for analysis, and several different analytic scenarios and techniques. It’s ideal for network administrators and operational security analysts familiar with scripting.

  • Explore network, host, and service sensors for capturing security data
  • Store data traffic with relational databases, graph databases, Redis, and Hadoop
  • Use SiLK, the R language, and other tools for analysis and visualization
  • Detect unusual phenomena through Exploratory Data Analysis (EDA)
  • Identify significant structures in networks with graph analysis
  • Determine the traffic that’s crossing service ports in a network
  • Examine traffic volume and behavior to spot DDoS and database raids
  • Get a step-by-step process for network mapping and inventory
Product Details
About the Author
Recommended for You
Customer Reviews


by PowerReviews
oreillyNetwork Security Through Data Analysis

(based on 1 review)

Ratings Distribution

  • 5 Stars



  • 4 Stars



  • 3 Stars



  • 2 Stars



  • 1 Stars



Reviewed by 1 customer

Displaying review 1

Back to top

(5 of 6 customers found this review helpful)


When Security meets Data Analysis...

By Valhal

from Brussels

Verified Reviewer


  • Accurate
  • Concise
  • Easy to understand
  • Helpful examples
  • Well-written


    Best Uses

    • Intermediate
    • Novice

    Comments about oreilly Network Security Through Data Analysis:

    Dr. Michael S Collins is the Chief Scientist for RedJack LLC. The company aims at protecting networks against attacks with the help of data analysis. The latest statement is the starting point of the book: " How the data generated by the network usages can help us to detect intrusions or corrupted processes? ". The book presents a global approach to answer to this big question. The answer is divided into three main steps: capture, store/refine and process.

    This data is implicitly generated when our computers are connected and communicate. Revealing the data means installing sensors that will capture the events, and the big picture of the network activity at different levels (network or hosts sensors, for instance). The first part of the book presents various tools to achieve the installation of sensors (such as tcpdump).

    Once the data are captured, where can we store them or even centralize them if the sensors are installed in various parts of the network? How to process them? With which tools? The second part of the book presents the different possible storage and how to design the data space to optimize the future analysis. Among the proposed tools, SiLK and R are covered. But what if you are not familiar with the tools? no problem! This book will guide you to learn them and the further reading provided gives you a path to mastery. Many other tools are also covered and they will refine the raw data to prepare it to the last step.

    The third part is dedicated to exploratory data analysis to reveal the hidden informations out of raw data. This part is really interesting and the core of the data analysis helps the network security engineer to develop its skills in recognition of misbehaviors. The visuals and the examples are well chosen and the explanations well structured and balanced.

    Finally, I found the book really interesting and opens interesting possibilities if a closer look is given at the recent developments in the world of networking and mobility (VPN, etc). Since the number of flows increases everyday, I have found the approach really helpful to extract security informations out of the noise.

    Since this is one of the first book to cover this area of skills, the book is really introductive and the pedagogical quality helps the reader to learn and acquire them through different techniques and tools. Some professionals could find some of the topics not enough deeply covered, but something will be found in the book for everyone interested in the subject.

    This review is part of the reader review program

    Displaying review 1

    Back to top

    Buy 2 Get 1 Free Free Shipping Guarantee
    Buying Options
    Immediate Access - Go Digital what's this?
    Ebook:  $42.99
    Formats:  DAISY, ePub, Mobi, PDF
    Print & Ebook:  $54.99
    Print:  $49.99