VIP会员
内容简介
传统的入侵检测和日志分析已经不足以保护今天的复杂网络。在这本实用指南里, 安全研究员Michael Collins为你展示了多个采集和分析网络流量数据集的技术和工具。你将理解你的网络是如何被利用的以及有哪些必要手段来保护和改善它。
目录
Preface
PartⅠ.Data
1.Sensors and Detectors: An Introduction
Vantages: How Sensor Placement Affects Data Collection
Domains: Determining Data That Can Be Collected
Actions: What a Sensor Does with Data
Conclusion
2.Network Sensors
Network Layering and Its Impact on Instrumentation
Network Layers and Vantage
Network Layers and Addressing
Packet Data
Packet and frame Formats
Rolling Buffers
Limiting the Data Captured from Each Packet
Filtering SpeciFic Types of Packets
What Iflt's Not Ethernet?
NetFlow
NetFlow v5 Formats and Fields
NetFlow Generation and Collection
Further Reading
3.Host and Service Sensors: Logging Traffic at the Source
Accessing and Manipulating LogFiles
The Contents of Logfiles
The Characteristics of a Good Log Message
Existing Logflles and How to Manipulate Them
Representative Logflle Formats
HTTP: CLF and ELF
SMTP
Microsoft Exchange: Message Tracking Logs
Logfile Transport: Transfers,Syslog,and Message Queues
Transfer and Logfrle Rotation
Syslog
Further Reading
4.Data Storage for Analysis: Relational Databases,Big Data,and Other Options
Log Data and the CRUD Paradigm
Creating a Well—Organized Flat File System: Lessons from SiLK
A Brieflntroduction to NoSQL Systems
What Storage Approach to Use
Storage Hierarchy,Query Times,and Aging
PartⅡ.Tools
5.The SiLK Suite
What Is SiLK and How Does It Work?
Acquiring and Installing SiLK
The DataFiles
Choosing and Formatting Output Field Manipulation: rwcut
Basic Field Manipulation: rwfrlter
Ports and Protocols
Size
IP Addresses
Time
TCP Options
Helper Options
Miscellaneous Filtering Options and Some Hacks
rwfileinfo and Provenance
Combining Information Flows: rwcount
rwset and IP Sets
rwuniq
rwbag
Advanced SiLK Faalities
pmaps
Collecting SiLK Data
YAF
rwptoflow
rwtuc
Further Reading
6.An Introduction to R for Security Analysts
Installation and Setup
Basics of the Language
The R prompt
R Variables
Writing Functions
Conditionals and Iteration
Using the R Workspace
Data frames
Visualization
Visualization Commands
Parameters to Visualization
Annotating a Visualization
ExportingVisualization
Analysis: Statistical Hypothesis Testing
Hypothesis Testing
Testing Data
Further Reading
7.Classification and Event Tools: IDS,AV,and SEM
How an IDS Works
Basic Vocabulary
Classifler Failure Rates: Understanding the base—Rate Fallacy
Applying ClassiFication
Improving IDS Performance
Enhancing IDS Detection
Enhanang IDS Response
Prefetching Data
Further Reading
8.Reference and Lookup: Too