Verfügbarkeit: Information Security Analytics

Information Security Analytics: Finding Security Insights, Patterns, and Anomalies in Big Data

Information Security Analytics gives you insights into the practice of analytics and, more importantly, how you can utilize analytic techniques to identify trends and outliers that may not be possible to identify using traditional security analysis techniques. Information Security Analytics dispels...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
1. Verfasser:	Talabis, Mark Ryan M. (VerfasserIn)
Format:	Buch
Sprache:	English
Veröffentlicht:	Amsterdam [u.a.] Syngress 2015
Schlagworte:	Datensicherung Big Data
Online-Zugang:	Inhaltsverzeichnis
Zusammenfassung:	Information Security Analytics gives you insights into the practice of analytics and, more importantly, how you can utilize analytic techniques to identify trends and outliers that may not be possible to identify using traditional security analysis techniques. Information Security Analytics dispels the myth that analytics within the information security domain is limited to just security incident and event management systems and basic network analysis. Analytic techniques can help you mine data and identify patterns and relationships in any form of security data. Using the techniques covere
Beschreibung:	XV, 166 S. Ill.
ISBN:	9780128002070

Internformat

MARC


LEADER	00000nam a2200000 c 4500
001	BV042335149
003	DE-604
005	20150327
007	t
008	150209s2015 a\|\|\| \|\|\|\| 00\|\|\| eng d
020			\|a 9780128002070 \|9 978-0-12-800207-0
035			\|a (OCoLC)905352578
035			\|a (DE-599)GBV810051745
040			\|a DE-604 \|b ger \|e aacr
041	0		\|a eng
049			\|a DE-473
084			\|a ST 277 \|0 (DE-625)143643: \|2 rvk
100	1		\|a Talabis, Mark Ryan M. \|e Verfasser \|0 (DE-588)1029802572 \|4 aut
245	1	0	\|a Information Security Analytics \|b Finding Security Insights, Patterns, and Anomalies in Big Data \|c Mark Ryan M. Talabis ...
264		1	\|a Amsterdam [u.a.] \|b Syngress \|c 2015
300			\|a XV, 166 S. \|b Ill.
336			\|b txt \|2 rdacontent
337			\|b n \|2 rdamedia
338			\|b nc \|2 rdacarrier
520	1		\|a Information Security Analytics gives you insights into the practice of analytics and, more importantly, how you can utilize analytic techniques to identify trends and outliers that may not be possible to identify using traditional security analysis techniques. Information Security Analytics dispels the myth that analytics within the information security domain is limited to just security incident and event management systems and basic network analysis. Analytic techniques can help you mine data and identify patterns and relationships in any form of security data. Using the techniques covere
650	0	7	\|a Datensicherung \|0 (DE-588)4011144-1 \|2 gnd \|9 rswk-swf
650	0	7	\|a Big Data \|0 (DE-588)4802620-7 \|2 gnd \|9 rswk-swf
689	0	0	\|a Big Data \|0 (DE-588)4802620-7 \|D s
689	0	1	\|a Datensicherung \|0 (DE-588)4011144-1 \|D s
689	0		\|5 DE-604
856	4	2	\|m Digitalisierung UB Bamberg - ADAM Catalogue Enrichment \|q application/pdf \|u http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=027771795&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA \|3 Inhaltsverzeichnis
999			\|a oai:aleph.bib-bvb.de:BVB01-027771795

Datensatz im Suchindex

_version_	1804152942594359296
adam_text	Contents Foreword ...................................................................................................xi About the Authors ....................................................................................xiii Acknowledgments ....................................................................................xv CHAPTER 1 ANALYTICS DEFINED ..........................................1 Introduction to Security Analytics .......................................1 Concepts and Techniques in Analytics ................................2 General Statistics ..............................................................................2 Machine Learning ..............................................................................2 Supervised Learning .........................................................................2 Unsupervised Learning .....................................................................3 Simulations ........................................................................................4 Text Mining ........................................................................................4 Knowledge Engineering ....................................................................4 Data for Security Analytics ................................................. A Big Data .............................................................................................5 Analytics in Everyday Life ...................................................7 Analytics insecurity ..........................................................................7 Analytics, Incident Response, and Intrusion Detection ....................7 Large and Diverse Data .....................................................................7 Simulations and Security Processes ................................................8 Try Before You Buy .............................................................................9 Simulation-Based Decisions .............................................................9 Access Analytics ................................................................................9 Categorization and Classification in Vulnerability Management.... 11 Security Analytics Process ...............................................12 References .......................................................................12 Contents CHAPTER 2 PRIMER ON ANALYTICAL SOFTWARE ANU I UULw ■■■■■■·■■■■■···.......... m« ..................... »i U Introduction ......................................................................13 Statistical Programming .................................................. U Introduction to Databases and Big Data Techniques .........15 Introduction to R ...............................................................16 Assignment Operators ....................................................................18 Arithmetic Operators .......................................................................18 Logical Operators ............................................................................18 Common R Functions ......................................................................19 Introduction to Python ......................................................19 Introduction to Simulation Software .................................20 Designing and Creating the Model ..................................................21 Adding Data and Parameters to the Model .....................................21 Running the Simulation ...................................................................21 Analyzing the Simulation .................................................................22 References .......................................................................22 CHAPTER 3 ANALYTICS AND INCIDENT RESPONSE .............23 Introduction ......................................................................23 Scenarios and Challenges in Intrusions and Incident Identification ....................................................................24 Analyzing a Collection of Server Logs with Big Data ......................25 Analysis of Log Files .........................................................25 Common Log File Fields .................................................................26 Combined Log File Fields ................................................................26 Methods ...........................................................................................26 Additional Data and Software Needed to Run these Examples ......26 Loading the Data ...............................................................27 Discovery Process for Specific Attack Vectors ................................30 SQL Injection Attack ........................................................................30 Directory Traversal and File Inclusion ............................................32 Cross-site Request Forgery ............................................................35 Command Injection ............................................................. 3¿ MySQL Charset Switch and MS-SQL DoS Attack ............................37 Contents Tallying and Tracking Failed Request Statuses ..............................39 Hosts with the most Failed Requests .............................................39 Bot Activity .......................................................................................43 Time Aggregations .......................................................................... Д5 Hosts with the most Failed Requests per day, or per month .........47 Failed Requests Presented as a Monthly Time Series ................... Д8 Ratio of Failed to Successful Requests as a Time Series ............... Д9 Hive for Producing Analytical Data Sets .........................................56 Another Potential Analytical Data Set: Unstacked Status Codes .....................................................................59 Other Applicable Security Areas and Scenarios ...............64 Summary ..........................................................................64 Further Reading ...............................................................65 CHAPTER 4 SIMULATIONS AND SECURITY PROCESSES .......67 Simulation ........................................................................67 Designing and Creating a Model .....................................................68 Adding Data and Parametersto the Model .....................................69 Running the Simulation ...................................................................69 Analyzing the Simulation .................................................................69 Casestudy ........................................................................69 CHAPTER 5 ACCESS ANALYTICS ..........................................99 Introduction ......................................................................99 Technology Primer .........................................................100 Remote Access and VPN ...............................................................100 Python and Scripting .....................................................................102 Scenario, Analysis, and Techniques ................................104 Problem ......................................................................................... Ш Data Collection ..............................................................................105 Data Analysis .................................................................................105 Data Processing .............................................................................108 Casestudy ......................................................................109 Importing What You Need ..............................................................109 Program Flow ................................................................................111 Parse the Arguments ....................................................................112 Read the VPN Logs ........................................................................112 Normalize the Event Data from the VPN logs ...............................113 Run the Analytics ...........................................................................115 Analyzing the Results .....................................................117 CHAPTER 6 SECURITY AND TEXT MINING ..........................123 Scenarios and Challenges in Security Analytics with Text Mining .............................................................123 Use of Text Mining Techniques to Analyze and Find Patterns in Unstructured Data ........................................124 Text Mining Basics .........................................................................124 Common Data Transformations for Text Mining ...........................125 Step by Step Text Mining Example in R ...........................125 R Code Walk-through ....................................................................126 Other Applicable Security Areas and Scenarios ............. U7 Additional Security Scenarios for Text Mining .............................. U8 Text Mining and Big Data ............................................................... U9 CHAPTER 7 SECURITY INTELLIGENCE AND NEXT STEPS..... 151 Overview .........................................................................151 Security Intelligence ......................................................151 Basic Security Intelligence Analysis .............................................152 Business Extension of Security Analytics .....................................154 Security Breaches ..........................................................154 Practical Application ......................................................155 Insider Threat ................................................................................155 Resource Justification ...................................................................156 Risk Management ..........................................................................157 Challenges .....................................................................................158 False Positives ...............................................................................160 Concluding Remarks ......................................................160
any_adam_object	1
author	Talabis, Mark Ryan M.
author_GND	(DE-588)1029802572
author_facet	Talabis, Mark Ryan M.
author_role	aut
author_sort	Talabis, Mark Ryan M.
author_variant	m r m t mrm mrmt
building	Verbundindex
bvnumber	BV042335149
classification_rvk	ST 277
ctrlnum	(OCoLC)905352578 (DE-599)GBV810051745
discipline	Informatik
format	Book
fullrecord	<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>01985nam a2200349 c 4500</leader><controlfield tag="001">BV042335149</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">20150327 </controlfield><controlfield tag="007">t</controlfield><controlfield tag="008">150209s2015 a\|\|\| \|\|\|\| 00\|\|\| eng d</controlfield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9780128002070</subfield><subfield code="9">978-0-12-800207-0</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)905352578</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)GBV810051745</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">aacr</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-473</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">ST 277</subfield><subfield code="0">(DE-625)143643:</subfield><subfield code="2">rvk</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Talabis, Mark Ryan M.</subfield><subfield code="e">Verfasser</subfield><subfield code="0">(DE-588)1029802572</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Information Security Analytics</subfield><subfield code="b">Finding Security Insights, Patterns, and Anomalies in Big Data</subfield><subfield code="c">Mark Ryan M. Talabis ...</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Amsterdam [u.a.]</subfield><subfield code="b">Syngress</subfield><subfield code="c">2015</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">XV, 166 S.</subfield><subfield code="b">Ill.</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">n</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">nc</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="520" ind1="1" ind2=" "><subfield code="a">Information Security Analytics gives you insights into the practice of analytics and, more importantly, how you can utilize analytic techniques to identify trends and outliers that may not be possible to identify using traditional security analysis techniques. Information Security Analytics dispels the myth that analytics within the information security domain is limited to just security incident and event management systems and basic network analysis. Analytic techniques can help you mine data and identify patterns and relationships in any form of security data. Using the techniques covere</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Datensicherung</subfield><subfield code="0">(DE-588)4011144-1</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Big Data</subfield><subfield code="0">(DE-588)4802620-7</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="689" ind1="0" ind2="0"><subfield code="a">Big Data</subfield><subfield code="0">(DE-588)4802620-7</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="1"><subfield code="a">Datensicherung</subfield><subfield code="0">(DE-588)4011144-1</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2=" "><subfield code="5">DE-604</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="m">Digitalisierung UB Bamberg - ADAM Catalogue Enrichment</subfield><subfield code="q">application/pdf</subfield><subfield code="u">http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=027771795&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA</subfield><subfield code="3">Inhaltsverzeichnis</subfield></datafield><datafield tag="999" ind1=" " ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-027771795</subfield></datafield></record></collection>
id	DE-604.BV042335149
illustrated	Illustrated
indexdate	2024-07-10T01:18:44Z
institution	BVB
isbn	9780128002070
language	English
oai_aleph_id	oai:aleph.bib-bvb.de:BVB01-027771795
oclc_num	905352578
open_access_boolean
owner	DE-473 DE-BY-UBG
owner_facet	DE-473 DE-BY-UBG
physical	XV, 166 S. Ill.
publishDate	2015
publishDateSearch	2015
publishDateSort	2015
publisher	Syngress
record_format	marc
spelling	Talabis, Mark Ryan M. Verfasser (DE-588)1029802572 aut Information Security Analytics Finding Security Insights, Patterns, and Anomalies in Big Data Mark Ryan M. Talabis ... Amsterdam [u.a.] Syngress 2015 XV, 166 S. Ill. txt rdacontent n rdamedia nc rdacarrier Information Security Analytics gives you insights into the practice of analytics and, more importantly, how you can utilize analytic techniques to identify trends and outliers that may not be possible to identify using traditional security analysis techniques. Information Security Analytics dispels the myth that analytics within the information security domain is limited to just security incident and event management systems and basic network analysis. Analytic techniques can help you mine data and identify patterns and relationships in any form of security data. Using the techniques covere Datensicherung (DE-588)4011144-1 gnd rswk-swf Big Data (DE-588)4802620-7 gnd rswk-swf Big Data (DE-588)4802620-7 s Datensicherung (DE-588)4011144-1 s DE-604 Digitalisierung UB Bamberg - ADAM Catalogue Enrichment application/pdf http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=027771795&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA Inhaltsverzeichnis
spellingShingle	Talabis, Mark Ryan M. Information Security Analytics Finding Security Insights, Patterns, and Anomalies in Big Data Datensicherung (DE-588)4011144-1 gnd Big Data (DE-588)4802620-7 gnd
subject_GND	(DE-588)4011144-1 (DE-588)4802620-7
title	Information Security Analytics Finding Security Insights, Patterns, and Anomalies in Big Data
title_auth	Information Security Analytics Finding Security Insights, Patterns, and Anomalies in Big Data
title_exact_search	Information Security Analytics Finding Security Insights, Patterns, and Anomalies in Big Data
title_full	Information Security Analytics Finding Security Insights, Patterns, and Anomalies in Big Data Mark Ryan M. Talabis ...
title_fullStr	Information Security Analytics Finding Security Insights, Patterns, and Anomalies in Big Data Mark Ryan M. Talabis ...
title_full_unstemmed	Information Security Analytics Finding Security Insights, Patterns, and Anomalies in Big Data Mark Ryan M. Talabis ...
title_short	Information Security Analytics
title_sort	information security analytics finding security insights patterns and anomalies in big data
title_sub	Finding Security Insights, Patterns, and Anomalies in Big Data
topic	Datensicherung (DE-588)4011144-1 gnd Big Data (DE-588)4802620-7 gnd
topic_facet	Datensicherung Big Data
url	http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=027771795&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA
work_keys_str_mv	AT talabismarkryanm informationsecurityanalyticsfindingsecurityinsightspatternsandanomaliesinbigdata

Verfügbarkeit

Es ist kein Print-Exemplar vorhanden.

Fernleihe Bestellen Achtung: Nicht im THWS-Bestand! Inhaltsverzeichnis

MARC

Datensatz im Suchindex

Es ist kein Print-Exemplar vorhanden.

Ähnliche Einträge