Enhancing Computer Security With Smart Technology | Complete Tutorial

Tutorials & Methods
,
1

-
-626Ă—590 301 KB

This book is about enhancing computer security through smart technology. This is compiled with the intention of bringing together two groups of people: those coming from a computer security background and those from an artificial intelligence and machine learning background. Toward this objective, this book is organized into two parts. The first part provides tutorial introductions to some of the challenging problems in computer security to students and researchers coming from the area of machine learning. The second part introduces some of the more important machine learning concepts to students coming from the computer security area. Space here is not adequate to cover the entire range of issues pertaining to machine learning and computer security. Emphasis is therefore placed on problems related to the detection of intrusions by using machine learning methods. Although complexity issues (sample complexity and computational complexity) play significant roles in the computational learning theory, much of the emphasis here is on practical algorithmic aspects of machine learning and its role in computer security.

This book is conceived as a collection of tutorial chapters. Each selfcontained chapter is written by a specialist in the subject field. A reader who has a basic background in computer science, such as that represented by a B.S. degree in computer science, but not necessarily some background either in security or in machine learning, should be able to read, understand, and benefit from this book. This book is not about recipes to secure your computer from attacks.

Contents

  • 1 Cyber-Security and Cyber-Trust …
  • 1.1 Introduction …
  • 1.2 Cyber-Security…
  • 1.3 Cyber-Trust…
  • 1.3.1 Challenge 1: The Distribution of Expertise …
  • 1.3.2 Challenge 2: Proliferating Devices and Functionality …
  • 1.3.3 Challenge 3: Burgeoning Purposes …
  • 1.4 What the Future Holds …
  • 2 Network Firewalls …
  • Kenneth Ingham and Stephanie Forrest
  • Abstract …
  • 2.1 Introduction …
  • 2.2 The Need for Firewalls…
  • 2.3 Firewall Architectures…
  • 2.3.1 Packet Filtering…
  • 2.3.1.1 Packet Filtering with State …
  • 2.3.1.2 Improving Packet Filter Specification …
  • 2.3.2 Proxies …
  • 2.4 Firewalls at Various ISO Network Layers…
  • 2.4.1 Physical Layer…
  • 2.4.2 Data-Link Layer …
  • 2.4.2.1 Filtering on MAC Address…
  • 2.4.2.2 Bridging Firewalls…
  • 2.4.3 Network …
  • 2.4.3.1 Network- and Host-Based Filtering…
  • 2.4.3.2 Multicast…
  • 2.4.3.3 NAT…
  • 2.4.4 Transport…
  • 2.4.5 Presentation …
  • 2.4.6 Application…
  • viii  Enhancing Computer Security with Smart Technology
  • 2.5 Other Approaches …
  • 2.5.1 Distributed Firewalls …
  • 2.5.2 Dynamic Firewalls…
  • 2.5.3 Normalization …
  • 2.5.4 Signature-Based Firewalls…
  • 2.5.5 Transient Addressing…
  • 2.6 Firewall Testing …
  • 2.7 What Firewalls Do Not Protect Against …
  • 2.7.1 Data That Passes through the Firewall …
  • 2.7.2 Servers on the DMZ …
  • 2.7.3 Insider Attacks…
  • 2.8 Future Challenges for Firewalls …
  • 2.8.1 VPNs…
  • 2.8.2 Peer-to-Peer Networking …
  • 2.8.3 HTTP as a “Universal Transport Protocol” …
  • 2.9 Conclusion …
  • References…
  • 3 Web Application Security: The Next Battleground …
  • Abhishek Kumar, Roshen Chandran, and Vinod Vasudevan
  • 3.1 Threats to Web Applications …
  • 3.1.1 Origin of the Risks…
  • 3.2 Vulnerabilities in Web Applications…
  • 3.3 Attack Techniques …
  • 3.3.1 SQL Injection …
  • 3.3.1.1 SQL Injection — Bypass Authentication…
  • 3.3.1.2 SQL Injection — Bypass Authentication,
  • a Variation …
  • 3.3.1.3 SQL Injection — Get Unauthorized Access
  • to Data…
  • 3.3.1.4 SQL Injection — Get Unauthorized Access
  • to Data by Using the “Union” Operator …
  • 3.3.2 Cross-Site Scripting…
  • 3.3.2.1 Cross-Site Scripting to Steal a Session Cookie…
  • 3.3.2.2 Cross-Site Scripting to Steal Credit Card
  • Information…
  • 3.3.3 Stealing Passwords with Browser Refresh …
  • 3.3.4 Variable Manipulation Attacks…
  • 3.4 Preventing Vulnerabilities in Web Applications…
  • 3.4.1 Requirements …
  • 3.4.2 Design …
  • 3.4.3 Development …
  • 3.4.4 Testing…
  • 3.5 Conclusion …
  • Notes …
  • References…
  • Contents  ix
  • 4 Relevance of Machine Learning …
  • V Rao Vemuri
  • 4.1 Introduction …
  • 4.2 Place of Intrusion Detection in the Security Landscape…
  • 4.3 Machine Learning beyond Intrusion Detection …
  • 4.4 Machine Learning and Computational Learning Theory …
  • 4.5 Some Popular Machine Learning Methods …
  • And much much more…

Go To Base64 & Decode:

aHR0cHM6Ly9tZWdhLm56L2ZpbGUvZUs0SG5BamIjV0xpWE5wUE55N2FlWE5lc0J6M3hZUG56VGpVc1pFcm4yNW5KOXVZRjdQbw==

Enjoy!

5 Likes