Computer network security is concerned with safeguards, responses and controls to prevent, react and respond to attacks perceived on valued information assets. Unfortunately, current technical controls use by enterprises to protect their IT investments are often stand-alone systems, such as intrusion detection systems, firewalls, antivirus systems, anti-malware etc. But these systems provide independent protection to sections of the network or particular systems in the network. Hence, defences offered by these stand-alone systems are often isolated or localised, and consequently, their responses may be insufficient in adequately protecting networks.
Security Framework for Attack Detection in Computer Networks provides an approach in Computer Network protection that combines and integrates the defences offered by stand-alone systems in order to adequately detect widespread attacks. The approach demonstrated in the book is underpinned by sensor, analysis and response defence paradigm. In the framework:
- Sensors are used to gather pieces of attack evidence perceived on the entire network, and to communicate their beliefs to the analysis component.
- At the analysis component, beliefs from sensors are correlated and combined in order to detect and identify perceived attacks.
- Responses are executed in order to mitigate the perceived attacks.
There two fundamental techniques used in the framework to analyse network data and attack evidence, these are: security visualisation and data fusion.
- With security visualisation, pieces of attack evidence perceived in the network are visualised and inspected.
- With data fusion, pieces of attack evidence perceived in the network are combined in order to reduce false positives (errors in data) and accurately identify and detect genuine attacks.
This book provides in-depth practical scenarios and principles, which are very useful for its intended readers, such as students, researchers, security administrators and analysts. This synopsis explains the three fundamental coverage of the book as folows – ISAF, ISAF in Multisensor Fusion and Security Visualisation.
Integrated Security Assistance Framework – ISAF
The idea behind the ISAF is to integrate piece of evidence gathered by myriad heterogeneous defence systems into making decisions about security attacks or threats perceived in the entire network (in the enterprise) which are not possible from a single defence system perspective.
ISAF as a high-level framework assists security administrators:
to detect various security threats and attacks perceived on the enterprise.
to provide swift detection, analysis and response to perceived attacks.
to visualise perceived attacks, which then enable security administrator to provide reliable and adequate mitigation to the perceived attacks.
to detect new and freshly identified attacks.
Security Visualisation in a Multisensor Fusion
This page provides only a synopsis of what is discussed in the book. It is strongly recommended that you read the book. Materials provided in this site are copyrighted materials and are prohibited by law to copy, edit, or modify without authorised written consent from the author, and must be properly referenced when used in an article.