2014년 2월 18일 화요일

Access from the view of big data, Perfection of IDS and MSS


This book pays an attention to a overlooked problem of security solutions and MSS(Managed Security Services) for more than 30 years. 


It explains problems of pattern matching technique, which mainly used in rule based security solutions such as IDS, IPS, WAF(Web Application Firewall), etc and the process which could be used to solve the problems with real world examples from the view of big data analysis.

The main problem with MSS(Managed Security Service) work field is that there are just too much logs to analyze and this is because there are too much false positives from the security solutions.

Traditionally, in order to reduce false positives, SIEM(Security Information Event Management) solution was used to observe repetition rate of a particular rule or they just used a reputation based database. 

This book explains how to analyze false positivies and improve the accuracy of the ruleset by analyzing raw data which has been overlooked the importance of itself in the past.

[ Table of Contents ]
1. Background of MSS
1.1 Beginning of computer crime
1.2 Introuduction of MSS

2. MSS solutions
2.1 Firewall
2.2 IDS/IPS
2.3 Anti DDoS
2.4 Web Application Firewall
2.5 ESM(SIEM)
2.6 Etc

3. Organization and role in MSS
3.1 Organization Structure
3.2 Role

4. IDS
4.1 IDS introduction
4.2 Problem of the IDS
4.3 IDS rules

5. Methodology of analysis
5.1 3 steps approach
5.2 Sample survey
5.3 Text normalization

6. Pattern based analysis 
6.1 malicious code by iframe
6.2 Remote File Inclusion
6.3 Suspicious web - x.htm

7. Quantity based analysis
7.1 Scan
7.2 DDoS

8. Anomaly based analysis
8.1 Why perform anomaly based analysis
8.2 entire events
8.3 by rule name
8.4 by attacker/victim
8.5 by source country
8.6 Real world example

9. Perfection of rule base security solutions
9.1 Current situation of the industry
9.2 Improvement suggestion of rule base security solutions
9.3 Details of the direction of rule base security solutions

댓글 없음:

댓글 쓰기

크리에이티브 커먼즈 라이선스