Secure Computer and Network Systems -- Contents -- Preface -- Part I An Overview of Computer and Network Security -- 1 Assets, Vulnerabilities and Threats of Computer and Network Systems -- 1.1 Risk Assessment -- 1.2 Assets and Asset Attributes -- 1.2.1 Resource, Process and User Assets and their Interactions -- 1.2.2 Cause-Effect Chain of Activity, State and Performance -- 1.2.3 Asset Attributes -- 1.3 Vulnerabilities -- 1.3.1 Boundary Condition Error -- 1.3.2 Access Validation Error and Origin Validation Error -- 1.3.3 Input Validation Error -- 1.3.4 Failure to Handle Exceptional Conditions -- 1.3.5 Synchronization Errors -- 1.3.6 Environment Error -- 1.3.7 Configuration Error -- 1.3.8 Design Error -- 1.3.9 Unknown Error -- 1.4 Threats -- 1.4.1 Objective, Origin, Speed and Means of Threats -- 1.4.2 Attack Stages -- 1.5 Asset Risk Framework -- 1.6 Summary -- References -- 2 Protection of Computer and Network Systems -- 2.1 Cyber Attack Prevention -- 2.1.1 Access and Flow Control -- 2.1.2 Secure Computer and Network Design -- 2.2 Cyber Attack Detection -- 2.2.1 Data, Events and Incidents -- 2.2.2 Detection -- 2.2.3 Assessment -- 2.3 Cyber Attack Response -- 2.4 Summary -- References -- Part II Secure System Architecture and Design -- 3 Asset Protection-Driven, Policy-Based Security Protection Architecture -- 3.1 Limitations of a Threat-Driven Security Protection Paradigm -- 3.2 A new, Asset Protection-Driven Paradigm of Security Protection -- 3.2.1 Data to Monitor: Assets and Asset Attributes -- 3.2.2 Events to Detect: Mismatches of Asset Attributes -- 3.2.3 Incidents to Analyze and Respond: Cause-Effect chains of Mismatch Events -- 3.2.4 Proactive Asset Protection against Vulnerabilities -- 3.3 Digital Security Policies and Policy-Based Security Protection -- 3.3.1 Digital Security Policies -- 3.3.2 Policy-Based Security Protection.

3.4 Enabling Architecture and Methodology -- 3.4.1 An Asset Protection Driven Security Architecture (APDSA) -- 3.4.2 An Inside-Out and Outside-In (IOOI) Methodology of Gaining Knowledge about Data, Events and Incidents -- 3.5 Further Research Issues -- 3.5.1 Technologies of Asset Attribute Data Acquisition -- 3.5.2 Quantitative Measures of Asset Attribute Data and Mismatch Events -- 3.5.3 Technologies for Automated Monitoring, Detection, Analysis and Control of Data, Events, Incidents and COA -- 3.6 Summary -- References -- 4 Job Admission Control for Service Stability -- 4.1 A Token Bucket Method of Admission Control in DiffServ and InteServ Models -- 4.2 Batch Scheduled Admission Control (BSAC) for Service Stability -- 4.2.1 Service Stability in Service Reservation for Instantaneous Jobs -- 4.2.2 Description of BSAC -- 4.2.3 Performance Advantage of the BSAC Router Model Over a Regular Router Model -- 4.3 Summary -- References -- 5 Job Scheduling Methods for Service Differentiation and Service Stability -- 5.1 Job Scheduling Methods for Service Differentiation -- 5.1.1 Weighted Shortest Processing Time (WSPT), Earliest Due Date (EDD) and Simplified Apparent Tardiness Cost (SATC) -- 5.1.2 Comparison of WSPT, ATC and EDD with FIFO in the Best Effort Model and in the DiffServ Model in Service Differentiation -- 5.2 Job Scheduling Methods for Service Stability -- 5.2.1 Weighted Shortest Processing Time - Adjusted (WSPT-A) and its Performance in Service Stability -- 5.2.2 Verified Spiral (VS) and Balanced Spiral (BS) Methods for a Single Service Resource and their Performance in Service -- 5.2.3 Dynamics Verified Spiral (DVS) and Dynamic Balanced Spiral (DBS) Methods for Parallel Identical Resources and their per -- 5.3 Summary -- References -- 6 Job Reservation and Service Protocols for End-To-End Delay Guarantee.

6.1 Job Reservation and Service in InteServ and RSVP -- 6.2 Job Reservation and Service in I-RSVP -- 6.3 Job Reservation and Service in SI-RSVP -- 6.4 Service Performance of I-RSVP and SI-RSVP in Comparison with the Best Effort Model -- 6.4.1 The Simulation of a Small-Scale Computer Network with I-RSVP, SI-RSVP and the Best Effort Model -- 6.4.2 The Simulation of a Large-Scale Computer Network with I-RSVP, SI-RSVP and the Best Effort Model -- 6.4.3 Service Performance of I-RSVP, SI-RSVP and the Best Effort Model -- 6.5 Summary -- References -- Part III Mathematical/Statistical Features and Characteristics of Attack and Normal Use Data -- 7 Collection of Windows Performance Objects Data Under Attack and Normal Use Conditions -- 7.1 Windows Performance Objects Data -- 7.2 Description of Attacks and Normal Use Activities -- 7.2.1 Apache Resource DoS -- 7.2.2 ARP Poison -- 7.2.3 Distributed DoS -- 7.2.4 Fork Bomb -- 7.2.5 FTP Buffer Overflow -- 7.2.6 Hardware Keylogger -- 7.2.7 Remote Dictionary -- 7.2.8 Rootkit -- 7.2.9 Security Audit -- 7.2.10 Software Keylogger -- 7.2.11 Vulnerability Scan -- 7.2.12 Text Editing -- 7.2.13 Web Browsing -- 7.3 Computer Network Setup for Data Collection -- 7.4 Procedure of Data Collection -- 7.5 Summary -- References -- 8 Mean Shift Characteristics of Attack and Normal Use Data -- 8.1 The Mean Feature of Data and Two-Sample Test of Mean Difference -- 8.2 Data Pre-Processing -- 8.3 Discovering Mean Shift Data Characteristics for Attacks -- 8.4 Mean Shift Attack Characteristics -- 8.4.1 Examples of Mean Shift Attack Characteristics -- 8.4.2 Mean Shift Attack Characteristics by Attacks and Windows Performance Objects -- 8.4.3 Attack Groupings Based on the Same and Opposite Attack Characteristics -- 8.4.4 Unique Attack Characteristics -- 8.5 Summary -- References.

9 Probability Distribution Change Characteristics of Attack and Normal Use Data -- 9.1 Observation of Data Patterns -- 9.2 Skewness and Mode Tests to Identify Five Types of Probability Distributions -- 9.3 Procedure for Discovering Probability Distribution Change Data Characteristics for Attacks -- 9.4 Distribution Change Attack Characteristics -- 9.4.1 Percentages of the Probability Distributions Under the Attack and Normal use Conditions -- 9.4.2 Examples of Distribution Change Attack Characteristics -- 9.4.3 Distribution Change Attack Characteristics by Attacks and Windows Performance Objects -- 9.4.4 Attack Groupings Based on the Same and Opposite Attack Characteristics -- 9.4.5 Unique Attack Characteristics -- 9.5 Summary -- References -- 10 Autocorrelation Change Characteristics of Attack and Normal Use Data -- 10.1 The Autocorrelation Feature of Data -- 10.2 Discovering the Autocorrelation Change Characteristics for Attacks -- 10.3 Autocorrelation Change Attack Characteristics -- 10.3.1 Percentages of Variables with Three Autocorrelation Levels Under the Attack and Normal Use Conditions -- 10.3.2 Examples of Autocorrelation Change Attack Characteristics -- 10.3.3 Autocorrelation Change Attack Characteristics by Attacks and Windows Performance Objects -- 10.3.4 Attack Groupings Based on the Same and Opposite Attack Characteristics -- 10.3.5 Unique Attack Characteristics -- 10.4 Summary -- References -- 11 Wavelet Change Characteristics of Attack and Normal Use Data -- 11.1 The Wavelet Feature of Data -- 11.2 Discovering the Wavelet Change Characteristics for Attacks -- 11.3 Wave Change Attack Characteristics -- 11.3.1 Examples of Wavelet Change Attack Characteristics -- 11.3.2 Wavelet Change Attack Characteristics by Attacks and Windows Performance Objects -- 11.3.3 Attack Groupings Based on the Same and Opposite Attack Characteristics.

11.3.4 Unique Attack Characteristics -- 11.4 Summary -- References -- Part IV Cyber Attack Detection: Signature Recognition -- 12 Clustering and Classifying Attack and Normal Use Data -- 12.1 Clustering and Classification Algorithm - Supervised (CCAS) -- 12.2 Training and Testing Data -- 12.3 Application of CCAS to Cyber Attack Detection -- 12.4 Detection Performance of CCAS -- 12.5 Summary -- References -- 13 Learning and Recognizing Attack Signatures Using Artificial Neural Networks -- 13.1 The Structure and Back-Propagation Learning Algorithm of Feedforward ANNs -- 13.2 The ANN Application to Cyber Attack Detection -- 13.3 Summary -- References -- Part V Cyber Attack Detection: Anomaly Detection -- 14 Statistical Anomaly Detection with Univariate and Multivariate Data -- 14.1 EWMA Control Charts -- 14.2 Application of the EWMA Control Chart to Cyber Attack Detection -- 14.3 Chi-Square Distance Monitoring (CSDM) Method -- 14.4 Application of the CSDM Method to Cyber Attack Detection -- 14.5 Summary -- References -- 15 Stochastic Anomaly Detection Using the Markov Chain Model of Event Tansitions -- 15.1 The Markov Chain Model of Event Transitions for Cyber Attack Detection -- 15.2 Detection Performance of the Markov Chain Model-Based Anomaly Detection Technique and Performance Degradation with the i -- 15.3 Summary -- References -- Part VI Cyber Attack Detection: Attack Norm Separation -- 16 Mathematical and Statistical Models of Attack Data and Normal Use Data -- 16.1 The Training Data for Data Modeling -- 16.2 Statistical Data Models for the Mean Feature -- 16.3 Statistical Data Models for the Distribution Feature -- 16.4 Time-Series Based Statistical Data Models for the Autocorrelation Feature -- 16.5 The Wavelet-Based Mathematical Model for the Wavelet Feature -- 16.6 Summary -- References -- 17 Cuscore-Based Attack Norm Separation Models.

17.1 The Cuscore.