E-Book, Englisch, Band 31, 159 Seiten, eBook
Singhal Data Warehousing and Data Mining Techniques for Cyber Security
1. Auflage 2007
ISBN: 978-0-387-47653-7
Verlag: Springer US
Format: PDF
Kopierschutz: 1 - PDF Watermark
E-Book, Englisch, Band 31, 159 Seiten, eBook
Reihe: Advances in Information Security
ISBN: 978-0-387-47653-7
Verlag: Springer US
Format: PDF
Kopierschutz: 1 - PDF Watermark
Data warehousing and data mining provide techniques for collecting information from distributed databases and for performing data analysis. The ever expanding, tremendous amount of data collected and stored in large databases has far exceeded our human ability to comprehend--without the proper tools. There is a critical need for data analysis that can automatically analyze data, summarize it and predict future trends. In the modern age of Internet connectivity, concerns about denial of service attacks, computer viruses and worms are extremely important.
Data Warehousing and Data Mining Techniques for Cyber Security contributes to the discipline of security informatics. The author discusses topics that intersect cyber security and data mining, while providing techniques for improving cyber security. Since the cost of information processing and internet accessibility is dropping, an increasing number of organizations are becoming vulnerable to cyber attacks. This volume introduces techniques for applications in the area of retail, finance, and bioinformatics, to name a few.
Data Warehousing and Data Mining Techniques for Cyber Security is designed for practitioners and researchers in industry. This book is also suitable for upper-undergraduate and graduate-level students in computer science.
Zielgruppe
Professional/practitioner
Autoren/Hrsg.
Weitere Infos & Material
An Overview of Data Warehouse, OLAP and Data Mining Technology.- Network and System Security.- Intrusion Detection Systems.- Data Mining for Intrusion Detection.- Data Modeling and Data Warehousing Techniques to Improve Intrusion Detection.- Minds: Architecture & Design.- Discovering Novel Attack Strategies from Infosec Alerts.
1. VIRUSES AND RELATED THREATS (p. 36)
This section briefly discusses a variety of software threats. We first present information about computer viruses and worms followed by techniques to handle them.
A virus is a program that can "infect" other programs by modifying them and inserting a copy of itself into the program. This copy can then go to infect other programs. Just like its biological counterpart, a computer virus carries in its instructional code the recipe for making perfect copies of itself. A virus attaches itself to another program and then executes secretly when the host program is run.
During it lifetime a typical virus goes through the following stages:
Dormant Phase: In this state the virus is idle waiting for some event to happen before it gets activated. Some examples of these events are date/timestamp, presence of another file or disk usage reaching some capacity.
Propagation Phase: In this stage the virus makes an identical copy of itself and attaches itself to another program. This infected program contains the virus and will in turn enter into a propagation phase to transmit the virus to other programs.
Triggering Phase: In this phase the virus starts performing the function it was intended for. The triggering phase can also be caused by a set of events.
Execution Phase: In this phase the virus performs its fiinction such as damaging programs and data files.
1.1 Types of Viruses
The following categories give the most significant types of viruses.
Parasitic Virus: This is the most common kind of virus. It attaches itself to executable files and replicates when that program is executed.
Memory Resident Virus: This kind of virus resides in main memory. When ever a program is loaded into memory for execution, it attaches itself to that program.
Boot Sector Virus: This kind of virus infects the boot sector and it spreads when the system is booted from the disk.
Stealth Virus: This is a special kind of virus that is designed to evade itself from detection by antivirus software.
Polymorphic virus: This kind of virus that mutates itself as it spreads from one program to the next, making it difficult to detect using the "signature" methods.
1.2 Macro Viruses
In recent years macro viruses have become quite popular. These viruses exploit certain features found in Microsoft Office Applications such as MS Word or MS Excel. These applications have a feature called macro that people use to automate repetitive tasks.
The macro is written in a programming language such as Basic. The macro can be set up so that it is invoked when a certain function key is pressed. Certain kinds of macros are auto execute, they are automatically executed upon some events such as starting the execution of a program or opening of a file. These auto execution macros are often used to spread the virus.
New version of MS Word provides mechanisms to protect itself from macro virus. One example of this tool is a Macro Virus Protection tool that can detect suspicious Word files and alert the customer about a potential risk of opening a file with macros.
