Home

 

Texts, Web Sites and Papers (to be updated)


Texts Referenced

  • J.F. Kurose and K.W. Ross, Computer Networking: A Top Down Approach Featuring the Internet: Third Edition, Addison Wesley (2004). A good general reference for computer networks.
  • S. Sarwar, R. Koretsky and S.A. Sarwar, Linux: The Textbook, Addison Wesley (2002). A Linux reference.
  • W. Richard Stevens, TCP/IP Illustrated, Volume 1 - The Protocols, Addison Wesley (1994).
  • John T. Moy, OSPF, Anatomy of an Internet Routing Protocol, Addison Wesley, 1998.
  • M. Bishop, Computer Security, Addison Wesley (2003).
  • R. Bejtlich The Tao of Network Security Monitoring, Addison Wesley (2005).
  • D. Farmer and W. Venema,Forensic Discovery, Addison Wesley (2005). See chapter 5 on system subversion.
  • Mirkovic, J., Dietrich, S., Dittrich, D., and Reiher, P. Internet Denial of Service: Attack and Defense Mechansims , Prentice Hall (2005).
  • D. Solove, M. Rotenberg, and P. Schwartz, Privacy, Information, and Technology, Aspen Publishers (2005).

Web Sites

    Computer Security

  • www.cert.org The Cert Coordination Center for security expertise at Carnegie Mellon University.
  • CERT Forensics Guide for First Responders
  • http://csrc.nist.gov/ National Institute of Standards Computer Security Division home page.
  • www.securityfocus.com A good site for web and Internet security information.
  • www.computer.org IEEE Computer Magazine home page.

    Computer Networks and Operating Systems(utilities and tools)

  • www.linuxdoc.org Latest Linux documentation and How To documents.
  • www.netfilter.org Documentation for netfilter (Linux IPTables)
  • www.ssh.com Home page for Secure Shell Communications, which provides a commercial version of SSH. Contains many SSH resources.
  • www.snort.org Home page for the Snort program, a packet sniffer and intrusion detection system.
  • www.wireshark.org A packet sniffer for Windows and Linux systems. Read the documentation carefully before downloading and installing.
  • A Perl Tutorial This tutorial introduces Perl variables, control statements, and special operators that are used for string processing.
  • Linux/UNIX Tutorials Learn basic commands needed to create and run programs in a Linux environment.
Papers, Reports and Monographs

    General Forensics

  • Garfinkle, S. Network Forensics: Tapping the Internet. O'Reilly Network, April 2002. Available at http://www.oreillynet.com/lpt/a/1733.
  • Kent, K., Chevalier,S., Grace, T., and Dang, H. Guide to Integrating Forensic Techniques Into Incident Response: Recommendations of the NIST. NIST Special Publi cation 800-86, August 2006. Available at http://csrc.nist.gov/publications/nistpubs/800-86/SP800-86.pdf
  • McKimmesh, R. What is forensic computing? Australian Institute of Crimonology:Trends and Issues in Crime and Criminal Justice, Report No. 118., Canberra ACT, June 1999.
  • Mohay, G., Anderson, A., Collies, B., de Vel, O., McKemmish, R., Computer and Intrusion Forensics, Artech House, Inc., Norwood, MA, 2003.
  • Mukkamala S., Sung, A. H., Identifying Significant Features for Network Forensic Analysis, International Journal of Digital Evidence, vol. 1, no. 4, winter 2002.
  • Poulsen, K. FBI Busts Alleged DDoS Mafia. Available at http://www.securityfocus.com/news/9411
  • Shanmungasundaram, K., Memon, N., Savant, A. and Bronnimann, H. Fornet: A Distributed Forensics Network. The Second International Workshop on Mathematical Methods, Models and Architectures for Computer Networks, St. Petersburg, 2003. Available at http://www.cs.umd.edu/Honors/reports/ForNet2004.pdf
  • Sparrow, M.K. The application of network analysis to criminal intelligence. Social Networks, Vol. 13, 1991, pp. 251-27.
  • Verizon Inc. 2009 Data Breach Investigations Report. Available at http://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdf
  • Yasinac, A., Manzano, Y., Polices to Enhance Computer and Network Forensics, Proceedings of the 2001 IEEE Workshop on Information Assurance and Security, Westpoint, NY, June 2001, pp. 289-295.
  • Yasinac, A., Manzano, Y., Polices to Enhance Computer and Network Forensics, Proceedings of the 2001 IEEE Workshop on Information Assurance and Security, Westpoint, NY, June 2001, pp. 289-295.

    Forensics and Data Mining

  • Huang, N., Kao, C., Hun, H., Jai, G., Lin, C., Apply Data Mining to Defense-in-depth network security system, Proceedings of the 19th International Conference on Advanced Information Networking and Applications (AINA 05), ,New York, NY, 2005, pp. 1-4.
  • Hussain, A., Heidmann, C. and Papadopoulous, C. Identification of Repeated Attacks Using Network Traffic Forensics. Information Sciences Institute, USC, Los Angeles, CA, June 2, 2004.
  • Mukkamala, S. and Sung, A.H. Identifying Significant Features for Network Forensic Analysis Using Artificial Intelligence Techniques. Journal of Digital Evidence , Vol. 1, No. 4, Winter 2003, pp. 1-17.
  • Xu, J.J. and Chen, H. CrimeNet Explorer: A Framework for Criminal Network Knowledge Discover. ACM Transactions on Information Systems, Vol. 23, No. 2, April 2005, pp. 201-226.
  • Zhang, Z., Salerno, J., Yu, P., Applying Data mining in Investigating Money Laundering Crimes, Proceedings of the Ninth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, New York, NY, 2003, pp. 747-752.

    Denial-Of-Service

  • Hussain, A., Heidmann, C., Papadopoulous, C. Identification of Repeated Attacks Using Network Traffic Forensics. Information Sciences Institute, USC, Los Angeles, CA, June 2, 2004
  • Lipson, Howard, F. Tracking and Tracing Cyber-Attacks: Technical Challenges and Global Policy Issues. Cert Coordination Center, Carnegie Mellon University, Pittsburgh, PA, November 2002
  • Moore, D., Voelker, G. M., and Savage, S. Inferring Internet Denial-of-Service Activity. Proceedings of the 10th USENIX Security Symposium, Washington, DC, August 13, 2001.

    Intrusion Detection

  • Aho, A., and Corasick, M.J. Efficient string matching: an aid to bibliographic search. Communications of the ACM, vol. 18, no. 6, pp. 333-340, June 1975.
  • Abbes, T, Bouhoula, A., Rusinowitch, M., On the Fly Pattern Matching for Intrusion Dection with Snort, Loira-INRIA Lorraine, Viller-Les Nancy cedex, AL, 2005
  • Lee, W., Stolfo S.J., and Mok W. A Data Mining Framework for Building Intrusion Detection Models. Proceedings of the 7th USENIX Security Symposium, San Antonio, TX, May 1999, pp. 120-132.
  • Leu, F., Lin, J., Li, M., and Yang, C. Integrating Grid with Intrusion Detection. Proceedings of the 19th International Conference on Advanced Information Networking and Applications (AINA '05), 2005, pp. 1-6.
  • Liu, R, Huang, N., Chen, C., Kao, C. A fast string-matching algorithm for network processor based intrusion detection systems. ACM Transactions on Imbedded Computing, vol. 3, no. 3, pp. 614-633, 2004.
  • Net Optics Inc. White Paper: Deploying Network Taps with Intrusion Detection Systems. NetOptics Inc., Mountain View, CA, 2003. Available at http://www.netoptics.com/products/pdf/Taps-and-IDS.pdf
  • Norton, M. Optimizing Pattern Matching for Intrusion Detection. Report, Sourcefire, Inc., Columbia, MD, September 2004. Available at http://www.sourcefire.com/products/library.html
  • Norton, M. Snort 2.0 Rule Optimizer. Report, Sourcefire, Inc., Columbia, MD, April 2004. Available at http://www.sourcefire.com/products/library.html
  • Soliman, M., El-Helw, A. Network intrusion detection system using Bloom filters. Report, School of Computer Science, University of Waterloo, Waterloo, AL, winter 2005.
  • Wang, K. and Stolfo, S. Anomalous Payload-based Network Intrusion Detection, Report, Computer Science Department, Columbia University, New York, NY. Available at http://www1.cs.columbia.edu/ids/publications/RAID-final.pdf

    General Networking

  • Steenkiste, P. A Network Project Course Based on Network Processors. Proceedings of the 34th SIGCSE Technical Symposium on Computer Science Education, Reno, NV, Feb. 19-23, 2003, pp. 262-266.