| 000 -LEADER |
|---|
| fixed length control field |
09064nam a2201105 i 4500 |
| 001 - CONTROL NUMBER |
|---|
| control field |
8089991 |
| 003 - CONTROL NUMBER IDENTIFIER |
|---|
| control field |
IEEE |
| 005 - DATE AND TIME OF LATEST TRANSACTION |
|---|
| control field |
20200413152926.0 |
| 006 - FIXED-LENGTH DATA ELEMENTS--ADDITIONAL MATERIAL CHARACTERISTICS |
|---|
| fixed length control field |
m eo d |
| 007 - PHYSICAL DESCRIPTION FIXED FIELD--GENERAL INFORMATION |
|---|
| fixed length control field |
cr cn |||m|||a |
| 008 - FIXED-LENGTH DATA ELEMENTS--GENERAL INFORMATION |
|---|
| fixed length control field |
171025s2018 caua foab 001 0 eng d |
| 020 ## - INTERNATIONAL STANDARD BOOK NUMBER |
|---|
| International Standard Book Number |
9781681731100 |
| Qualifying information |
ebook |
| 020 ## - INTERNATIONAL STANDARD BOOK NUMBER |
|---|
| Canceled/invalid ISBN |
9781681731094 |
| Qualifying information |
print |
| 024 7# - OTHER STANDARD IDENTIFIER |
|---|
| Standard number or code |
10.2200/S00800ED1V01Y201709SPT022 |
| Source of number or code |
doi |
| 035 ## - SYSTEM CONTROL NUMBER |
|---|
| System control number |
(CaBNVSL)swl00407896 |
| 035 ## - SYSTEM CONTROL NUMBER |
|---|
| System control number |
(OCoLC)1007539141 |
| 040 ## - CATALOGING SOURCE |
|---|
| Original cataloging agency |
CaBNVSL |
| Language of cataloging |
eng |
| Description conventions |
rda |
| Transcribing agency |
CaBNVSL |
| Modifying agency |
CaBNVSL |
| 050 #4 - LIBRARY OF CONGRESS CALL NUMBER |
|---|
| Classification number |
QA76.9.A25 |
| Item number |
Y262 2018 |
| 082 04 - DEWEY DECIMAL CLASSIFICATION NUMBER |
|---|
| Classification number |
005.8 |
| Edition number |
23 |
| 100 1# - MAIN ENTRY--PERSONAL NAME |
|---|
| Personal name |
Yao, Danfeng |
| Fuller form of name |
(Daphne), |
| Relator term |
author. |
| 245 10 - TITLE STATEMENT |
|---|
| Title |
Anomaly detection as a service : |
| Remainder of title |
challenges, advances, and opportunities / |
| Statement of responsibility, etc. |
Danfeng (Daphne) Yao, Xiaokui Shu, Long Cheng, Salvatore J. Stolfo. |
| 264 #1 - PRODUCTION, PUBLICATION, DISTRIBUTION, MANUFACTURE, AND COPYRIGHT NOTICE |
|---|
| Place of production, publication, distribution, manufacture |
[San Rafael, California] : |
| Name of producer, publisher, distributor, manufacturer |
Morgan & Claypool, |
| Date of production, publication, distribution, manufacture, or copyright notice |
2018. |
| 300 ## - PHYSICAL DESCRIPTION |
|---|
| Extent |
1 PDF (xv, 157 pages) : |
| Other physical details |
illustrations. |
| 336 ## - CONTENT TYPE |
|---|
| Content type term |
text |
| Source |
rdacontent |
| 337 ## - MEDIA TYPE |
|---|
| Media type term |
electronic |
| Source |
isbdmedia |
| 338 ## - CARRIER TYPE |
|---|
| Carrier type term |
online resource |
| Source |
rdacarrier |
| 490 1# - SERIES STATEMENT |
|---|
| Series statement |
Synthesis lectures on information security, privacy, and trust, |
| International Standard Serial Number |
1945-9750 ; |
| Volume/sequential designation |
# 22 |
| 538 ## - SYSTEM DETAILS NOTE |
|---|
| System details note |
Mode of access: World Wide Web. |
| 538 ## - SYSTEM DETAILS NOTE |
|---|
| System details note |
System requirements: Adobe Acrobat Reader. |
| 500 ## - GENERAL NOTE |
|---|
| General note |
Part of: Synthesis digital library of engineering and computer science. |
| 504 ## - BIBLIOGRAPHY, ETC. NOTE |
|---|
| Bibliography, etc. note |
Includes bibliographical references (pages 117-147) and index. |
| 505 0# - FORMATTED CONTENTS NOTE |
|---|
| Formatted contents note |
1. Introduction -- 1.1 Applications of anomaly detection -- 1.2 Cohen's impossibility results -- 1.3 Zero-day exploits and APT -- 1.4 Challenges of democratizing anomaly detection technologies -- 1.5 Major developments on program anomaly detection -- 1.6 New opportunities -- |
| 505 8# - FORMATTED CONTENTS NOTE |
|---|
| Formatted contents note |
2. Threat models -- 2.1 Faults vs. attacks and safety vs. security -- 2.2 Data-oriented attacks -- 2.3 Insider threats and inadvertent data leaks -- 2.4 Attacks on control flows -- 2.5 Mimicry attacks -- 2.6 Segment length and mimicry attack difficulty -- |
| 505 8# - FORMATTED CONTENTS NOTE |
|---|
| Formatted contents note |
3. Local vs. global program anomaly detection -- 3.1 One big model vs. multiple small models -- 3.1.1 Modeling byte distributions -- 3.1.2 Multiple clusters for multiple behaviors -- 3.1.3 Suitability test -- 3.2 Local anomaly detection -- 3.2.1 n-gram -- 3.2.2 Hidden Markov model (HMM) -- 3.2.3 Finite-state automaton (FSA) -- 3.3 Global anomaly detection -- 3.3.1 Examples of global anomalies and detection attempts -- 3.3.2 Segmentation and representing infinite traces -- 3.3.3 Inter-cluster and intra-cluster anomalies -- |
| 505 8# - FORMATTED CONTENTS NOTE |
|---|
| Formatted contents note |
4. Program analysis in data-driven anomaly detection -- 4.1 Security impact of incomplete training data -- 4.2 Program analysis for guiding classifiers -- 4.2.1 Quantifying control-flow graph -- 4.2.2 Interfacing with Markov model -- 4.2.3 Improving context sensitivity -- 4.3 Program analysis for Android malware detection -- 4.3.1 Android threat model and national security -- 4.3.2 Data-dependence graph and Android malware examples -- 4.3.3 User-trigger dependence-based detection -- 4.4 Formal language model for anomaly detection -- |
| 505 8# - FORMATTED CONTENTS NOTE |
|---|
| Formatted contents note |
5. Anomaly detection in cyber-physical systems -- 5.1 CPS security challenges -- 5.1.1 Background on CPS -- 5.1.2 Security and the physical world -- 5.2 Overview of cps anomaly detection -- 5.3 Event-aware anomaly detection (EAD) framework -- 5.3.1 Data-oriented attacks on CPS -- 5.3.2 Reasoning cyber-physical execution semantics -- 5.4 Event-aware finite-state automaton for CPS -- 5.4.1 Definition of eFSA -- 5.4.2 Event-aware detection in eFSA -- 5.5 Evaluation of control-branch and control-intensity detection -- 5.6 Deployment of CPS anomaly detection -- |
| 505 8# - FORMATTED CONTENTS NOTE |
|---|
| Formatted contents note |
6. Anomaly detection on network traffic -- 6.1 Threats of clandestine network activities -- 6.2 Sensemaking of network traffic for anomaly detection -- 6.2.1 Extrusion detection in BINDER and its generalization -- 6.2.2 Multi-host causality and reasoning -- 6.2.3 Collaborative sensemaking -- 6.3 Definition of triggering-relation discovery -- 6.4 Discovery of triggering-relation graphs for host security -- 6.5 Sparsity of triggering relations and cost matrix -- |
| 505 8# - FORMATTED CONTENTS NOTE |
|---|
| Formatted contents note |
7. Automation and evaluation for anomaly detection deployment -- 7.1 Model drift and adapting anomaly detection to changes -- 7.2 Sanitizing training data -- 7.2.1 Overview of sanitization approaches -- 7.2.2 Impact of basic sanitization -- 7.2.3 Impact of collaborative sanitization -- 7.3 Self-calibration and gradual retraining -- 7.3.1 Automatic training optimization -- 7.3.2 Automatic threshold selection -- 7.3.3 Performance under self-calibration -- 7.3.4 Gradual retraining -- 7.4 Tracing overhead and Intel PT -- 7.5 Experimental evaluation for data-driven anomaly detection -- |
| 505 8# - FORMATTED CONTENTS NOTE |
|---|
| Formatted contents note |
8. Anomaly detection from the industry's perspective -- 8.1 Anomaly detection in payment card industry -- 8.2 Security operation centers (SOC) -- 8.3 Anomaly detection in the pyramid -- 8.4 Building your own anomaly detection toolkit -- 8.5 Leveraging external knowledge in cyber security pyramid -- |
| 505 8# - FORMATTED CONTENTS NOTE |
|---|
| Formatted contents note |
9. Exciting new problems and opportunities -- 9.1 Deep learning and instruction-level anomaly detection -- 9.2 Post-detection forensic, repair, and recovery -- 9.3 Anomaly detection of concurrency attacks -- 9.4 Mimicry generation, insider threat detection, automation, and knowledge base -- |
| 505 8# - FORMATTED CONTENTS NOTE |
|---|
| Formatted contents note |
Bibliography -- Authors' biographies -- Index. |
| 506 ## - RESTRICTIONS ON ACCESS NOTE |
|---|
| Terms governing access |
Abstract freely available; full-text restricted to subscribers or individual document purchasers. |
| 510 0# - CITATION/REFERENCES NOTE |
|---|
| Name of source |
Compendex |
| 510 0# - CITATION/REFERENCES NOTE |
|---|
| Name of source |
INSPEC |
| 510 0# - CITATION/REFERENCES NOTE |
|---|
| Name of source |
Google scholar |
| 510 0# - CITATION/REFERENCES NOTE |
|---|
| Name of source |
Google book search |
| 520 3# - SUMMARY, ETC. |
|---|
| Summary, etc. |
Anomaly detection has been a long-standing security approach with versatile applications, ranging from securing server programs in critical environments, to detecting insider threats in enterprises, to anti-abuse detection for online social networks. Despite the seemingly diverse application domains, anomaly detection solutions share similar technical challenges, such as how to accurately recognize various normal patterns, how to reduce false alarms, how to adapt to concept drifts, and how to minimize performance impact. They also share similar detection approaches and evaluation methods, such as feature extraction, dimension reduction, and experimental evaluation. The main purpose of this book is to help advance the real-world adoption and deployment anomaly detection technologies, by systematizing the body of existing knowledge on anomaly detection. This book is focused on data-driven anomaly detection for software, systems, and networks against advanced exploits and attacks, but also touches on a number of applications, including fraud detection and insider threats.We explain the key technical components in anomaly detection workflows, give in-depth description of the state-of-the-art data-driven anomaly-based security solutions, and more importantly, point out promising new research directions. This book emphasizes on the need and challenges for deploying service-oriented anomaly detection in practice, where clients can outsource the detection to dedicated security providers and enjoy the protection without tending to the intricate details. |
| 530 ## - ADDITIONAL PHYSICAL FORM AVAILABLE NOTE |
|---|
| Additional physical form available note |
Also available in print. |
| 588 ## - SOURCE OF DESCRIPTION NOTE |
|---|
| Source of description note |
Title from PDF title page (viewed on October 25, 2017). |
| 650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM |
|---|
| Topical term or geographic name entry element |
Anomaly detection (Computer security) |
| 653 ## - INDEX TERM--UNCONTROLLED |
|---|
| Uncontrolled term |
anomaly detection |
| 653 ## - INDEX TERM--UNCONTROLLED |
|---|
| Uncontrolled term |
data driven |
| 653 ## - INDEX TERM--UNCONTROLLED |
|---|
| Uncontrolled term |
proactive defense |
| 653 ## - INDEX TERM--UNCONTROLLED |
|---|
| Uncontrolled term |
program and software security |
| 653 ## - INDEX TERM--UNCONTROLLED |
|---|
| Uncontrolled term |
system and network security |
| 653 ## - INDEX TERM--UNCONTROLLED |
|---|
| Uncontrolled term |
outsource |
| 653 ## - INDEX TERM--UNCONTROLLED |
|---|
| Uncontrolled term |
anomaly detection as a service |
| 653 ## - INDEX TERM--UNCONTROLLED |
|---|
| Uncontrolled term |
deployment |
| 653 ## - INDEX TERM--UNCONTROLLED |
|---|
| Uncontrolled term |
data science |
| 653 ## - INDEX TERM--UNCONTROLLED |
|---|
| Uncontrolled term |
classification |
| 653 ## - INDEX TERM--UNCONTROLLED |
|---|
| Uncontrolled term |
machine learning |
| 653 ## - INDEX TERM--UNCONTROLLED |
|---|
| Uncontrolled term |
novelty detection |
| 653 ## - INDEX TERM--UNCONTROLLED |
|---|
| Uncontrolled term |
program analysis |
| 653 ## - INDEX TERM--UNCONTROLLED |
|---|
| Uncontrolled term |
control flow |
| 653 ## - INDEX TERM--UNCONTROLLED |
|---|
| Uncontrolled term |
data flow |
| 653 ## - INDEX TERM--UNCONTROLLED |
|---|
| Uncontrolled term |
semantic gap |
| 653 ## - INDEX TERM--UNCONTROLLED |
|---|
| Uncontrolled term |
inference and reasoning |
| 653 ## - INDEX TERM--UNCONTROLLED |
|---|
| Uncontrolled term |
code-reuse attack |
| 653 ## - INDEX TERM--UNCONTROLLED |
|---|
| Uncontrolled term |
data-oriented attack |
| 653 ## - INDEX TERM--UNCONTROLLED |
|---|
| Uncontrolled term |
advanced persistent threat |
| 653 ## - INDEX TERM--UNCONTROLLED |
|---|
| Uncontrolled term |
zero-day exploit |
| 653 ## - INDEX TERM--UNCONTROLLED |
|---|
| Uncontrolled term |
system tracing |
| 653 ## - INDEX TERM--UNCONTROLLED |
|---|
| Uncontrolled term |
hardware tracing |
| 653 ## - INDEX TERM--UNCONTROLLED |
|---|
| Uncontrolled term |
false negative |
| 653 ## - INDEX TERM--UNCONTROLLED |
|---|
| Uncontrolled term |
false positive |
| 653 ## - INDEX TERM--UNCONTROLLED |
|---|
| Uncontrolled term |
performance |
| 653 ## - INDEX TERM--UNCONTROLLED |
|---|
| Uncontrolled term |
usability |
| 653 ## - INDEX TERM--UNCONTROLLED |
|---|
| Uncontrolled term |
insider threat |
| 653 ## - INDEX TERM--UNCONTROLLED |
|---|
| Uncontrolled term |
fraud detection |
| 653 ## - INDEX TERM--UNCONTROLLED |
|---|
| Uncontrolled term |
cyber intelligence |
| 653 ## - INDEX TERM--UNCONTROLLED |
|---|
| Uncontrolled term |
automation |
| 653 ## - INDEX TERM--UNCONTROLLED |
|---|
| Uncontrolled term |
democratization of technology |
| 653 ## - INDEX TERM--UNCONTROLLED |
|---|
| Uncontrolled term |
Linux |
| 653 ## - INDEX TERM--UNCONTROLLED |
|---|
| Uncontrolled term |
Android |
| 653 ## - INDEX TERM--UNCONTROLLED |
|---|
| Uncontrolled term |
x86 |
| 653 ## - INDEX TERM--UNCONTROLLED |
|---|
| Uncontrolled term |
ARM |
| 655 #0 - INDEX TERM--GENRE/FORM |
|---|
| Genre/form data or focus term |
Electronic books. |
| 700 1# - ADDED ENTRY--PERSONAL NAME |
|---|
| Personal name |
Shu, Xiaokui, |
| Relator term |
author. |
| 700 1# - ADDED ENTRY--PERSONAL NAME |
|---|
| Personal name |
Cheng, Long |
| Titles and other words associated with a name |
(Computer scientist), |
| Relator term |
author. |
| 700 1# - ADDED ENTRY--PERSONAL NAME |
|---|
| Personal name |
Stolfo, Salvatore J. |
| Fuller form of name |
(Salvatore Joseph), |
| Relator term |
author. |
| 776 08 - ADDITIONAL PHYSICAL FORM ENTRY |
|---|
| Relationship information |
Print version: |
| International Standard Book Number |
9781681731094 |
| 830 #0 - SERIES ADDED ENTRY--UNIFORM TITLE |
|---|
| Uniform title |
Synthesis digital library of engineering and computer science. |
| 830 #0 - SERIES ADDED ENTRY--UNIFORM TITLE |
|---|
| Uniform title |
Synthesis lectures on information security, privacy, and trust ; |
| Volume/sequential designation |
# 22. |
| International Standard Serial Number |
1945-9750 |
| 856 42 - ELECTRONIC LOCATION AND ACCESS |
|---|
| Materials specified |
Abstract with links to resource |
| Uniform Resource Identifier |
http://ieeexplore.ieee.org/servlet/opac?bknumber=8089991 |
