Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
Anomaly detection as a service : challenges, advances, and opportunities
Yao D., Shu X., Cheng L., Stolfo S., Morgan & Claypool Publishers, San Rafael, CA, 2017. 173 pp. Type: Book (978-1-681731-09-4)
Date Reviewed: Apr 25 2018

Written by a team of well-known academic researchers and authors of landmark papers in the area of system and network security, this book is a distilled and concise overview of academic and industrial approaches for anomaly detection in the context of information security.

Anomaly detection techniques are one major pillar of information security. Being able to learn to discriminate between normal behavior and behavior due to an attack is essential for automating intelligent detection and mitigation solutions.

The academic literature is abundant with approaches proposed for this purpose. Although many machine learning approaches have been proposed in the last decade, a small and limited set of conceptual techniques have proven to be the building blocks for any anomaly detection approach. N-grams (sequences of adjacent characters and their observed frequencies), hidden Markov models (HMMs) that model observed outputs done by a system evolving according to an unobservable Markov chain, and finite state automata (FSA) have been successfully applied to detect Android-specific malware, suspicious system calls due to intrusions, or dangerous network-level traffic. The authors introduce these concepts in their book by focusing on application-specific use cases. Android security, one of these use cases, is addressed in chapter 4, where program analysis techniques are combined with classifying software as either benign or malign. The concrete applications of finite state machines and N-grams are addressed in chapter 5 (on security of cyber-physical systems) and chapter 6 (on network monitoring), respectively.

The book is not only a summarized state of the art on existing academic research efforts, but also engages a more practically inclined reader. Chapter 8 targets a more industry-oriented community by illustrating how anomaly detection can be leveraged in several verticals that range from the payment card industry to network security operation centers and security event management systems; the last chapter (chapter 9) concludes the book with an overview of potential new application domains and opportunities.

To summarize, I recommend this book for any graduate student working in the area of software and network security. The many references are accurate and relevant, and the astute reader must be aware that checking and reading them is mandatory to fully understand the content of the book. Practitioners can also benefit from this excellent and timely lecture series, which can inspire and motivate new projects in this area.

Reviewer:  Radu State Review #: CR145996 (1807-0378)
Bookmark and Share
  Featured Reviewer  
 
Security and Protection (K.6.5 )
 
 
Feature Evaluation And Selection (I.5.2 ... )
 
Would you recommend this review?
yes
no
Other reviews under "Security and Protection": Date
CIRCAL and the representation of communication, concurrency, and time
Milne G. ACM Transactions on Programming Languages and Systems 7(2): 270-298, 1985. Type: Article
Oct 1 1985
Computer security risk management
Palmer I., Potter G., Van Nostrand Reinhold Co., New York, NY, 1989. Type: Book (9780442302900)
Apr 1 1991
Computers at risk
, National Academy Press, Washington, DC, 1991. Type: Book (9780309043885)
Oct 1 1991
more...

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use
| Privacy Policy