book

Essential Cybersecurity Science

Name: Essential Cybersecurity Science
Author: Josiah Dykstra
ISBN: 9781491921067

by Josiah Dykstra

December 2015

Beginner

190 pages

5h 40m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Preface
Who This Book Is ForWhat This Book ContainsConventions Used in This BookSafari® Books OnlineHow to Contact UsDisclaimerAcknowledgments
1. Introduction to Cybersecurity Science
What Is Cybersecurity Science?The Importance of Cybersecurity ScienceThe Scientific MethodCybersecurity Theory and PracticePseudoscienceHuman FactorsRoles Humans Play in Cybersecurity ScienceHuman Cognitive BiasesThe Role of MetricsConclusionReferences
2. Conducting Your Own Cybersecurity Experiments
Asking Good Questions and Formulating HypothesesCreating a HypothesisSecurity and TestabilityDesigning a Fair TestAnalyzing Your ResultsPutting Results to WorkA Checklist for Conducting ExperimentationConclusionReferences
3. Cybersecurity Experimentation and Test Environments
Modeling and SimulationOpen Datasets for TestingDesktop TestingCloud ComputingCybersecurity TestbedsA Checklist for Selecting an Experimentation and Test EnvironmentConclusionReferences
4. Software Assurance
An Example Scientific Experiment in Software AssuranceFuzzing for Software AssuranceThe Scientific Method and the Software Development Life CycleAdversarial ModelsCase Study: The Risk of Software ExploitabilityA New ExperimentHow to Find More InformationConclusionReferences
5. Intrusion Detection and Incident Response
An Example Scientific Experiment in Intrusion DetectionFalse Positives and False NegativesPerformance, Scalability, and Stress TestingCase Study: Measuring Snort Detection PerformanceBuilding on Previous WorkA New ExperimentHow to Find More InformationConclusionReferences
6. Situational Awareness and Data Analytics
An Example Scientific Experiment in Situational AwarenessExperimental Results to Assist Human Network DefendersMachine Learning and Data Mining for Network MonitoringCase Study: How Quickly Can You Find the Needle in the Haystack?A New ExperimentHow to Find More InformationConclusionReferences
7. Cryptography
An Example Scientific Experiment in CryptographyExperimental Evaluation of Cryptographic Designs and ImplementationProvably Secure Cryptography and Security AssumptionsCryptographic Security and the Internet of ThingsCase Study: Evaluating Composable SecurityBackgroundA New ExperimentHow to Find More InformationConclusionReferences
8. Digital Forensics
An Example Scientific Experiment in Digital ForensicsScientific Validity and the LawScientific Reproducibility and RepeatabilityCase Study: Scientific Comparison of Forensic Tool PerformanceHow to Find More InformationConclusionReferences
9. Malware Analysis
An Example Scientific Experiment in Malware AnalysisScientific Data Collection for Simulators and SandboxesGame Theory for Malware AnalysisCase Study: Identifying Malware Families with ScienceBuilding on Previous WorkA New ExperimentHow to Find More InformationConclusionReferences

10. System Security Engineering
An Example Scientific Experiment in System Security EngineeringRegression AnalysisMoving Target DefenseCase Study: Defending Against Unintentional Insider ThreatsHow to Find More InformationConclusionReferences
11. Human-Computer Interaction and Usable Security
An Example Scientific Experiment in Usable SecurityDouble-Blind ExperimentationUsability Measures: Effectiveness, Efficiency, and SatisfactionMethods for Gathering Usability DataTesting Usability During DesignTesting Usability During Validation and VerificationCase Study: An Interface for User-Friendly Encrypted EmailA New ExperimentHow to Find More InformationConclusionReferences
12. Visualization
An Example Scientific Experiment in Cybersecurity VisualizationGraphical Representations of Cybersecurity DataExperimental Evaluation of Security VisualizationCase Study: Is My Visualization Helping Users Work More Effectively?How to Find More InformationConclusionReferences
A. Understanding Bad Science, Scientific Claims, and Marketing Hype
Dangers of Manipulative Graphics and VisualizationsRecognizing and Understanding Scientific ClaimsVendor MarketingClarifying Questions for Salespeople, Researchers, and DevelopersReferences
Index

Overview

If you’re involved in cybersecurity as a software developer, forensic investigator, or network administrator, this practical guide shows you how to apply the scientific method when assessing techniques for protecting your information systems. You’ll learn how to conduct scientific experiments on everyday tools and procedures, whether you’re evaluating corporate security systems, testing your own security product, or looking for bugs in a mobile game.

Once author Josiah Dykstra gets you up to speed on the scientific method, he helps you focus on standalone, domain-specific topics, such as cryptography, malware analysis, and system security engineering. The latter chapters include practical case studies that demonstrate how to use available tools to conduct domain-specific scientific experiments.

Learn the steps necessary to conduct scientific experiments in cybersecurity
Explore fuzzing to test how your software handles various inputs
Measure the performance of the Snort intrusion detection system
Locate malicious “needles in a haystack” in your network and IT environment
Evaluate cryptography design and application in IoT products
Conduct an experiment to identify relationships between similar malware binaries
Understand system-level security requirements for enterprise networks and web services

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781491921050Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills