Essential Cybersecurity Science

Book description

If you’re involved in cybersecurity as a software developer, forensic investigator, or network administrator, this practical guide shows you how to apply the scientific method when assessing techniques for protecting your information systems. You’ll learn how to conduct scientific experiments on everyday tools and procedures, whether you’re evaluating corporate security systems, testing your own security product, or looking for bugs in a mobile game.

Once author Josiah Dykstra gets you up to speed on the scientific method, he helps you focus on standalone, domain-specific topics, such as cryptography, malware analysis, and system security engineering. The latter chapters include practical case studies that demonstrate how to use available tools to conduct domain-specific scientific experiments.

  • Learn the steps necessary to conduct scientific experiments in cybersecurity
  • Explore fuzzing to test how your software handles various inputs
  • Measure the performance of the Snort intrusion detection system
  • Locate malicious “needles in a haystack” in your network and IT environment
  • Evaluate cryptography design and application in IoT products
  • Conduct an experiment to identify relationships between similar malware binaries
  • Understand system-level security requirements for enterprise networks and web services

Publisher resources

View/Submit Errata

Table of contents

  1. Preface
    1. Who This Book Is For
    2. What This Book Contains
    3. Conventions Used in This Book
    4. Safari® Books Online
    5. How to Contact Us
    6. Disclaimer
    7. Acknowledgments
  2. 1. Introduction to Cybersecurity Science
    1. What Is Cybersecurity Science?
    2. The Importance of Cybersecurity Science
    3. The Scientific Method
    4. Cybersecurity Theory and Practice
      1. Pseudoscience
    5. Human Factors
      1. Roles Humans Play in Cybersecurity Science
      2. Human Cognitive Biases
    6. The Role of Metrics
    7. Conclusion
    8. References
  3. 2. Conducting Your Own Cybersecurity Experiments
    1. Asking Good Questions and Formulating Hypotheses
      1. Creating a Hypothesis
      2. Security and Testability
    2. Designing a Fair Test
    3. Analyzing Your Results
    4. Putting Results to Work
    5. A Checklist for Conducting Experimentation
    6. Conclusion
    7. References
  4. 3. Cybersecurity Experimentation and Test Environments
    1. Modeling and Simulation
    2. Open Datasets for Testing
    3. Desktop Testing
    4. Cloud Computing
    5. Cybersecurity Testbeds
    6. A Checklist for Selecting an Experimentation and Test Environment
    7. Conclusion
    8. References
  5. 4. Software Assurance
    1. An Example Scientific Experiment in Software Assurance
    2. Fuzzing for Software Assurance
    3. The Scientific Method and the Software Development Life Cycle
    4. Adversarial Models
    5. Case Study: The Risk of Software Exploitability
      1. A New Experiment
    6. How to Find More Information
    7. Conclusion
    8. References
  6. 5. Intrusion Detection and Incident Response
    1. An Example Scientific Experiment in Intrusion Detection
    2. False Positives and False Negatives
    3. Performance, Scalability, and Stress Testing
    4. Case Study: Measuring Snort Detection Performance
      1. Building on Previous Work
      2. A New Experiment
    5. How to Find More Information
    6. Conclusion
    7. References
  7. 6. Situational Awareness and Data Analytics
    1. An Example Scientific Experiment in Situational Awareness
    2. Experimental Results to Assist Human Network Defenders
    3. Machine Learning and Data Mining for Network Monitoring
    4. Case Study: How Quickly Can You Find the Needle in the Haystack?
      1. A New Experiment
    5. How to Find More Information
    6. Conclusion
    7. References
  8. 7. Cryptography
    1. An Example Scientific Experiment in Cryptography
    2. Experimental Evaluation of Cryptographic Designs and Implementation
    3. Provably Secure Cryptography and Security Assumptions
    4. Cryptographic Security and the Internet of Things
    5. Case Study: Evaluating Composable Security
      1. Background
      2. A New Experiment
    6. How to Find More Information
    7. Conclusion
    8. References
  9. 8. Digital Forensics
    1. An Example Scientific Experiment in Digital Forensics
    2. Scientific Validity and the Law
    3. Scientific Reproducibility and Repeatability
    4. Case Study: Scientific Comparison of Forensic Tool Performance
    5. How to Find More Information
    6. Conclusion
    7. References
  10. 9. Malware Analysis
    1. An Example Scientific Experiment in Malware Analysis
    2. Scientific Data Collection for Simulators and Sandboxes
    3. Game Theory for Malware Analysis
    4. Case Study: Identifying Malware Families with Science
      1. Building on Previous Work
      2. A New Experiment
    5. How to Find More Information
    6. Conclusion
    7. References
  11. 10. System Security Engineering
    1. An Example Scientific Experiment in System Security Engineering
    2. Regression Analysis
    3. Moving Target Defense
    4. Case Study: Defending Against Unintentional Insider Threats
    5. How to Find More Information
    6. Conclusion
    7. References
  12. 11. Human-Computer Interaction and Usable Security
    1. An Example Scientific Experiment in Usable Security
    2. Double-Blind Experimentation
    3. Usability Measures: Effectiveness, Efficiency, and Satisfaction
    4. Methods for Gathering Usability Data
      1. Testing Usability During Design
      2. Testing Usability During Validation and Verification
    5. Case Study: An Interface for User-Friendly Encrypted Email
      1. A New Experiment
    6. How to Find More Information
    7. Conclusion
    8. References
  13. 12. Visualization
    1. An Example Scientific Experiment in Cybersecurity Visualization
    2. Graphical Representations of Cybersecurity Data
    3. Experimental Evaluation of Security Visualization
    4. Case Study: Is My Visualization Helping Users Work More Effectively?
    5. How to Find More Information
    6. Conclusion
    7. References
  14. A. Understanding Bad Science, Scientific Claims, and Marketing Hype
    1. Dangers of Manipulative Graphics and Visualizations
    2. Recognizing and Understanding Scientific Claims
    3. Vendor Marketing
    4. Clarifying Questions for Salespeople, Researchers, and Developers
    5. References
  15. Index

Product information

  • Title: Essential Cybersecurity Science
  • Author(s): Josiah Dykstra
  • Release date: December 2015
  • Publisher(s): O'Reilly Media, Inc.
  • ISBN: 9781491921067