B. Intellectual History of Network Security Monitoring
This appendix presents NSM's intellectual history, the collection of formal papers that shaped the environment for modern network-based detection and response. I concentrate on formally published papers still available online, although I make a few exceptions and note them explicitly. I determined their relevance by assessing their messages and by tracing citation histories. In other words, current researchers seem to find certain older papers to be especially relevant to their work.
Papers in the following categories are included:
• Foundation
• Sensor architecture
• Packet analysis
• Flow-based monitoring
• Alert-centric intrusion detection
• Complimentary technologies
Students of NSM will ...
Get The Tao of Network Security Monitoring Beyond Intrusion Detection now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.