The new book - Intrusion Detection - by best selling computer security author Edward Amoroso introduces a fascinating security technique for catching Internet crackers in real time. The book outlines critical issues in intrusion detection including techniques for Internet surveillance, correlation, trace back, honey pot traps, and incident response. The book includes hundreds of illustrations and provides case studies from popular commercial systems. An annotated biliography and index is included.

Average Customer Review: ( 6 customer reviews )
Write an online review and share your thoughts with other customers.

If you want to understand the subject from a conceptual level, this book succeeds admirably. It is a bit dry, but acceptably so. Given that Amoroso has taught the subject several times, the organization is logical. The sources are extensive (although other academics who have performed research in this area complain that several important references are missing).

Don't expect to be able to build an intrusion detection system after reading this book, but if you want an in-depth understanding of the subject, you should probably read it.

24 of 26 found the following review helpful:

Useful as a college text, but not for front-line analystsJun 18, 2000
By Richard Bejtlich "TaoSecurity"
I am responsible for a 50+ person intrusion detection mission, and I read this book in August 1999. Had I not read Stephen Northcutt's "Network Intrusion Detection," I may not have given Dr. Amoroso's work three stars. Unfortunately, by catering to a niche audience (probably graduate students), this book is not very helpful to folks under fire from malicious Internet users. Dr. Amoroso is very respected in the field, but I would have preferred less process charts and taxonomy descriptions. The publisher does a disservice by stating on the back cover "System administrators, programmers, system and software engineers, and managers of technology will find this book invaluable." Had the book been advertised as a college text, I would have been less critical. Sorry Dr. Amoroso -- I look forward to your next book, though!

13 of 14 found the following review helpful:

A well focused taxonomy of intrusion detectionAug 29, 1999

I came across this book as a required text for Dr. Amoroso's graduate course, Software System Security (SE513), at Monmouth University.

The book is well organized into eight chapters that give you the primary definitions in chapter one. In chapter two the methods of intrusion detection, such as audit trail processing, are intorduced. The author then procedes to the architecture of intrusion detection in chapter 3.

The taxonomy of intrusion detection systems in chapter four helps one categorize the different types of intrusions that are possible. All kinds of intrusions are considered whether they result from a software vulnerability or a physical facility security breach. Even if the reader were to put the book down at this point he or she would have a good conversational knowledge of what intrusions are and why it is hard to implement thorough and efficient intrusion detection systems.

The material in chapter five on Internet Identity was easy to understand yet exact in its descriptions. Topics such as browser cookies which every novice should be aware of right up to the UNIX samuri techniques of the "finger program" and "trace back" were covered. I believe the material in chapter five alone would make an interesting short course in internet security for users at all levels.

The most interesting chapter in the second half of the book is chapter seven on internet traps and honey pots, which are used to catch "crackers".

In general, I found the book quite useful for suggesting possible research topics. The research topic I found most interesting was the denial of service attacks, which inspired me to do a paper on the principles of writing effective macro viruses.

35 of 43 found the following review helpful:

Wait for the second editionSep 23, 1999

While I think that Dr. Amoroso is quite intelligent and obviously knows his subject, his writing style is typical of a Ph. D. One of my favorite sections is found on page 153:

"A given packet P might therefore be processed using approach A if one instance of P is detected in a given sampling size, versus being processed using approach B if multiple instances are detected in the sample. Another example is that a packet P might be processed one way it it follows packet P' and another way if it follows some different packet P."

There is good information in this book, but it appears that the author's desire is more to impress us with his vocabulary and intellect then to convey infomation.

15 of 18 found the following review helpful:

Excellent Theoritical AND Practical BookFeb 19, 2000
By Jon R. Kibler
To quote the author, the book contains "Lots of information and no quick fixes." And the book contains exactly that! Bravo!

The book is concise, relevant, and very well written. It provides excellent information without getting bogged down in minute theory or implementation details.

The book provides a solid but practical theoretical background to intrusion detection. It contains relevant real world examples. It does not contain a bunch of dated "quick fixes" for each type of intrusion problem. (If that is what you want, you need BUGTRAQ or CERT, not a book. By the time an intrusion schema fix hits the press, its solution is out of date!)

The book is full of good ideas that are practical and often readily implementable. If you have a hacker/cracker problem, I highly recommend you read this book! It will give you good insight into the types of weaknesses that are exploitable and the types of defenses that are appropriate. There is even a chapter on setting traps to catch hackers.

(Hackers and Crackers: Please do not read this book!)

Jon R. Kibler, Systems Architect, Advanced Systems Engineering Technology Inc.

See all 6 customer reviews on Amazon.com