This book is divided into seven parts. Part I, including Chapters 1 and 2, gives an overview of computer and network security. Chapter 1 traces cyber security risks to three elements: assets, vulnerabilities, and threats, which must coexist to pose a security risk. The three elements of security risks are defined with specific examples. An asset risk framework is also defined to capture the security risk elements along the cause–effect chain of activities, state changes and performance changes that occur in a cyber attack and the resulting security incident. Chapter 2 describes three important aspects of protecting computers and networks against security risks: prevention, detection, and response, and gives an overview of existing methods in the three areas of security protection.

Part II, including Chapters 3-6, presents the research outcomes for attack prevention and Quality of Service (QoS) assurance. As more business transactions move online, it has become imperative to provide the QoS assurance on the Internet which does not currently exist. Specifically, Chapter 3 describes the Asset Protection-Driven Security Architecture to enhance computer and network security through the specification and enforcement of digital security policies. Digital security policies are systematically defined according to the asset, vulnerability and threat elements of security risks. Chapter 4 addresses job admission control, and describes the development and testing of the Batch Scheduled Admission Control (BSAC) method. Chapter 5 presents several job scheduling methods developed to achieve service stability by minimizing the variance of job waiting times. Chapter 6 addresses the lack of job reservation and service protocol to provide the end-to-end delay guarantee for instantaneous computer and network jobs (e.g., jobs generated by email and web browsing applications) in previous work, although there exists RSVP for the service guarantee of computer and network jobs with continuous data flows (e.g., for the video streaming application). The development and testing of the Instantaneous Resource reSerVation Protocol (I-RSVP) and the Stable Instantaneous Resource reSerVation Protocol (SI-RSVP) are described in Chapter 6.

Chapter 7 in Part III describes the procedure of collecting theWindows performance objects data under eleven attack conditions and two normal use conditions of text editing and web browsing. The collected data is used for training and testing the detection models described in Parts IV, V and VI. Chapters 8–11 in Part III describe the statistical and mathematical methods of extracting the mean, probability distribution, autocorrelation and wavelet features of attack data and normal use data, respectively. Chapter 8 focuses on the simple mean feature of attack data and normal use data and the mean shift attack data characteristics. The wavelet feature described in Chapter 11 and the autocorrelation feature described in Chapter 10 reveal relations of data observations over time. The autocorrelation feature focuses on the general autocorrelation aspect of time series data, whereas the wavelet feature focuses on special forms of time-frequency data patterns. Both the wavelet feature in Chapter 11 and the probability distribution feature described in Chapter 9 are linked to specific data patterns of spike, random fluctuation, step change, steady change and sine–cosine wave with noise which are observed in the data. The distribution feature describes the general pattern of the data, whereas the wavelet feature reveals time locations and frequencies of those data patterns. The new knowledge about the data characteristics of attacks and normal use activities, which is not available in previous literature, is reported. For example, it is discovered that the majority of the data variables on computers and networks have some degree of autocorrelation. Moreover, the majority of the data variables on computers and networks follow either a skewed distribution or a multimodal distribution. Such information is important in modeling data of computer and network systems and building computer and network models for simulation and analysis. The attack data characteristics in the mean, probability distribution, autocorrelation and wavelet features for eleven representative attacks, which are revealed using the statistical and mathematical methods described in Chapters 8–11, are also summarized with an illustration of specific examples. Both the similarity and the difference between the attacks are revealed.