Who This Book Is For

Science applies to many areas of cybersecurity, and the target audience for this book is broad and varied. This book is particularly for developers, engineers, and entrepreneurs who are building and evaluating cybersecurity hardware and software solutions. Among that group, it is for infosec practitioners such as forensic investigators, malware analysts, and other cybersecurity specialists who use, build, and test new tools for their daily work. Some will have programming experience, others a working knowledge of various security tools (EnCase for forensics, Wireshark for network analysis, IDA Pro for reverse engineering, and so on). The scientific method can be applied to all of these disciplines. Cybersecurity science can be applied to everyday problems, including:

• Testing for bugs in your new smartphone game

• Defending corporate security choices given a limited budget

• Convincing people that your new security product is better than the competition’s

• Balancing intrusion detection accuracy and performance

The core audience is information security professionals who have worked in the field for 5−10 years, who are becoming experts in their craft and field, who are not formally trained in or exposed to scientific investigation in their daily lives, and who desire to learn a new approach that supplements and improves their work. I want you to walk away from this book knowing how to conduct scientific experiments on your everyday tools and procedures, and knowing that after conducting such experiments, you have done your job more securely, more accurately, and more effectively.

This book is not intended to turn you into a scientist, but it will introduce you to the discipline of scientific thinking. For those new to the field, including students of cybersecurity, this book will help you learn about the scientific method as it applies to cybersecurity and how you can conduct scientific experiments in your new profession. For nondevelopers involved in cybersecurity, such as IT security administrators who use, evaluate, buy, and recommend security solutions for the enterprise, this book will help you conduct hands-on experiments and interpret the scientific claims of others.

What This Book Contains

The first three chapters contain general information about the scientific method as it applies across many domains of cybersecurity. They cover the basic tenets of science, the need for science in cybersecurity, and the methodology for scientific investigation. Chapter 1 covers the scientific method and the importance of science to cybersecurity. Chapter 2 discusses the prerequisites needed to conduct cybersecurity experiments, from asking good questions to putting the results to work. It also includes a checklist to help you construct your own experiments. Chapter 3 includes practical details about experimentation including test environments and open datasets.

The remaining chapters are organized into standalone, domain-specific topics. You can read them individually, although new scientific topics and techniques in these chapters are applicable to other domains. These chapters explore how the scientific method can be applied to the specific topics and challenges of each domain. Each topic chapter contains an overview of the scientific pursuits in that domain, one instructive example of a scientific experiment in that field, introduction of an analysis method (which can be applied to other domains), and a practical example of a simple, introductory experiment in that field that walks through the application of the scientific method.

• Chapter 4 is about cybersecurity science for software assurance, including fuzzing and adversarial models.

• Chapter 5 covers intrusion detection and incident response, and introduces error rates (false positives and false negatives) and performance/scalability/stress testing.

• Chapter 6 focuses on the application of science to cyber situational awareness, especially using machine learning and big data.

• Chapter 7 covers cryptography and the benefits and limitations of provably secure cybersecurity.

• Chapter 8 is about digital forensics including scientific reproducibility and repeatability.

• Chapter 9, on malware analysis, introduces game theory and malware clustering.

• Chapter 10 discusses building and evaluating dependable systems with security engineering.

• Chapter 11 covers empirical experimentation for human-computer interaction and security usability.

• Chapter 12 includes techniques for the experimental evaluation of security visualization.

Appendix A provides some additional information about evaluating scientific claims, especially from vendors, and how people can be misled, manipulated, or deceived by real or bogus science. There is also a list of clarifying questions that you can use with salespeople, researchers, and product developers to probe the methodology they used.

Conventions Used in This Book

The following typographical conventions are used in this book:

Italic

Indicates new terms, URLs, email addresses, filenames, and file extensions.

Constant width

Used for program listings, as well as within paragraphs to refer to program elements such as variable or function names, databases, data types, environment variables, statements, and keywords.

Constant width bold

Shows commands or other text that should be typed literally by the user.

Constant width italic

Shows text that should be replaced with user-supplied values or by values determined by context.

Safari® Books Online

Technology professionals, software developers, web designers, and business and creative professionals use Safari Books Online as their primary resource for research, problem solving, learning, and certification training.

Safari Books Online offers a range of plans and pricing for enterprise, government, and education, and individuals.

Members have access to thousands of books, training videos, and prepublication manuscripts in one fully searchable database from publishers like O’Reilly Media, Prentice Hall Professional, Addison-Wesley Professional, Microsoft Press, Sams, Que, Peachpit Press, Focal Press, Cisco Press, John Wiley & Sons, Syngress, Morgan Kaufmann, IBM Redbooks, Packt, Adobe Press, FT Press, Apress, Manning, New Riders, McGraw-Hill, Jones & Bartlett, Course Technology, and hundreds more. For more information about Safari Books Online, please visit us online.

How to Contact Us

Please address comments and questions concerning this book to the publisher:

• O’Reilly Media, Inc.
• 1005 Gravenstein Highway North
• Sebastopol, CA 95472
• 800-998-9938 (in the United States or Canada)
• 707-829-0515 (international or local)
• 707-829-0104 (fax)

We have a web page for this book, where we list errata, examples, and any additional information. You can access this page at http://bit.ly/essential-cybersecurity-science.

To comment or ask technical questions about this book, send email to bookquestions@oreilly.com.

For more information about our books, courses, conferences, and news, see our website at http://www.oreilly.com.

Find us on Facebook: http://facebook.com/oreilly

Follow us on Twitter: http://twitter.com/oreillymedia

Watch us on YouTube: http://www.youtube.com/oreillymedia

Disclaimer

The views expressed in this book are those of the author alone. Reference to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, do not necessarily constitute or imply endorsement, recommendation, or favoring by the United States Government or the Department of Defense.

Acknowledgments

My sincere thanks go to Rachel Roumeliotis, Heather Scherer, Nan Barber, and the entire team at O’Reilly for helping me through the editing and publication process. I am grateful to the brilliant and honest technical reviewers, Michael Collins and Matt Georgy, who improved many facets of the book. Thank you to my friends and colleagues who provided feedback and support on this project: Janelle Weidner Romano, Tim Leschke, Celeste Lyn Paul, Greg Shannon, Brian Sherlock, Chris Toombs, Tom Walcott, and Cathy Wu. I also wish to thank the community of friends, colleagues, and strangers that I interacted with at conferences, meetings, and workshops on cybersecurity science over the past few years, especially LASER, CSET, and HoTSoS. These conversations helped influence and contribute to many of the ideas in this book. Most importantly, thank you to my wife Alicia for her love and encouragement in this project and in all things.