Stallings, W. (2017). Cryptography and network security: Principles and practice (7th ed.). Pearson Education.
Kurose, J. F., & Ross, K. W. (2017). Computer networking: A top-down approach (7th ed.). Pearson Education.
Anderson, R. (2008). Security engineering: A guide to building dependable distributed systems (2nd ed.). Wiley.
提供计算机网络安全的整体概述,介绍基本概念、关键技术和常见攻击类型。
密码学
Menezes, A. J., van Oorschot, P. C., & Vanstone, S. A. (2018). Handbook of applied cryptography. CRC Press.
Schneier, B. (2017). Applied cryptography: Protocols, algorithms, and source code in C (2nd ed.). Wiley.
Goldreich, O. (2004). Foundations of cryptography: Volume 1, Basic tools. Cambridge University Press.
介绍密码学的核心原理、算法和应用,涵盖对称加密、非对称加密、哈希函数等内容。
网络安全协议
RFC 5998 - The Transport Layer Security (TLS) Protocol Version 1.2.
RFC 7535 - The Internet Protocol Security (IPsec) Protocol Version 2.
RFC 6125 - Authentication and Key Agreement for IPSec.
详细介绍常见网络安全协议的技术规范,例如 TLS、IPsec 等,以及它们在实际应用中的实现方式。
网络攻击与防御
Cheswick, B., Bellovin, S. M., & Aiken, A. D. (2014). Firewalls and internet security: Repelling the Wily Hacker (2nd ed.). Addison-Wesley Professional.
Mitnick, K. D., & Simon, W. L. (2011). The art of deception: Controlling the human element of security. Wiley.
Howard, M., & LeBlanc, D. (2008). Inside the hacker's mind: How to think like a hacker and stop security breaches. McGraw-Hill.
深入探讨各种常见的网络攻击技术和防御策略,包括入侵检测、防病毒、防火墙等。
网络安全管理
ISO/IEC 27001:2013, Information technology - Security techniques - Information security management systems - Requirements.
NIST Cybersecurity Framework (CSF).
SANS Institute Information Security Reading Room.
介绍网络安全管理的最佳实践、标准和框架,例如 ISO 27001、NIST CSF 等,以及如何有效地构建和管理网络安全体系。
最新研究成果
IEEE Transactions on Information Forensics and Security.
ACM Transactions on Information and System Security (TISSEC).
Journal of Network and Computer Applications (JNCA).