Dissertations / Theses on the topic 'Adaptive Intrusion Detection System'
To see the other types of publications on this topic, follow the link: Adaptive Intrusion Detection System.
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 dissertations / theses for your research on the topic 'Adaptive Intrusion Detection System.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
1
Barrios, Rita M. "An Adaptive Database Intrusion Detection System." NSUWorks, 2011. http://nsuworks.nova.edu/gscis_etd/86.
Full textAbstract:
Intrusion detection is difficult to accomplish when attempting to employ current methodologies when considering the database and the authorized entity. It is a common understanding that current methodologies focus on the network architecture rather than the database, which is not an adequate solution when considering the insider threat. Recent findings suggest that many have attempted to address this concern with the utilization of various detection methodologies in the areas of database authorization, security policy management and behavior analysis but have not been able to find an adequate solution to achieve the level of detection that is required.
While each of these methodologies has been addressed on an individual basis, there has been very limited work to address the methodologies as a single entity in an attempt to function within the detection environment in a harmonious fashion. Authorization is at the heart of most database implementations however, is not enough to prevent a rogue, authorized entity from instantiating a malicious action. Similarly, eliminating the current security policies only exacerbates the problem due to a lack of knowledge in a fashion when the policies have been modified. The behavior of the authorized entity is the most significant concern in terms of intrusion detection. However, behavior identification methodologies alone will not produce a complete solution. The detection of the insider threat during database access by merging the individual intrusion detection methodologies as noted will be investigated.
To achieve the goal, this research is proposing the creation of a procedural framework to be implemented as a precursor to the effecting of the data retrieval statement. The intrusion model and probability thresholds will be built utilizing the intrusion detection standards as put forth in research and industry. Once an intrusion has been indicated, the appropriate notifications will be distributed for further action by the security administrator while the transaction will continue to completion.
This research is proposing the development of a Database Intrusion Detection framework with the introduction of a process as defined in this research, to be implemented prior to data retrieval. This addition will enable an effective and robust methodology to determine the probability of an intrusion by the authorized entity, which will ultimately address the insider threat phenomena.
2
Stakhanova, Natalia. "A framework for adaptive, cost-sensitive intrusion detection and response system." [Ames, Iowa : Iowa State University], 2007.
Find full text
3
Techateerawat, Piya, and piyat33@yahoo com. "Key distribution and distributed intrusion detection system in wireless sensor network." RMIT University. Electrical and Computer Systems Engineering, 2008. http://adt.lib.rmit.edu.au/adt/public/adt-VIT20080729.162610.
Full textAbstract:
This thesis proposes a security solution in key management and Intrusion Detection System (IDS) for wireless sensor networks. It addresses challenges of designing in energy and security requirement. Since wireless communication consumes the most energy in sensor network, transmissions must be used efficiently. We propose Hint Key Distribution (HKD) for key management and Adaptive IDS for distributing activated IDS nodes and cooperative operation of these two protocols. HKD protocol focuses on the challenges of energy, computation and security. It uses a hint message and key chain to consume less energy while self-generating key can secure the secret key. It is a proposed solution to key distribution in sensor networks. Adaptive IDS uses threshold and voting algorithm to distribute IDS through the network. An elected node is activated IDS to monitor its network and neighbors. A threshold is used as a solution to reduce number of repeated activations of the same node. We attempt to distribute the energy use equally across the network. In a cooperative protocol, HKD and Adaptive IDS exchange information in order to adjust to the current situation. The level of alert controls the nature of the interaction between the two protocols.
4
Shafi, Kamran Information Technology & Electrical Engineering Australian Defence Force Academy UNSW. "An online and adaptive signature-based approach for intrusion detection using learning classifier systems." Awarded by:University of New South Wales - Australian Defence Force Academy, 2008. http://handle.unsw.edu.au/1959.4/38991.
Full textAbstract:
This thesis presents the case of dynamically and adaptively learning signatures for network intrusion detection using genetic based machine learning techniques. The two major criticisms of the signature based intrusion detection systems are their i) reliance on domain experts to handcraft intrusion signatures and ii) inability to detect previously unknown attacks or the attacks for which no signatures are available at the time. In this thesis, we present a biologically-inspired computational approach to address these two issues. This is done by adaptively learning maximally general rules, which are referred to as signatures, from network traffic through a supervised learning classifier system, UCS. The rules are learnt dynamically (i.e., using machine intelligence and without the requirement of a domain expert), and adaptively (i.e., as the data arrives without the need to relearn the complete model after presenting each data instance to the current model). Our approach is hybrid in that signatures for both intrusive and normal behaviours are learnt. The rule based profiling of normal behaviour allows for anomaly detection in that the events not matching any of the rules are considered potentially harmful and could be escalated for an action. We study the effect of key UCS parameters and operators on its performance and identify areas of improvement through this analysis. Several new heuristics are proposed that improve the effectiveness of UCS for the prediction of unseen and extremely rare intrusive activities. A signature extraction system is developed that adaptively retrieves signatures as they are discovered by UCS. The signature extraction algorithm is augmented by introducing novel subsumption operators that minimise overlap between signatures. Mechanisms are provided to adapt the main algorithm parameters to deal with online noisy and imbalanced class data. The performance of UCS, its variants and the signature extraction system is measured through standard evaluation metrics on a publicly available intrusion detection dataset provided during the 1999 KDD Cup intrusion detection competition. We show that the extended UCS significantly improves test accuracy and hit rate while significantly reducing the rate of false alarms and cost per example scores than the standard UCS. The results are competitive to the best systems participated in the competition in addition to our systems being online and incremental rule learners. The signature extraction system built on top of the extended UCS retrieves a magnitude smaller rule set than the base UCS learner without any significant performance loss. We extend the evaluation of our systems to real time network traffic which is captured from a university departmental server. A methodology is developed to build fully labelled intrusion detection dataset by mixing real background traffic with attacks simulated in a controlled environment. Tools are developed to pre-process the raw network data into feature vector format suitable for UCS and other related machine learning systems. We show the effectiveness of our feature set in detecting payload based attacks.
5
Mohan, Sujaa Rani Park E. K. "Association rule based data mining approaches for Web Cache Maintenance and adaptive Intrusion Detection systems." Diss., UMK access, 2005.
Find full textAbstract:
Thesis (M.S.)--School of Computing and Engineering. University of Missouri--Kansas City, 2005."A thesis in computer science." Typescript. Advisor: E.K. Park. Vita. Title from "catalog record" of the print edition Description based on contents viewed March 12, 2007. Includes bibliographical references (leaves 159-162). Online version of the print edition.
6
Grizzard, Julian B. "Towards Self-Healing Systems: Re-establishing Trust in Compromised Systems." Diss., Available online, Georgia Institute of Technology, 2006, 2006. http://etd.gatech.edu/theses/available/etd-04072006-133056/.
Full textAbstract:
Thesis (Ph. D.)--Electrical and Computer Engineering, Georgia Institute of Technology, 2006.Schwan, Karsten, Committee Member ; Schimmel, David, Committee Member ; Copeland, John, Committee Member ; Owen, Henry, Committee Chair ; Wills, Linda, Committee Member.
7
Sargolzaei, Arman. "Time-Delay Switch Attack on Networked Control Systems, Effects and Countermeasures." FIU Digital Commons, 2015. http://digitalcommons.fiu.edu/etd/2175.
Full textAbstract:
In recent years, the security of networked control systems (NCSs) has been an important challenge for many researchers. Although the security schemes for networked control systems have advanced in the past several years, there have been many acknowledged cyber attacks. As a result, this dissertation proposes the use of a novel time-delay switch (TDS) attack by introducing time delays into the dynamics of NCSs. Such an attack has devastating effects on NCSs if prevention techniques and countermeasures are not considered in the design of these systems. To overcome the stability issue caused by TDS attacks, this dissertation proposes a new detector to track TDS attacks in real time. This method relies on an estimator that will estimate and track time delays introduced by a hacker. Once a detector obtains the maximum tolerable time delay of a plant’s optimal controller (for which the plant remains secure and stable), it issues an alarm signal and directs the system to its alarm state. In the alarm state, the plant operates under the control of an emergency controller that can be local or networked to the plant and remains in this stable mode until the networked control system state is restored.
In another effort, this dissertation evaluates different control methods to find out which one is more stable when under a TDS attack than others. Also, a novel, simple and effective controller is proposed to thwart TDS attacks on the sensing loop (SL). The modified controller controls the system under a TDS attack. Also, the time-delay estimator will track time delays introduced by a hacker using a modified model reference-based control with an indirect supervisor and a modified least mean square (LMS) minimization technique.
Furthermore, here, the demonstration proves that the cryptographic solutions are ineffective in the recovery from TDS attacks. A cryptography-free TDS recovery (CF-TDSR) communication protocol enhancement is introduced to leverage the adaptive channel redundancy techniques, along with a novel state estimator to detect and assist in the recovery of the destabilizing effects of TDS attacks. The conclusion shows how the CF-TDSR ensures the control stability of linear time invariant systems.
8
Sainani, Varsha. "Hybrid Layered Intrusion Detection System." Scholarly Repository, 2009. http://scholarlyrepository.miami.edu/oa_theses/44.
Full textAbstract:
The increasing number of network security related incidents has made it necessary for the organizations to actively protect their sensitive data with network intrusion detection systems (IDSs). Detecting intrusion in a distributed network from outside network segment as well as from inside is a difficult problem. IDSs are expected to analyze a large volume of data while not placing a significant added load on the monitoring systems and networks. This requires good data mining strategies which take less time and give accurate results. In this study, a novel hybrid layered multiagent-based intrusion detection system is created, particularly with the support of a multi-class supervised classification technique. In agent-based IDS, there is no central control and therefore no central point of failure. Agents can detect and take predefined actions against malicious activities, which can be detected with the help of data mining techniques. The proposed IDS shows superior performance compared to central sniffing IDS techniques, and saves network resources compared to other distributed IDSs with mobile agents that activate too many sniffers causing bottlenecks in the network. This is one of the major motivations to use a distributed model based on a multiagent platform along with a supervised classification technique. Applying multiagent technology to the management of network security is a challenging task since it requires the management on different time instances and has many interactions. To facilitate information exchange between different agents in the proposed hybrid layered multiagent architecture, a low cost and low response time agent communication protocol is developed to tackle the issues typically associated with a distributed multiagent system, such as poor system performance, excessive processing power requirement, and long delays. The bandwidth and response time performance of the proposed end-to-end system is investigated through the simulation of the proposed agent communication protocol on our private LAN testbed called Hierarchical Agent Network for Intrusion Detection Systems (HAN-IDS). The simulation results show that this system is efficient and extensible since it consumes negligible bandwidth with low cost and low response time on the network.
9
Maharjan, Nadim, and Paria Moazzemi. "Telemetry Network Intrusion Detection System." International Foundation for Telemetering, 2012. http://hdl.handle.net/10150/581632.
Full textAbstract:
ITC/USA 2012 Conference Proceedings / The Forty-Eighth Annual International Telemetering Conference and Technical Exhibition / October 22-25, 2012 / Town and Country Resort & Convention Center, San Diego, CaliforniaTelemetry systems are migrating from links to networks. Security solutions that simply encrypt radio links no longer protect the network of Test Articles or the networks that support them. The use of network telemetry is dramatically expanding and new risks and vulnerabilities are challenging issues for telemetry networks. Most of these vulnerabilities are silent in nature and cannot be detected with simple tools such as traffic monitoring. The Intrusion Detection System (IDS) is a security mechanism suited to telemetry networks that can help detect abnormal behavior in the network. Our previous research in Network Intrusion Detection Systems focused on "Password" attacks and "Syn" attacks. This paper presents a generalized method that can detect both "Password" attack and "Syn" attack. In this paper, a K-means Clustering algorithm is used for vector quantization of network traffic. This reduces the scope of the problem by reducing the entropy of the network data. In addition, a Hidden-Markov Model (HMM) is then employed to help to further characterize and analyze the behavior of the network into states that can be labeled as normal, attack, or anomaly. Our experiments show that IDS can discover and expose telemetry network vulnerabilities using Vector Quantization and the Hidden Markov Model providing a more secure telemetry environment. Our paper shows how these can be generalized into a Network Intrusion system that can be deployed on telemetry networks.
10
Ademi, Muhamet. "Web-Based Intrusion Detection System." Thesis, Malmö högskola, Fakulteten för teknik och samhälle (TS), 2013. http://urn.kb.se/resolve?urn=urn:nbn:se:mau:diva-20271.
Full textAbstract:
Web applications are growing rapidly and as the amount of web sites globallyincreases so do security threats. Complex applications often interact with thirdparty services and databases to fetch information and often interactions requireuser input. Intruders are targeting web applications specifically and they are ahuge security threat to organizations and a way to combat this is to haveintrusion detection systems. Most common web attack methods are wellresearched and documented however due to time constraints developers oftenwrite applications fast and may not implement the best security practices. Thisreport describes one way to implement a intrusion detection system thatspecifically detects web based attacks.
11
Prasad, Praveen. "A dynamically reconfigurable intrusion detection system." NCSU, 2003. http://www.lib.ncsu.edu/theses/available/etd-05202003-181843/.
Full textAbstract:
This dissertation implements a Network Based Intrusion Detection System on a Dynamically Reconfigurable Architecture. The design is captured using synthesizable Verilog HDL. The Dynamically Reconfigurable Intrusion Detection System (DRIDS) addresses the challenges faced by typical applications that use Reconfigurable devices that do not exploit their full computational density because of the limited FPGA memory, inefficient FPGA utilization, processor to FPGA communication bottlenecks and high reconfiguration latencies. The implementation of Intrusion Detection on the DRIDS boasts of high computational density and better performance through the exploitation of parallelism inherent in this application.
12
Song, Jingping. "Feature selection for intrusion detection system." Thesis, Aberystwyth University, 2016. http://hdl.handle.net/2160/3143de58-208f-405e-ab18-abcecfc8f33b.
Full textAbstract:
Intrusion detection is an important task for network operators in today?s Internet. Traditional network intrusion detection systems rely on either specialized signatures of previously seen attacks, or on labeled traffic datasets that are expensive and difficult to reproduce for user-profiling to hunt out network attacks. Machine learning methods could be used in this area since they could get knowledge from signatures or as normal-operation profiles. However, there is usually a large volume of data in intrusion detection systems, for both features and instances. Feature selection can be used to optimize the classifiers used to identify attacks by removing redundant or irrelevant features while improving the quality. In this thesis, six feature selection algorithms are developed, and their application to intrusion detection is evaluated. They are: Cascading Fuzzy C Means Clustering and C4.5 Decision Tree Classification Algorithm, New Evidence Accumulation Ensemble with Hierarchical Clustering Algorithm, Modified Mutual Information-based Feature Selection Algorithm, Mutual Information-based Feature Grouping Algorithm, Feature Grouping by Agglomerative Hierarchical Clustering Algorithm, and Online Streaming Feature Selection Algorithm. All algorithms are evaluated on the KDD 99 dataset, the most widely used data set for the evaluation of anomaly detection methods, and are compared with other algorithms. The potential application of these algorithms beyond intrusion detection is also examined and discussed.
13
Moyers, Benjamin. "Multi-Vector Portable Intrusion Detection System." Thesis, Virginia Tech, 2009. http://hdl.handle.net/10919/34265.
Full textAbstract:
This research describes an intrusion detection system designed to fulfill the need for increased mobile device security. The Battery-Sensing Intrusion Protection System (B-SIPS) [1] initially took a non-conventional approach to intrusion detection by recognizing attacks based on anomalous Instantaneous Current (IC) drainage. An extension of B-SIPS, the Multi-Vector Portable Intrusion Detection System (MVP-IDS) validates the idea of recognizing attacks based on anomalous IC drain by correlating the detected anomalies with wireless attack traffic from both the Wi-Fi and Bluetooth mediums. To effectively monitor the Wi-Fi and Bluetooth mediums for malicious packet streams, the Snort-Based Wi-Fi and Bluetooth Attack Detection and Signature System (BADSS) modules were introduced.
MVP-IDS illustrates that IC anomalies, representing attacks, can be correlated with wireless attack traffic through a collaborative and multi-module approach. Furthermore, MVP-IDS not only correlates wireless attacks, but mitigates them and defends its clients using an administrative response mechanism.
This research also provides insight into the ramifications of battery exhaustion Denial of Service (DoS) attacks on battery-powered mobile devices. Several IEEE 802.11 Wi-Fi, IEEE 802.15.1 Bluetooth, and blended attacks are studied to understand their effects on device battery lifetimes. In the worst case, DoS attacks against mobile devices were found to accelerate battery depletion as much as 18.5%. However, if the MVP-IDS version of the B-SIPS client was allowed to run in the background during a BlueSYN flood attack, it could mitigate the attack and preserve as much as 16% of a mobile deviceâ s battery lifetime as compared with an unprotected device.Master of Science
14
Satam, Shalaka Chittaranjan, and Shalaka Chittaranjan Satam. "Bluetooth Anomaly Based Intrusion Detection System." Thesis, The University of Arizona, 2017. http://hdl.handle.net/10150/625890.
Full textAbstract:
Bluetooth is a wireless technology that is used to communicate over personal area networks (PAN). With the advent of Internet of Things (IOT), Bluetooth is the technology of choice for small and short range communication networks. For instance, most of the modern cars have the capability to connect to mobile devices using Bluetooth. This ubiquitous presence of Bluetooth makes it important that it is secure and its data is protected. Previous work has shown that Bluetooth is vulnerable to attacks like the man in the middle attack, Denial of Service (DoS) attack, etc. Moreover, all Bluetooth devices are mobile devices and thus power utilization is an import performance parameter. The attacker can easily increase power consumption of a mobile device by launching an attack vector against that device.
As a part of this thesis we present an anomaly based intrusion detection system for Bluetooth network, Bluetooth IDS (BIDS). The BIDS uses Ngram based approach to characterize the normal behavior of the Bluetooth protocol. Machine learning algorithms were used to build the normal behavior models for the protocol during the training phase of the system, and thus allowing classification of observed Bluetooth events as normal or abnormal during the operational phase of the system. The experimental results showed that the models that were developed in this thesis had a high accuracy with precision of 99.2% and recall of 99.5%.
15
Gade, Vaibhav. "Intrusion Detection System as a Service : Providing intrusion detection system on a subscription basis for cloud deployment." Thesis, Blekinge Tekniska Högskola, Institutionen för kommunikationssystem, 2015. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-10833.
Full text
16
Cannady, James D. Jr. "An Adaptive Neural Network Approach to Intrusion Detection and Response." NSUWorks, 2000. http://nsuworks.nova.edu/gscis_etd/443.
Full textAbstract:
Computer network attacks seek to achieve one or more objectives against the targeted system. The attack may be designed to gain access to sensitive data, modify records, or conduct activities designed to deny authorized users access to system resources. An effective defense against these incidents requires both the timely and accurate detection of the events and a response to the incident that mitigates the damage caused by the attack. While there is an increasing need for a system capable of accurately identifying network attacks there are very few effective methods capable of detecting these incidents.
The constantly changing nature of network attacks requires a flexible defensive system that is capable of analyzing the enormous amount of network traffic and identifying attacks from the available data. The ability to effectively respond to an attack after it has been detected is also very limited. As a result, a rapid and well-organized attack can result in substantial damage to a targeted system before defensive measures can be activated. The goal of this research was the design of an innovative approach to the protection of computer networks that used adaptive neural network techniques to identify and respond to attempts to deny authorized users access to system resources.
Since it is impossible to represent all of the possible system states and types of attacks that could occur the ability of the neural network-based system to adapt to changes in the network environment depended upon an incremental learning capability that was developed as part of this research. The adaptive neural network system incorporated a modified reinforcement learning approach to enhance the identification of new network attacks. This capability allowed the intrusion detection system to autonomously improve its analytical ability in response to changes in the threats against the protected network and then take an action that minimized the damage to the protected system. A prototype adaptive neural network architecture was implemented and evaluated in a simulated computer network environment.
17
Gandre, Amit Prafullachandra. "Implementation of a policy-based intrusion detection system--Generic Intrusion Detection Model (GIDEM version 1.1)." [Gainesville, Fla.] : University of Florida, 2001. http://purl.fcla.edu/fcla/etd/UFE0000317.
Full textAbstract:
Thesis (M.S.)--University of Florida, 2001.Title from title page of source document. Document formatted into pages; contains vi, 66 p.; also contains graphics. Includes vita. Includes bibliographical references.
18
Ozbey, Halil. "A Genetic-based Intelligent Intrusion Detection System." Master's thesis, METU, 2005. http://etd.lib.metu.edu.tr/upload/2/12606636/index.pdf.
Full textAbstract:
In this study we address the problem of detecting new types of intrusions to computer systems which cannot be handled by widely implemented knowledge-based mechanisms. The solutions offered by behavior-based prototypes either suffer low accuracy and low completeness or require use data eplaining abnormal behavior which actually is not available. Our aim is to develop an algorithm which can produce a satisfactory model of the target system&rsquos behavior in the absence of negative data. First, we design and develop an intelligent and behavior-based detection mechanism using genetic-based machine learning techniques with subsidies in the Bucket Brigade Algorithm. It classifies the possible system states to be normal and abnormal and interprets the abnormal state observations as evidences for the presence of an intrusion. Next we provide another algorithm which focuses on capturing normal behavior of the target system to detect intrusions again by identifying anomalies. A compact and highly complete rule set is generated by continuously inserting observed states as rules into the rule set and combining similar rule pairs in each step. Experiments conducted using the KDD-99 data set have produced fairly good results for both of the algorihtms.
19
Otto, vor dem gentschen Felde Nils. "Ein föderiertes Intrusion Detection System für Grids." Diss., lmu, 2008. http://nbn-resolving.de/urn:nbn:de:bvb:19-95066.
Full text
20
Nguyen, Quang Trung. "Intrusion Detection System for Classifying User Behavior." Thesis, KTH, Skolan för informations- och kommunikationsteknik (ICT), 2010. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-26398.
Full textAbstract:
Nowaday, we use computers for everything from banking and investing to shopping and communicating with others through email or chat programs. Not only for personal use, computers and network of computers become crucial parts of companies, organizations, governments. A lot of important information is stored in computers and transfered across networks and the Internet. Unauthorized users break into systems to have access to private information. This brings the need of a system that can detect and prevent those harmful activities. Intrusion detection systems (IDSs) monitor networks and/or systems to detect malicious activities. That helps us to re-act and stop intruders. There are two types of IDSs, network-based IDSs and host-based IDSs. A network-based IDS monitors network traffic and activities to find attacks, and a host-based IDS monitors activities in a computer system to detect malicious actions. This thesis is a research on using machine learning techniques in implementing a host-based IDS that can tell us a computer process is normal (harmless) or abnormal (harmful). Three machine learning techniques are applied to Basic Security Module (BSM) log files of a Solaris system. Data sets used in experiments are from DARPA Intrusion Detection Evaluation 1998. The research provides some ways to apply Support Vector Machines, k-Nearest Neighbors and Hidden Markov Models to an IDS, and compares performances of these three methods
21
Karimi, Ahmad Maroof. "Distributed Machine Learning Based Intrusion Detection System." University of Toledo / OhioLINK, 2016. http://rave.ohiolink.edu/etdc/view?acc_num=toledo1470401374.
Full text
22
Sohal, Amandeep Kaur. "A taxonomy-based approach to intrusion detection system." abstract and full text PDF (free order & download UNR users only), 2007. http://0-gateway.proquest.com.innopac.library.unr.edu/openurl?url_ver=Z39.88-2004&rft_val_fmt=info:ofi/fmt:kev:mtx:dissertation&res_dat=xri:pqdiss&rft_dat=xri:pqdiss:1446428.
Full text
23
Al-Nashif, Youssif. "MULTI-LEVEL ANOMALY BASED AUTONOMIC INTRUSION DETECTION SYSTEM." Diss., The University of Arizona, 2008. http://hdl.handle.net/10150/195504.
Full textAbstract:
The rapid growth and deployment of network technologies and Internet services has made security and management of networks a challenging research problem. This growth is accompanied by an exponential growth in the number of network attacks, which have become more complex, more organized, more dynamic, and more severe than ever. Current network protection techniques are static, slow in responding to attacks, and inefficient due to the large number of false alarms. Attack detection systems can be broadly classified as being signature-based, classification-based, or anomaly-based. In this dissertation, I present a multi-level anomaly based autonomic network defense system which can efficiently detect both known and unknown types of network attacks with a high detection rate and low false alarms. The system uses autonomic computing to automate the control and management of multi-level intrusion detection system and integrate the different components of the system. The system defends the network by detecting anomalies in network operations that may have been caused by network attacks. Like other anomaly detection systems, AND captures a profile of normal network behavior.In this dissertation, I introduce experimental results that evaluate the effectiveness and performance of the multi-level anomaly based autonomic network intrusion detection system in detecting network attacks. The system consist of monitoring modules, feature aggregation and correlation modules, behavior analysis modules, decision fusion module, global visualization module, risk and impact analysis module, action module, attack classification module, and the adaptive learning module. I have successfully implemented a prototype system based on my multi-level anomaly based approach. The experimental results and evaluation of our prototype show that our multi-level intrusion detection system can efficiently and effectively detect and protect against any type of network attacks known or unknown in real-time. Furthermore, the overhead of our approach is insignificant on the normal network operations and services.
24
Ang, Kah Kin. "A multilevel secure constrained intrusion detection system prototype." Thesis, Monterey, California. Naval Postgraduate School, 2010. http://hdl.handle.net/10945/5026.
Full textAbstract:
Approved for public release; distribution is unlimitedThe Monterey Security Architecture (MYSEA) provides a distributed multilevel secure (MLS) environment consisting of a MLS local area network (LAN) and multiple single-level networks. The MYSEA server enforces a mandatory access control policy to ensure that users can only access data for which they are authorized. Intrusion detection systems (IDS) placed on a single-level network can store the alerts in the IDS databases at the same classification level as the network being monitored. As most databases do not support the enforcement of mandatory security policies, access to these databases is restricted to singlelevel access only. Thus, administrators are not presented with a coherent view of IDS alerts from all of the connected networks. The objective of this thesis is to design a database proxy to allow administrators to view and analyze IDS information at multiple classification levels while enforcing the systems overall mandatory policy. Based on the derived concept of operations and the requirements, a design for the database proxy that mediates access to databases at different levels was conceived. A prototype database proxy was implemented along with modifications to a web-based analysis tool to allow the viewing and analysis of IDS information at multiple classification levels.
25
Langin, Chester Louis. "A SOM+ Diagnostic System for Network Intrusion Detection." OpenSIUC, 2011. https://opensiuc.lib.siu.edu/dissertations/389.
Full textAbstract:
This research created a new theoretical Soft Computing (SC) hybridized network intrusion detection diagnostic system including complex hybridization of a 3D full color Self-Organizing Map (SOM), Artificial Immune System Danger Theory (AISDT), and a Fuzzy Inference System (FIS). This SOM+ diagnostic archetype includes newly defined intrusion types to facilitate diagnostic analysis, a descriptive computational model, and an Invisible Mobile Network Bridge (IMNB) to collect data, while maintaining compatibility with traditional packet analysis. This system is modular, multitaskable, scalable, intuitive, adaptable to quickly changing scenarios, and uses relatively few resources.
26
Prestberg, Lars. "Automatisk sammanställning av mätbara data : Intrusion detection system." Thesis, Mittuniversitetet, Avdelningen för informations- och kommunikationssystem, 2016. http://urn.kb.se/resolve?urn=urn:nbn:se:miun:diva-28254.
Full textAbstract:
Projektet utförs på IT-säkerhetsbolaget i Skandinavien AB, en del i deras utbud är ett Cyberlarm där delar skall automatiseras för att kunna presentera information till kunder på ett smidigare sätt. Syftet är att kunna erbjuda kunder mer valuta för pengarna vilket samtidigt innebär ett extra säljargument för produkten. Cyberlarmet är förenklat ett Intrusion Detection System som läser av trafik på ett nätverk och larmar operatören om något suspekt sker på nätet. Utifrån databasen som all information sparas i skapas grafer och tabeller som en översikt av nätet, denna information skall skickas till kunder på veckobasis, vilket sker genom ett Python-script samt ett antal open-source programvaror. Resultatet visar att det automatiserade sättet att utföra uppgiften tar 5,5% av tiden det tog att skapa en levererad grafsida med orginalmetoden. Mot den föreslagna manuella metoden, för tre sensorer, tog den automatiserade metoden 11% av tiden. När endast skapandet av pdf utfördes låg den automatiserade metoden på 82,1% respektive 69,7% av den manuella tiden för en respektive tre sensorer.
27
Borek, Martin. "Intrusion Detection System for Android : Linux Kernel System Salls Analysis." Thesis, KTH, Skolan för informations- och kommunikationsteknik (ICT), 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-222382.
Full textAbstract:
Smartphones provide access to a plethora of private information potentially leading to financial and personal hardship, hence they need to be well protected. With new Android malware obfuscation and evading techniques, including encrypted and downloaded malicious code, current protection approaches using static analysis are becoming less effective. A dynamic solution is needed that protects Android phones in real time. System calls have previously been researched as an effective method for Android dynamic analysis. However, these previous studies concentrated on analysing system calls captured in emulated sandboxed environments, which does not prove the suitability of this approach for real time analysis on the actual device. This thesis focuses on analysis of Linux kernel system calls on the ARMv8 architecture. Given the limitations of android phones it is necessary to minimise the resources required for the analyses, therefore we focused on the sequencing of system calls. With this approach, we sought a method that could be employed for a real time malware detection directly on Android phones. We also experimented with different data representation feature vectors; histogram, n-gram and co-occurrence matrix. All data collection was carried out on a real Android device as existing Android emulators proved to be unsuitable for emulating a system with the ARMv8 architecture. Moreover, data were collected on a human controlled device since reviewed Android event generators and crawlers did not accurately simulate real human interactions. The results show that Linux kernel sequencing carry enough information to detect malicious behaviour of malicious applications on the ARMv8 architecture. All feature vectors performed well. In particular, n-gram and co-occurrence matrix achieved excellent results. To reduce the computational complexity of the analysis, we experimented with including only the most commonly occurring system calls. While the accuracy degraded slightly, it was a worthwhile trade off as the computational complexity was substantially reduced.Smartphones ger tillgång till en uppsjö av privat information som potentiellt kan leda till finansiella och personliga svårigheter. Därför måste de vara väl skyddade. En dynamisk lösning behövs som skyddar Android-telefoner i realtid. Systemanrop har tidigare undersökts som en effektiv metod för dynamisk analys av Android. Emellertid fokuserade dessa tidigare studier på systemanrop i en emulerad sandbox miljö, vilket inte visar lämpligheten av detta tillvägagångssätt för realtidsanalys av själva enheten. Detta arbete fokuserar på analys av Linux kärnan systemanrop på ARMv8 arkitekturen. Givet begränsningarna som existerar i Android-telefoner är det väsentligt att minimera resurserna som krävs för analyserna. Därför fokuserade vi på sekvenseringen av systemanropen. Med detta tillvägagångssätt sökte vi en metod som skulle kunna användas för realtidsdetektering av skadliga program direkt på Android-telefoner. Vi experimenterade dessutom med olika funktionsvektorer för att representera data; histogram, n-gram och co-occurrence matriser. All data hämtades från en riktig Android enhet då de existerande Android emulatorerna visade sig vara olämpliga för att emulera ett system med ARMv8 arkitekturen. Resultaten visar att Linus kärnans sekvensering har tillräckligt med information för att upptäcka skadligt beteende av skadliga applikationer på ARMv8 arkitekturen. Alla funktionsvektorer presterade bra. N-gram och cooccurrence matriserna uppnådde till och med lysande resultat. För att reducera beräkningskomplexiteten av analysen, experimenterade vi med att enbart använda de vanligaste systemanropen. Fast noggrannheten minskade lite, var det värt uppoffringen eftersom beräkningskomplexiteten reducerades märkbart.
28
Moten, Daryl, and Farhad Moazzami. "Telemetry Network Intrusion Detection Test Bed." International Foundation for Telemetering, 2013. http://hdl.handle.net/10150/579527.
Full textAbstract:
ITC/USA 2013 Conference Proceedings / The Forty-Ninth Annual International Telemetering Conference and Technical Exhibition / October 21-24, 2013 / Bally's Hotel & Convention Center, Las Vegas, NVThe transition of telemetry from link-based to network-based architectures opens these systems to new security risks. Tools such as intrusion detection systems and vulnerability scanners will be required for emerging telemetry networks. Intrusion detection systems protect networks against attacks that occur once the network boundary has been breached. An intrusion detection model was developed in the Wireless Networking and Security lab at Morgan State University. The model depends on network traffic being filtered into traffic streams. The streams are then reduced to vectors. The current state of the network can be determined using Viterbi analysis of the stream vectors. Viterbi uses the output of the Hidden Markov Model to find the current state of the network. The state information describes the probability of the network being in predefined normal or attack states based on training data. This output can be sent to a network administrator depending on threshold levels. In this project, a penetration-testing tool called Metasploit was used to launch attacks against systems in an isolated test bed. The network traffic generated during an attack was analyzed for use in the MSU intrusion detection model.
29
Karkera, Akhil Narayan. "Design and implementation of a policy-based intrusion detection system generic intrusion detection model for a distributed network /." [Gainesville, Fla.] : University of Florida, 2002. http://purl.fcla.edu/fcla/etd/UFE0000550.
Full text
30
Schiavo, Sandra Jean. "An intrusion-detection tutoring system using means-ends analysis." Thesis, Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 1995. http://handle.dtic.mil/100.2/ADA294283.
Full text
31
Hashmi, Adeel. "Hardware Acceleration of Network Intrusion Detection System Using FPGA." Thesis, Manchester Metropolitan University, 2011. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.526973.
Full text
32
Zhang, Huan. "Parallelization of a software based intrusion detection system - Snort." Thesis, University of Canterbury. Electrical and Computer Engineering, 2011. http://hdl.handle.net/10092/5988.
Full textAbstract:
Computer networks are already ubiquitous in people’s lives and work and network security is becoming a critical part. A simple firewall, which can only scan the bottom four OSI layers, cannot satisfy all security requirements. An intrusion detection system (IDS) with deep packet inspection, which can filter all seven OSI layers, is becoming necessary for more and more networks. However, the processing throughputs of the IDSs are far behind the current network speed. People have begun to improve the performance of the IDSs by implementing them on different hardware platforms, such as Field-Programmable Gate Array (FPGA) or some special network processors. Nevertheless, all of these options are either less flexible or more expensive to deploy. This research focuses on some possibilities of implementing a parallelized IDS on a general computer environment based on Snort, which is the most popular open-source IDS at the moment.
In this thesis, some possible methods have been analyzed for the parallelization of the pattern-matching engine based on a multicore computer. However, owing to the small granularity of the network packets, the pattern-matching engine of Snort is unsuitable for parallelization. In addition, a pipelined structure of Snort has been implemented and analyzed. The universal packet capture API - LibPCAP has been modified for a new feature, which can capture a packet directly to an external buffer. Then, the performance of the pipelined Snort can have an improvement up to 60% on an Intel i7 multicore computer for jumbo frames. A primary limitation is on the memory bandwidth. With a higher bandwidth, the performance of the parallelization can be further improved.
33
Liu, Zhen. "A lightweight intrusion detection system for the cluster environment." Master's thesis, Mississippi State : Mississippi State University, 2003. http://sun.library.msstate.edu/ETD-db/theses/available/etd-07102003-152642/unrestricted/ZhenLiu%5Fthesis.pdf.
Full text
34
Ganesh, Kandalgaonkar Amol. "Enhancing an intrusion detection system framework using selective feedback." Columbus, Ohio : Ohio State University, 2003. http://rave.ohiolink.edu/etdc/view?acc%5Fnum=osu1162313091.
Full text
35
Stanley, Fred Philip. "Intrusion detection and response for system and network attacks." [Ames, Iowa : Iowa State University], 2009.
Find full text
36
McDonald, Kevin E. (Kevin Edward) 1978. "A lightweight real-time host-based intrusion detection system." Thesis, Massachusetts Institute of Technology, 2001. http://hdl.handle.net/1721.1/86677.
Full textAbstract:
Thesis (M.Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2001.Includes bibliographical references (leaves 98-100).
by Kevin E. McDonald.
M.Eng.
37
Le, Anhtuan. "Intrusion Detection System for detecting internal threats in 6LoWPAN." Thesis, Middlesex University, 2017. http://eprints.mdx.ac.uk/21958/.
Full textAbstract:
6LoWPAN (IPv6 over Low-power Wireless Personal Area Network) is a standard developed by the Internet Engineering Task Force group to enable the Wireless Sensor Networks to connect to the IPv6 Internet. This standard is rapidly gaining popularity for its applicability, ranging extensively from health care to environmental monitoring. Security is one of the most crucial issues that need to be considered properly in 6LoWPAN. Common 6LoWPAN security threats can come from external or internal attackers. Cryptographic techniques are helpful in protecting the external attackers from illegally joining the network. However, because the network devices are commonly not tampered-proof, the attackers can break the cryptography codes of such devices and use them to operate like an internal source. These malicious sources can create internal attacks, which may downgrade significantly network performance. Protecting the network from these internal threats has therefore become one of the centre security problems on 6LoWPAN. This thesis investigates the security issues created by the internal threats in 6LoWPAN and proposes the use of Intrusion Detection System (IDS) to deal with such threats. Our main works are to categorise the 6LoWPAN threats into two major types, and to develop two different IDSs to detect each of this type effectively. The major contributions of this thesis are summarised as below. First, we categorise the 6LoWPAN internal threats into two main types, one that focuses on compromising directly the network performance (performance-type) and the other is to manipulate the optimal topology (topology-type), to later downgrade the network service quality indirectly. In each type, we select some typical threats to implement, and assess their particular impacts on network performance as well as identify performance metrics that are sensitive in the attacked situations, in order to form the basis detection knowledge. In addition, on studying the topology-type, we propose several novel attacks towards the Routing Protocol for Low Power and Lossy network (RPL - the underlying routing protocol in 6LoWPAN), including the Rank attack, Local Repair attack and DIS attack. Second, we develop a Bayesian-based IDS to detect the performance-type internal threats by monitoring typical attacking targets such as traffic, channel or neighbour nodes. Unlike other statistical approaches, which have a limited view by just using a single metric to monitor a specific attack, our Bayesian-based IDS can judge an abnormal behaviour with a wiser view by considering of different metrics using the insightful understanding of their relations. Such wiser view helps to increase the IDS’s accuracy significantly. Third, we develop a Specification-based IDS module to detect the topology-type internal threats based on profiling the RPL operation. In detail, we generalise the observed states and transitions of RPL control messages to construct a high-level abstract of node operations through analysing the trace files of the simulations. Our profiling technique can form all of the protocol’s legal states and transitions automatically with corresponding statistic data, which is faster and easier to verify compare with other manual specification techniques. This IDS module can detect the topology-type threats quickly with a low rate of false detection. We also propose a monitoring architecture that uses techniques from modern technologies such as LTE (Long-term Evolution), cloud computing, and multiple interface sensor devices, to expand significantly the capability of the IDS in 6LoWPAN. This architecture can enable the running of both two proposed IDSs without much overhead created, to help the system to deal with most of the typical 6LoWPAN internal threats. Overall, the simulation results in Contiki Cooja prove that our two IDS modules are effective in detecting the 6LoWPAN internal threats, with the detection accuracy is ranging between 86 to 100% depends on the types of attacks, while the False Positive is also satisfactory, with under 5% for most of the attacks. We also show that the additional energy consumptions and the overhead of the solutions are at an acceptable level to be used in the 6LoWPAN environment.
38
Buennemeyer, Timothy Keith. "Battery-Sensing Intrusion Protection System (B-SIPS)." Diss., Virginia Tech, 2008. http://hdl.handle.net/10919/30037.
Full textAbstract:
This dissertation investigates using instantaneous battery current sensing techniques as a means of detecting IEEE 802.15.1 Bluetooth and 802.11b (Wi-Fi) attacks and anomalous activity on small mobile wireless devices. This research explores alternative intrusion detection methods in an effort to better understand computer networking threats. This research applies to Personal Digital Assistants (PDAs) and smart phones, operating with sensing software in wireless network environments to relay diagnostic battery readings and threshold breaches to indicate possible battery exhaustion attack, intrusion, virus, and worm activity detections. The system relies on host-based software to collect smart battery data to sense instantaneous current characteristics of anomalous network activity directed against small mobile devices. This effort sought to develop a methodology, design and build a net-centric system, and then further explore this non-traditional intrusion detection system (IDS) approach. This research implements the Battery-Sensing Intrusion Protection System (B-SIPS) client detection capabilities for small mobile devices, a server-based Correlation Intrusion Detection Engine (CIDE) for attack correlation with Snortâ s network-based IDS, device power profiling, graph views, security administrator alert notification, and a database for robust data storage. Additionally, the server-based CIDE provides the interface and filtering tools for a security administrator to further mine our database and conduct forensic analysis. A separate system was developed using a digital oscilloscope to observe Bluetooth, Wi-Fi, and blended attack traces and to create unique signatures.
The research endeavor makes five significant contributions to the security field of intrusion detection. First, this B-SIPS work creates an effective intrusion detection approach that can operate on small, mobile host devices in networking environments to sense anomalous patterns in instantaneous battery current as an indicator of malicious activity using an innovative Dynamic Threshold Calculation (DTC) algorithm. Second, the Current Attack Signature Identification and Matching System (CASIMS) provides a means for high resolution current measurements and supporting analytical tools. This system investigates Bluetooth, Wi-Fi, and blended exploits using an oscilloscope to gather high fidelity data. Instantaneous current changes were examined on mobile devices during representative attacks to determine unique attack traces and recognizable signatures. Third, two B-SIPS supporting theoretical models are presented to investigate static and dynamic smart battery polling. These analytical models are employed to examine smart battery characteristics to support the theoretical intrusion detection limits and capabilities of B-SIPS. Fourth, a new genre of attack, known as a Battery Polling Cycle Timing Attack, is introduced. Todayâ s smart battery technology polling rates are designed to support Advanced Power Management needs. Every PDA and smart phone has a polling rate that is determined by the device and smart battery original equipment manufacturers. If an attacker knows the precise timing of the polling rate of the batteryâ s chipset, then the attacker could attempt to craft intrusion packets to arrive within those limited time windows and between the batteryâ s polling intervals. Fifth, this research adds to the body of knowledge about non-traditional attack sensing and correlation by providing a component of an intrusion detection strategy. This work expands todayâ s research knowledge towards a more robust multilayered network defense by creating a novel design and methodology for employing mobile computing devices as a first line of defense to improve overall network security and potentially through extension to other communication mediums in need of defensive capabilities. Mobile computing and communications devices such as PDAs, smart phones, and ultra small general purpose computing devices are the typical targets for the results of this work. Additionally, field-deployed battery operated sensors and sensor networks will also benefit by incorporating security mechanisms developed and described here.Ph. D.
39
Thomas, Ashley. "Adaptive real time intrusion detection systems." 2002. http://www.lib.ncsu.edu/theses/available/etd-08152002-005400/unrestricted/etd.pdf.
Full text
40
Liang, Hung-Yi, and 梁宏一. "An Adaptive Feature Selection Method for Intrusion Detection System." Thesis, 2000. http://ndltd.ncl.edu.tw/handle/43540740017568757666.
Full textAbstract:
碩士中原大學
資訊工程學系
88
For real-time detection, we improve the method of the feature selection to reduce the overloading of the IDS (Intrusion Detection System). By two ways, (1) Feature redundancy: We use fewer features to over more intrusions. (2) Dynamic setup: We set the using features dynamically by the setup of the security policy. Our method is “An Adaptive Feature Selection Method”. Fist, we list the adaptive conditions when selecting features, and users can use them to select the proper features. These conditions are that: (1) Database requirement: the content of rules or models in database (2) Environment dependency: the service type or the O.S. type of the server (3) Data source: host-based or network-based (4) Special time: the intrusion has happened in special time (5) Statistics: finding the most common intrusion using statistical method (6) destroy: system administrator deciding which intrusion is important by system requirement. We provide users selecting features easily by feature classification. These classes are that: (1) Occurrence (2) Duration (3) Action State (4) Sequence (5) Misc. We also describe the dependent or the independent characteristic between these classes. We prove a dynamic feature selection guideline by these adaptive feature classification and algorithm. This method also can reduce the overloading of the IDS and let IDS real-time detection.
41
Hsu, Ying-Che, and 徐英哲. "An Adaptive Rule Assignment Algorithm for Efficient Distributed Intrusion Detection System." Thesis, 2005. http://ndltd.ncl.edu.tw/handle/xw7767.
Full textAbstract:
碩士中原大學
資訊工程研究所
93
This thesis is mainly connected with Distribution Intrusion Detection System – NDIDS, and how to make each CPU Loading of Snort Clients or Snort sensors reach balance. Besides, this thesis is about two adaptive rule assignment algorithms. One is the increased and deleted principle of the Snort sensor rule. Another is the selected principle of the increased and deleted rule. Furthermore, there is synthetic discussing the differences and suitable time between each algorithm. Finally, this thesis aims at the effect differences and experiment results of the environment differences, as CPU, of each Snort sensor in the distribution system, and the effects of the number of Snort sensor in the linear growth. Key words: Distribution Intrusion Detection System – NDIDS, Adaptive rule assignment, Distribution System
42
Liu, Chih-Hsien, and 劉智賢. "A Study on Adaptive Distributed Intrusion Detection System - Group by Network Services." Thesis, 2007. http://ndltd.ncl.edu.tw/handle/48243479382535557100.
Full textAbstract:
碩士國防管理學院
國防資訊研究所
96
Facing to the gradually sophisticated and varied approaches of attacking, it is not sufficient to defend individually with commercial-off-the-shelf security products, such as firewall and Anti-Virus. This thesis focuses on how to organize a perfect and adequate security policy, and to define the flow of network traffic. Therefore, it is possible to flock the same kind of services into a VLAN in the DMZ for being convenient to be managed. Distributed IDS Sensors are setup in each area of the network, and they filter the inadequate traffic before it floods everywhere. By this way, unnecessary pattern detection could be avoided and the resource of network device would be saved. On the other hand, the unknown traffic which does not follow the security policy could be detected and reported back to the managing center. In this way, the scope of Defense in Depth is extended further and covers the blind spots that traditional NIDS could not reach. In the research, Vulnerability scan, DDOS and Worm Attack are utilized for verification. With the comparison between the results of traditional NIDS and the Adaptive Distributed Intrusion Detection System, the feasibility and the performance improving are verified, as well as the manageability of the servers.
43
Vigo, Jr John L. "Wireless intrusion detection system." 2004. http://etd-db.uno.edu/theses/available/etd-11242004-142849/.
Full textAbstract:
Thesis (M.S.)--University of New Orleans, 2004.Title from electronic submission form. "A thesis ... in partial fulfillment of the requirements for the degree of Master of Science in the Department of Computer Science."--Thesis t.p. Vita. Includes bibliographical references.
44
Tsai, Kuo-Shou, and 蔡國手. "An Embedded Intrusion Detection System." Thesis, 2000. http://ndltd.ncl.edu.tw/handle/40544653703402308739.
Full textAbstract:
碩士國立交通大學
資訊管理所
88
An Intrusion Detection System (IDS) is used to protect data from being misused or unauthorized accessed. It monitors the system activities to find whether they contain any predefined attack signature. But the weakness of all common IDSs is the security problem of the IDS themselves. An IDS may be the first target of experienced attackers. An Embedded Intrusion Detection System trys to avoid the problem by hiding itself in a protected host. The idea is intuitive and simple, if we want to use IDS to protect a web server, we put together the IDS and the web server. We use HTTP to talk to the IDS, and normal web visitor uses HTTP to access what he want. The IDS is “ Embedded” within the web server. It is not easy for attackers to find the IDS such that the IDS should be more secure.
45
Wang, Po-Wei, and 王博瑋. "NetFlow Based Intrusion Detection System." Thesis, 2004. http://ndltd.ncl.edu.tw/handle/82779373654190533992.
Full textAbstract:
碩士大同大學
資訊工程學系(所)
92
Due to the popularity of Internet, people can access remote resource on the Internet conveniently. But numerous malicious network events such as computer virus and hacker attack make the network management more difficult. A network intrusion detection system is thus more and more demanding. In this thesis, a NetFlow based anomaly intrusion detection system is presented. In addition, guidelines to properly configure and setup network device to minimize the possibilities that network attacks come from inside are also proposed. As the Internet becomes the platform of daily activities, the threat of network attack is also become more serious. Firewall along is not capable to protect the system from being attacked through normal service channel. Furthermore, most of the current intrusion detection system focus on the border of organization network which does not provide protection to hosts in the local network and the network itself if the attack is from inside. Therefore, in addition to the firewall and border IDS, we need to use other type of intrusion detection system to protect the critical system as well as the network itself.We propose an inexpensive and easy to implement way to perform the anomaly type intrusion detection based on the NetFlow information exported from the routers or other network probes. Our system can detect several types of network attack from inside or outside and perform counter maneuver accordingly.
46
Wu, Ming-Feng, and 吳名豐. "An Adaptive Multi-Tier Data Fusion For Intrusion Detection." Thesis, 2008. http://ndltd.ncl.edu.tw/handle/99219263849131481253.
Full textAbstract:
碩士中華大學
資訊管理學系(所)
96
In this thesis we propose a multi-tier data fusion framework by combining Bayesian average theory and Dempster-Shafer theory. With the integration of data fusion capabilities, we take advantage of the complementary of different classifiers. Consider the detection accuracy and detection time; we proposed the multi-tier data fusion detection model as the framework. In the experiment, we use KDD Cup'99 data as the experiment dataset and Support Vector Machine (SVM) as the core classification tool. By cooperating three feature selection methods (Discriminant Analysis, DA; Multiple Linear Regression, MLR; Logistic Regression, LR) with four class feature subsets (Content, Host-base, Intrinsic, Time-base), we took these feature subsets prediction results for the next step data fusion. Finally, we apply data fusion technique to implement the multi-tier data fusion model by Bayesian average method and Dempster-Shafer theory to integrate the classified results derived from the aforementioned classifiers. According to our experiments, the proposed approach of multi-tier data fusion can find out the best detection accuracy. Besides, the multi-tier data fusion detection model can reduce more than 50% detection time than other detection models.
47
Lauf, Adrian Peter. "HybrIDS embeddable hybrid intrusion detection system /." Diss., 2007. http://etd.library.vanderbilt.edu/ETD-db/available/etd-12062007-095827/.
Full text
48
Dass, Mayukh. "LIDS a Learning Intrusion Detection System /." 2003. http://purl.galileo.usg.edu/uga%5Fetd/dass%5Fmayukh%5F200308%5Fms.
Full textAbstract:
Thesis (M.S.)--University of Georgia, 2003.Directed by Walter D. Potter. Includes articles published in The proceedings of the 16th International Flairs Conference, The proceedings of the 6th International Conference on Industrial & Engineering Applications of Artificial Intelligence & Expert Systems, and The digital proceedings of the 41st ACM Southeast Conference, and an article submitted to Network Security Conference. Includes bibliographical references.
49
Rabie, Mohammad A. "Attack visualization for intrusion detection system." Thesis, 2002. http://library1.njit.edu/etd/fromwebvoyage.cfm?id=njit-etd2002-092.
Full text
50
TSU-WEI, CHANG, and 張祖瑋. "Multi-Agent based Intrusion Detection System." Thesis, 2009. http://ndltd.ncl.edu.tw/handle/31974123819869911059.
Full textAbstract:
碩士開南大學
資訊管理學系
97
As the rapid development and pervasion of the Internet, network attacks are happened more frequently in these days. Network security becomes more important, while the firewall deployment is the first defense line for the information security. However, as the risks of network security get higher, firewalls can no longer satisfy the needs of network security. As a result, the intrusion detection system (IDS) becomes another important security mechanism. High false positive rate is one of the major issues for IDSs. An agent-based intrusion detection system is designed by combining current IDS technologies with multi-agent systems. This anomaly detection method adopts self-organizing maps exclusively to learn the characteristics of normal behaviors. As long as some network behavior is deviated from normal one, this Multi-Agent based Intrusion Detection System (MAIDS) can detect it with low false positive rate.