Dissertations / Theses on the topic 'IDS'
To see the other types of publications on this topic, follow the link: IDS.
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 dissertations / theses for your research on the topic 'IDS.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
1
Monzer, Mohamad-Houssein. "Model-based IDS design pour ICS." Thesis, Université Grenoble Alpes, 2020. http://www.theses.fr/2020GRALT056.
Full textAbstract:
Les systèmes industriels présentent des risques de sécurité liés à leurs vulnérabilités informatiques. Ces systèmes, répartis dans le monde, continuent d'être la cible d'attaques. Bien que les systèmes industriels partagent des vulnérabilités communes avec les systèmes informatiques, ils ont tendance à avoir plus de contraintes en raison de l'interaction entre les systèmes cyber et physiques.Les systèmes de détection d'intrusion donnent une visibilité au système et sont considérés comme l'une des solutions pour détecter les attaques ciblées. Il semble donc pertinent de s'appuyer sur un modèle physique du système cyber-physique pour obtenir un système de détection d'intrusion (IDS) pour les systèmes industriels. La plupart des IDS sont basés sur des règles qui définissent comment les attaques possibles sont détectées. Ces règles sont généralement utilisées pour décrire les scénarios d'attaque possibles sur les systèmes ou pour décrire le comportement normal du système. Cependant, la création et la maintenance manuels des règles pour un système complexe peuvent s'avérer être une tâche très difficile.Cette thèse propose une solution pour modéliser ICS et concevoir des IDS spécifiques pour les systèmes industriels. Un générateur de règles IDS basé sur un modèle est encore proposé, qui convertit un modèle de système en règles IDS basées sur des anomalies. Enfin, l'efficacité des règles générées est évaluéeIndustrial systems present security risks related to their IT vulnerabilities. These systems, spread over the world, continue to be targets of attacks. While Industrial systems share common vulnerabilities with IT systems, they tend to have more constraints due to the interaction between cyber and physical systems.Intrusion detection systems give visibility to the system and are considered as one of the solutions to detect targeting attacks. Hence, it seems relevant to rely on a physical model of the cyber-physical system to obtain an intrusion detection system (IDS) for industrial systems. Most IDSs are based on rules that define how possible attacks are detected. These rules are generally used to either describe possible attack scenarios on the systems or used to describe the normal system behavior of the system. However, manually creating and maintaining rules for a complex system can prove to be a very tedious and difficult task.This thesis proposes a solution to model ICS and to design specific IDS for industrial systems. A model-based IDS rule generator is also proposed, which converts a system model into anomaly-based IDS rules. Finally, the effectiveness of the generated rules is evaluated
2
Fernandez, Maria del Mar, and Ignacio Porres. "An Evaluation of current IDS." Thesis, Linköping University, Department of Electrical Engineering, 2008. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-11635.
Full textAbstract:
With the possibility of connecting several computers and networks the necessity of protecting the whole data and machines from attackers (hackers) that try to get some confident information to use for their own benefit or just destroy or modify valuable information was born. At this point IDS appears to help users, companies or institutions to detect when they are getting compromised. This thesis will cover two main parts: the first one consists of an intense research study about the world of IDS and its environment. Subsequently, we will conclude this part with some points where IDS still needs to be questioned and show up desirable requirements for “the perfect” intrusion detection system. This “perfect” adjective can of course be discussed variously. The second part of the thesis approaches the implementation of the most used open source IDS: Snort. Some basic attacks on the machine where Snort is installed will be performed in order to make the future user see what kind of protection it ensures and the usability of this. There is a brief discussion about two of the main challenges in IDS will follow: analyzing big amounts of packets and encrypted traffic. Finally there are conclusions for a safe computer environment as well as the suggestion that some skilled programmer should give Snort a more friendly interface for every kind of users and a built in programme package which includes webserver, database and other libraries that are needed to run it properly with all its features.
3
Alevizon, John V. "Odds and Ids : a novel." Virtual Press, 1988. http://liblink.bsu.edu/uhtbin/catkey/539859.
Full textAbstract:
Odds and Ids is a satirical novel of 419 pages that ridicules the tenets of psychotherapy and the beliefs and behaviors of psychotherapists. There are two story lines which overlap and converge at the end. Odd chapters tell the story of semi-sane Clinical Psychologist Nicholas K. Mavros and his alcoholic dog, Misty, the melancholy collie. Disillusioned by life, and in particular by the sham of psychotherapy, Nick decides to commit suicide in seven days by driving his burgundy van off the Billy Bopplemeyer Pier at sunset.He and Misty form a sacred pact to achieve that gallant end. Knowing that he will be dead in one week frees Nick at work and play to say what he is thinking and to act as he is feeling. He simply does not care any longer what others--friends, staff, and clients--think of his behavior. The odd chapters follow him day by day until he and Misty plunge or do not plunge into the cold waters of Puget Sound.The even chapters trace the rise and fall of the fictional Rumanian Bithwanians, a strange family that personifies postFreudian psychotherapy. Three generations of odd Bithwanians bungle through the bizarre world of mental health, seldom knowing the first thing about how to help another human being. Each Bithwanian is so enmeshed in the intricacies of his own theory that he's;fails to see his clients as animate human beings.The last Bithwanian, whose suicide opens the second friend of Nicholas Mavros, the errant protagonist, whose intent to commit suicide 3efines the central plot of the odd chapters.Their relationship, seen in retrospect, ties the two story lines together.The guiding idea throughout the novel is that the right to label others, and this alone, separates therapists and clients.The following are shot at in the novel: A) Therapists and their illusions.B) Clients and their unrealistic expectations.C) The non-training of future clinicians.D) Therapy, insurance companies, the union of psychologists,sex, love, religion, tradition, and existentialism.Department of English
4
Šišmiš, Lukáš. "Optimalizace IDS/IPS systému Suricata." Master's thesis, Vysoké učení technické v Brně. Fakulta informačních technologií, 2021. http://www.nusl.cz/ntk/nusl-445503.
Full textAbstract:
V dnešnom svete zrýchľujúcej sa sieťovej prevádzky je potrebné držať krok v jej monitorovaní . Dostatočný prehľad o dianí v sieti dokáže zabrániť rozličným útokom na ciele nachádzajúce sa v nej . S tým nám pomáhajú systémy IDS, ktoré upozorňujú na udalosti nájdené v analyzovanej prevádzke . Pre túto prácu bol vybraný systém Suricata . Cieľom práce je vyladiť nastavenia systému Suricata s rozhraním AF_PACKET pre optimálnu výkonnosť a následne navrhnúť a implementovať optimalizáciu Suricaty . Výsledky z meraní AF_PACKET majú slúžiť ako základ pre porovnanie s navrhnutým vylepšením . Navrhovaná optimalizácia implementuje nové rozhranie založené na projekte Data Plane Development Kit ( DPDK ). DPDK je schopné akcelerovať príjem paketov a preto sa predpokladá , že zvýši výkon Suricaty . Zhodnotenie výsledkov a porovnanie rozhraní AF_PACKET a DPDK je možné nájsť na konci diplomovej práce .
5
Zika, Ondřej. "Analýza IDS Prahy a Bratislavy." Master's thesis, Vysoká škola ekonomická v Praze, 2012. http://www.nusl.cz/ntk/nusl-162145.
Full textAbstract:
The aim of this thesis is the analysis of integrated transport systems in Prague (Prague integrated transport) and in Bratislava (Bratislava integrated transport). The analysis identifies e. g. means of transport in these integrated transport systems, transport and legal relations, practical knowledge from travelling etc. In the conclusion of this theses there are suggested some recommendations in order to improve the system. This analysis showed that the creation of high-quality transport system is quite difficult.
6
Johansson, Fredrik, Jörgen Johansson, and Marcus Johansson. "IDS för alla : Intrångsdetekteringssystem för hemmaanvändare." Thesis, Högskolan i Halmstad, Sektionen för Informationsvetenskap, Data– och Elektroteknik (IDE), 2013. http://urn.kb.se/resolve?urn=urn:nbn:se:hh:diva-23229.
Full textAbstract:
I dagens IT-samhälle är säkerhet en viktig aspekt. Ett sätt att nå högre säkerhet är att bygga upp säkerheten i lager. I hemmanätverk är två vanliga lager antivirus och brandvägg. Den här kandidatuppsatsen undersöker om ett intrångsdetekteringsystem (IDS) är ett bra komplement till säkerheten i ett hemmanätverk.För att hålla systemet så attraktivt som möjligt för hemmanätverket fokuserar man på att hålla priset nere och konfigurationen enkel. Vi valde enkorts-datorn (Raspberry Pi) med programvaran IPFire, som är open-source, där IDS:en Snort ingår och IPFire har ett enkelt gränssnitt för konfiguration.För att mäta hur effektivt systemet fungerar, mäts det hur många hot Snort upptäcker. Mätningar gjordes också för att undersöka om systemet orsakade prestandaförluster i hemmanätverket.Av resultaten drogs slutsatsen att systemet är ett bra komplement till säkerheten i ett hemmanätverk. Det gick inte att säkerställa någon prestandaförlust på nätverket förens vid en uppkoppling på 100 mbit och däröver.
7
Tjhai, Gina C. "Anomaly-based correlation of IDS alarms." Thesis, University of Plymouth, 2011. http://hdl.handle.net/10026.1/308.
Full textAbstract:
An Intrusion Detection System (IDS) is one of the major techniques for securing information systems and keeping pace with current and potential threats and vulnerabilities in computing systems. It is an indisputable fact that the art of detecting intrusions is still far from perfect, and IDSs tend to generate a large number of false IDS alarms. Hence human has to inevitably validate those alarms before any action can be taken. As IT infrastructure become larger and more complicated, the number of alarms that need to be reviewed can escalate rapidly, making this task very difficult to manage. The need for an automated correlation and reduction system is therefore very much evident. In addition, alarm correlation is valuable in providing the operators with a more condensed view of potential security issues within the network infrastructure. The thesis embraces a comprehensive evaluation of the problem of false alarms and a proposal for an automated alarm correlation system. A critical analysis of existing alarm correlation systems is presented along with a description of the need for an enhanced correlation system. The study concludes that whilst a large number of works had been carried out in improving correlation techniques, none of them were perfect. They either required an extensive level of domain knowledge from the human experts to effectively run the system or were unable to provide high level information of the false alerts for future tuning. The overall objective of the research has therefore been to establish an alarm correlation framework and system which enables the administrator to effectively group alerts from the same attack instance and subsequently reduce the volume of false alarms without the need of domain knowledge. The achievement of this aim has comprised the proposal of an attribute-based approach, which is used as a foundation to systematically develop an unsupervised-based two-stage correlation technique. From this formation, a novel SOM K-Means Alarm Reduction Tool (SMART) architecture has been modelled as the framework from which time and attribute-based aggregation technique is offered. The thesis describes the design and features of the proposed architecture, focusing upon the key components forming the underlying architecture, the alert attributes and the way they are processed and applied to correlate alerts. The architecture is strengthened by the development of a statistical tool, which offers a mean to perform results or alert analysis and comparison. The main concepts of the novel architecture are validated through the implementation of a prototype system. A series of experiments were conducted to assess the effectiveness of SMART in reducing false alarms. This aimed to prove the viability of implementing the system in a practical environment and that the study has provided appropriate contribution to knowledge in this field.
8
Aspernäs, Andreas, and Thommy Simonsson. "IDS on Raspberry Pi : A Performance Evaluation." Thesis, Linnéuniversitetet, Institutionen för datavetenskap (DV), 2015. http://urn.kb.se/resolve?urn=urn:nbn:se:lnu:diva-43997.
Full textAbstract:
This is a report on the possibility of using a Raspberry Pi as an intrusion detection system in a home environment to increase network security. The focus of this study was on how well two different generations of Raspberry Pi would be able to handle network traffic while acting as an intrusion detection system. To examine this a testing environment was set up containing two workstation computers connected to a Raspberry Pi, each computer hosting a virtual machine. Tests measuring the network throughput as well as the CPU and memory usage were performed on each of the Raspberry Pi devices. Two models of Raspberry Pis were used; Raspberry Pi model B+ and Raspberry Pi 2 model B; each of them running the operating system Arch Linux ARM. The results of these tests were that both of the Raspberry Pis could be used as an intrusion detection system but has some limitations that could impede usage depending on the requirements of the user. Raspberry Pi 2 model B show benefits of its updated hardware by suffering lower throughput degradation than Raspberry Pi model B+, while using less of it's total CPU and memory capacity.Den här rapporten behandlar möjligheten att använda en Raspberry Pi som ett intrångdetekteringssystem i en hemma miljö för att öka nätverkssäkerheten. Fokusen i den här studien ligger på hur väl de två senaste generationerna av Raspberry Pi skulle kunna hantera nätverkstrafik samtidigt som den undersöker nätverkstrafiken och söker efter hot. För att kontrollera hur väl en Raspberry Pi kan fungera som ett intrångdetekteringssystem har en laborationsmiljö upprättats bestående av två fysiska maskiner som vardera används för att virtualisera en virtuell maskin. Tester för att mäta datagenomströmning, processor och minnesbelastning utfördes på var och en av Raspberry Pi. Två modeller av Raspberry Pi användes; Raspberry Pi model b+ och Raspberry Pi 2 model b, både körde operativsystemet Arch Linux ARM. Resultatet av testerna visade att det går att använda båda enheterna för att upprätta ett intrångdetekteringssystem, men det finns vissa begränsningar i enheterna vilket kan begränsa implementationsmöjligheterna. Raspberry Pi 2 model B uppvisade bättre resultat i form av att den är lägre belastad och har en högre datagenomströmning till skillnad från Raspberry Pi model B+. Raspberry Pi 2 model B har nyare och snabbare hårdvara vilket är den troliga orsaken till att den presterar bättre.
9
SILVA, Aline Lopes da. "MODELO DE IDS PARA USUÁRIOS DE DISPOSITIVOS MÓVEIS." Universidade Federal do Maranhão, 2008. http://tedebc.ufma.br:8080/jspui/handle/tede/335.
Full textAbstract:
Made available in DSpace on 2016-08-17T14:52:48Z (GMT). No. of bitstreams: 1
Aline lopes.pdf: 2261944 bytes, checksum: 0cbbb27a7a17ab362f4fce42298c4b45 (MD5)
Previous issue date: 2008-06-26Mobile devices are increasing common reality in wireless networks and have integrated the wireless environment, helping to ease and to make available information. Meanwhile, the wireless environment is subject to vulnerabilities because of the way of spreading information that is given through the air, and is subject to interception or even information theft. Mobile Devices in addition of its vulnerability to these vulnerabilities common in wireless environments, are devices with some physical limitations such as lack of processing capacity and memory, beyond the limited battery life. These limitations become critical in this kind of environment, when unidentified threats attack are directed mobile devices. It is necessary to develop an intrusion detection system dedicated to these devices to identify intrusive behaviour, taking into account their physical limitations. This work proposes an intrusion detection system (IDS, Intrusion Detection System) for wireless networks and mobile devices. This is an adaptation and extension of NIDIA-IDS (Intrusion Detection System-Network Intrusion Detection System based on Intelligent Agents). The system acts with two processes: the first one is an information tracking on the device performance and the second one is a wireless network traffic monitoring, analyzing both the traffic of monitored devices. As proof of concepts a prototype was developed and some experiments were carried to validate this solution.
Os dispositivos móveis são uma realidade cada vez mais comum em redes wireless e se integraram ao ambiente wireless, contribuindo para facilidade e disponibilidade da informação. Entretanto, o ambiente wireless está sujeito a vulnerabilidades, devido à forma de propagação da informação que se dá através do ar, estando sujeito a intercepção ou até mesmo roubo das informações. Dispositivos móveis além de estarem sujeitos a essas vulnerabilidades comuns em ambientes wireless, são dispositivos com algumas limitações físicas, como pouca capacidade de processamento e memória, além da vida útil de bateria limitada. Estas limitações tornam-se críticas neste tipo ambiente, quando ameaças não identificadas são direcionadas a dispositivos móveis. Torna-se necessário a implementação de sistema de detecção de intrusão voltado para estes dispositivos a fim de identificar comportamentos intrusivos, levando em consideração suas limitações físicas. Este trabalho propõe um sistema de detecção de intrusão (IDS, Intrusion Detection System) em redes wireless destinados a dispositivos móveis como adaptação e extensão do IDS-NIDIA (Intrusion Detection System- Network Intrusion Detection System based on Intelligent Agents). O mecanismo utiliza dois processos: o primeiro faz o monitoramento de informações sobre o comportamento do dispositivo e o segundo através do monitoramento de tráfego da rede wireless, analisando o tráfego destinado e originado aos dispositivos monitorados. A implementação da arquitetura e os testes realizados demonstram a viabilidade da solução.
10
MORAES, Falkner de Área Leão. "SEGURANÇA E CONFIABILIDADE EM IDS BASEADOS EM AGENTES." Universidade Federal do Maranhão, 2009. http://tedebc.ufma.br:8080/jspui/handle/tede/1843.
Full textAbstract:
Submitted by Maria Aparecida (cidazen@gmail.com) on 2017-08-21T12:14:23Z
No. of bitstreams: 1
Falkner de Arêa Leão Moraes.pdf: 2601896 bytes, checksum: 0fa8b49e3f279d911a70b4f78d9cbe08 (MD5)Made available in DSpace on 2017-08-21T12:14:23Z (GMT). No. of bitstreams: 1 Falkner de Arêa Leão Moraes.pdf: 2601896 bytes, checksum: 0fa8b49e3f279d911a70b4f78d9cbe08 (MD5) Previous issue date: 2009-02-16
Lack of security is a constant concern in open distributed systems. Threats are present within environments insecure, uncertain and constantly changing. Due to this problem, many tools for evaluating vulnerabilities of the network as well as for their protection are being developed as techniques for encryption and software systems such as antivirus, firewall and IDS (Intrusion Detection System). Among these, there are IDS systems that are being conceived, designed and implemented, using techniques executed by agents. However, it is necessary to assure security and reliability of exchanged messages inside IDS. For this purpose, this paper proposes a security solution for IDS based on agents. The proposed solution provides a methodology and a secure mechanism for communication among agents, through information protection configuration mechanisms, authentication and authorization, key control and messages persistence using XML. The proposed solution is implemented as an extension to the IDS-NIDIA (Network Intrusion Detection System based on Intelligent Agents), whose architecture has an intelligent agent society that communicate in a cooperative way in a distributed environment. The implementation of the prototype and tests proposed in this work show the applicability of the proposed solution.
A falta de segurança é uma preocupação constante em sistemas distribuídos abertos. Ameaças estão presentes dentro de ambientes inseguros, incertos e que mudam constantemente. Devido a esses problemas, diversas ferramentas para avaliação de vulnerabilidades da rede, bem como para sua proteção, estão sendo desenvolvidas como técnicas de criptografia e softwares como antivírus, firewall e IDS (Intrusion Detection System). Dentre estas, destaca-se Sistemas IDS que estão crescentemente sendo concebidos, projetados e implementados, usando técnicas de segurança executadas por agentes. Entretanto, é necessário que a segurança e a confiabilidade das mensagens trocadas dentro de um sistema IDS sejam asseguradas. Para este fim, este trabalho propõe uma solução segura e confiável para IDS baseada em agentes. A solução propõe estabelecer um esquema de execução e comunicação segura dos agentes através de mecanismos de proteção de informações de configuração, autenticação e autorização, controle de chaves e persistência de mensagens do IDS, utilizando XML. A solução proposta é implementada como uma extensão do IDS-NIDIA (Network Intrusion Detection System based on Intelligent Agents), cuja arquitetura consiste em uma sociedade de agentes inteligentes que se comunicam de forma cooperativa em um ambiente distribuído. A implementação do protótipo e os testes apresentados neste trabalho demonstram a aplicabilidade da solução proposta.
11
Scrobonia, David. "Rules Based Analysis Engine for Application Layer IDS." DigitalCommons@CalPoly, 2017. https://digitalcommons.calpoly.edu/theses/1773.
Full textAbstract:
Web application attack volume, complexity, and costs have risen as people, companies, and entire industries move online. Solutions implemented to defend web applications against malicious activity have traditionally been implemented at the network or host layer. While this is helpful for detecting some attacks, it does not provide the gran- ularity to see malicious behavior occurring at the application layer. The AppSensor project, an application level intrusion detection system (IDS), is an example of a tool that operates in this layer. AppSensor monitors users within the application by observing activity in suspicious areas not able to be seen by traditional network layer tools. This thesis aims to improve the state of web application security by supporting the development of the AppSensor project. Specifically, this thesis entails contributing a rules-based analysis engine to provide a new method for determining whether suspicious activity constitutes an attack. The rules-based method aggregates information from multiple sources into a logical rule to identify malicious activity, as opposed to relying on a single source of information. The rules-based analysis engine is designed to offer more flexible configuration for administrators and more accurate results than the incumbent analysis engine. Tests indicate that the new engine should not hamper the performance of AppSensor and use cases highlight how rules can be leveraged for more accurate results.
12
Carey, Nathan. "Correlation of Heterogenous IDS Alerts for Attack Detection." Thesis, Queensland University of Technology, 2004. https://eprints.qut.edu.au/15872/1/Nathan_Carey_Thesis.pdf.
Full textAbstract:
With the increasing use of Intrusion Detection Systems (IDS) as a core component of network security, a vast array of competing products have appeared to fulfil the role of reliably detecting potential breaches of security in a network. The domain of detecting intrusions is large. This leads to products which are better at detecting some intrusions than others, and so to the use of multiple different types of IDS within a network. This typical usage, combined with the common practice of using IDS at multiple points in the network, requires sophisticated management of heterogenous alerts from multiple sources. This management should enable correlation of alerts with the goal of better detecting attacks, and reducing the monitoring workload on administrators. This thesis presents an architecture utilising commodity components and the Intrusion Detection Message Exchange Format (IDMEF) to enable this type of alert management. A signature scheme for the specification of patterns of alerts that indicate multi-step attacks is given, and a methodology for analysing alerts using the architecture that was developed. The final outcomes are a signature system and collection of tools integrated in a GUI management interface to aid in the detection of attacks, and the results of utilising these tools on a series of experiments in attack detection.
13
Carey, Nathan. "Correlation of Heterogenous IDS Alerts for Attack Detection." Queensland University of Technology, 2004. http://eprints.qut.edu.au/15872/.
Full textAbstract:
With the increasing use of Intrusion Detection Systems (IDS) as a core component of network security, a vast array of competing products have appeared to fulfil the role of reliably detecting potential breaches of security in a network. The domain of detecting intrusions is large. This leads to products which are better at detecting some intrusions than others, and so to the use of multiple different types of IDS within a network. This typical usage, combined with the common practice of using IDS at multiple points in the network, requires sophisticated management of heterogenous alerts from multiple sources. This management should enable correlation of alerts with the goal of better detecting attacks, and reducing the monitoring workload on administrators. This thesis presents an architecture utilising commodity components and the Intrusion Detection Message Exchange Format (IDMEF) to enable this type of alert management. A signature scheme for the specification of patterns of alerts that indicate multi-step attacks is given, and a methodology for analysing alerts using the architecture that was developed. The final outcomes are a signature system and collection of tools integrated in a GUI management interface to aid in the detection of attacks, and the results of utilising these tools on a series of experiments in attack detection.
14
Virti, Émerson Salvadori. "Implementação de um IDS utilizando SNMP e lógica difusa." reponame:Biblioteca Digital de Teses e Dissertações da UFRGS, 2007. http://hdl.handle.net/10183/11475.
Full textAbstract:
Este trabalho busca o estudo da segurança em redes de computadores através da implementação de um sistema detector de intrusão embasado na captura de informações pela utilização do protocolo SNMP. Para alcançar-se a diminuição no número de falsos positivo e negativo, problema peculiar à maioria dos IDS, utiliza-se a lógica difusa para, com o auxilio dos administradores de segurança de cada rede, possibilitar a construção de um sistema detector de intrusão que melhor se adeque às características das redes monitoradas. Posteriormente, utilizando o monitoramento de uma rede de produção, avalia-se a melhora na segurança obtida com o uso do IDS implementado por esse trabalho que, atuando quase em tempo real, propicia sua adoção como mecanismo complementar à segurança de redes.This work develops a study about Computer Network Security through the implementation of an Instruction Detection System (IDS) based on system information captured by the SNMP protocol. To reach a reduction in the number of false positive and false negative, a peculiar problem to the majority of the IDS, it is used fuzzy logic and the assistance of Network Security Administrators. Thus it is possible to build an Intrusion Detection System better adjusted to the network characteristics that must be monitored. At last, by monitoring a production network, it is evaluated the overall security improvement obtained by the IDS proposed in this work and considers its adoption as a complementary network security mechanism.
15
Ovšonka, Daniel. "Obfuskace síťového provozu pro zabránění jeho detekce pomocí IDS." Master's thesis, Vysoké učení technické v Brně. Fakulta informačních technologií, 2013. http://www.nusl.cz/ntk/nusl-236209.
Full textAbstract:
This thesis deals with the principles of network traffic obfuscation, in order to avoid its detection by the Intrusion Detection System installed in the network. At the beginning of the work, reader is familiarized with the fundamental principle of the basic types of IDS and introduced into the matter of obfuscation techniques, that serve as stepping stone in order to create our own library, whose design is described in the last part of the work. The outcome of the work is represented by a library, that provides all the implemented techniques for further use. The library can be well utilized in penetration testing of the new systems or used by the attacker.
16
Aussibal, Julien. "Rsids : un IDS distribué basé sur le framework CVSS." Pau, 2009. http://www.theses.fr/2009PAUU3044.
Full textAbstract:
La détection d'intrusion est une méthode qui permet de garantir la notion de disponibilité dans les systèmes et réseaux informatiques. Cette disponibilité est généralement mise à mal par différentes anomalies. Ces anomalies peuvent être provoqués soit de manière légitime suite a des opérations involontaires intervenant sur ces systèmes (rupture de lien, embouteillages,. . . ), soit de manière illégitimes avec des opérations malveillantes ayant pour but de nuire à la disponibilité de ces systèmes. La mise en oeuvre d'outils recherchant ces différentes anomalies, que sont les IDS (Intrusion Dectetion System), contribuent à détecter au plus tôt ces anomalies et à les bloquer. Cette thèse nous a permis de mettre en place une nouvelle plateforme de génération d'anomalies légitimes et illégitimes. Ce travail a été réalisé dans le cadre du projet METROSEC. Cette plateforme nous a permis d'obtenir différentes captures de trafics contenant ces anomalies. Les différentes anomalies illégitimes ont été réalisées avec des outils classiques de Dénis de Service qui sont TFN2k ou encore Trinoo. Des anomalies légitimes ont aussi été réalisées sous la forme de phénomène de foules subites. L'ensemble de ces captures réelles de trafic ont été utilisées dans le cadre d'autres recherches sur la détection d'intrusion pour l'évaluation de nouvelles méthodes de détection. Dans un second temps, la mise en oeuvre d'un nouvel outil de détection nous a semblé nécessaire afin d'améliorer la qualité de détection de ces anomalies. Ce nouvel IDS distribué, appelé RSIDS (Risk Scored Intrusion Detection System), permettra de récupérer les résultats d'une multitude de sondes hétérogènes. L'utilisation de ses sondes va permettre de supprimer les risques de fausses alertes. En effet une sonde n'est pas capable de détecter l'ensemble des anomalies pouvant arriver sur un système ou un réseau. Chacune des remontées d'alertes fournies par ses sondes sera évaluée en fonction de son degré de dangerosité. Cette évaluation de la dangerosité s'appuie sur le framework CVSS (Common Vulnerability Scoring System)Intrusion detection is a method that ensures the availability concept in systems and computer networks. This availability is generally undermined by various anomalies. These anomalies can be caused either legitimately unintended result has operations working on these systems (broken link, traffic, or. . . ), so illegitimate with malicious operations designed to undermine the availability of these systems. The implementation of these various anomalies detection tools, such as IDS (Intrusion Detection System), contribute to early identification of these anomalies and to block them. This thesis has enabled us to develop a new generation platform to generate legitimate and illegitimate anomalies. This work was carried out under the project METROSEC. This platform has enabled us to obtain various traffic captures containing these anomalies. The various illegimitate anomalies were performed with classic tools to make Denial of Service like TFN2k or Trinoo. Legitimate Anormalies were also conducted with flash crowd phenomenon. All these catch real traffic were used in further research on intrusion detection for the evaluation of new methods of detection. In a second part, the implementation of a new detection tool seems necessary to improve the quality of detection of these anomalies. This new distributed IDS, called RSIDS (Risk Scored Intrusion Detection System), will retrieve the results of a multitude of heterogeneous probes. The use of probes will remove the risk of false alarms. Indeed, a probe is not able to detect all anomalies that occur on a system or network. Each alert provided by its probes will be evaluated according to their degree of dangerousness. The assessment of dangerousness based on the framework CVSS (Common Vulnerability Scoring System)
17
Čmela, Libor. "Přestupní terminál IDS JMK u žel. stanice Brno - Řečkovice." Master's thesis, Vysoké učení technické v Brně. Fakulta stavební, 2012. http://www.nusl.cz/ntk/nusl-225526.
Full textAbstract:
The subject of diploma thesis is a blue-print of appropriate adjustment space by the railway station in Brno Řečkovice, in terms of road structures, so that it meets all requirements of public transfer terminal and IDS JMK. Terminal should server as a transfer station between bus service and pojected North-Southern Rail Diameter. In the terminal, there should be a continuity on systems P+R, K+R and B+R ensured. The project is dealing with a partial design of adjacent local roads. The work is processed in AutoCAD 2011, Bentley InRoads and Microsoft Office 2007.
18
Katti, Sachin (Katti Rajsekhar). "On attack correlation and the benefits of sharing IDS data." Thesis, Massachusetts Institute of Technology, 2005. http://hdl.handle.net/1721.1/34363.
Full textAbstract:
Thesis (S.M.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2005.Includes bibliographical references (p. 47-49).
This thesis presents the first wide-scale study of correlated attacks, i.e., attacks mounted by the same source IP against different networks. Using a large dataset from 1700 intrusion detection systems (IDSs), this thesis shows that correlated attacks are prevalent in the current Internet; 20% of all offending sources mount correlated attacks and they account for more than 40% of all the IDS alerts in our logs. Correlated attacks appear at different networks within a few minutes of each other, indicating the difficulty of warding off these attacks by occasional offline exchange of lists of malicious IP addresses. Furthermore, correlated attacks are highly targeted. The 1700 DSs can be divided into small groups with 4-6 members that do not change with time; IDSs in the same group experience a large number of correlated attacks, while IDSs in different groups see almost no correlated attacks These results have important implications on collaborative intrusion detection of common attackers. They show that collaborating IDSs need to exchange alert information in realtime. Further, exchanging alerts among the few fixed IDSs in the same correlation group achieves almost the same benefits as collaborating with all IDSs, while dramatically reducing the overhead.
by Sachin Katti.
S.M.
19
David-West, Olayinka. "An IDS assessment of electronic banking performance in retail banking." Thesis, University of Manchester, 2012. https://www.research.manchester.ac.uk/portal/en/theses/an-ids-assessment-of-electronic-banking-performance-in-retail-banking(b2fa0a96-16a1-4c85-98d1-8bb8952919c8).html.
Full textAbstract:
The adoption of electronic self-service systems (SSTs), using information technology (IT) devices and channels, for the provision of banking services (also known as electronic banking or e-banking) has evolved in the last decade in emerging markets. In Nigeria, for instance, this development is driving the movement towards a cashless economy. These services, however, are fraught with problems ranging from incidents of fraud, empty automated teller machines (ATMs), the inability of the ATMs to dispense cash, and outright service unavailability. Thus, the primary objective of this study is to identify service improvements following current electronic banking service performance measures. Given the dearth of developing country research and appropriate constructs, secondary objectives include the: 1) conceptualisation of e-service using service science principles; 2) description of factors and attributes of electronic banking quality (EBQ) in Nigeria; 3) identification of consumer perceptions of EBQ; 4) proposal of a model of EBQ; and 5) rank and score EBQ performance. A three-step sequential mixed-methods research design is conducted. This consists of a substantial qualitative (QUAL) process that posits EBQ constructs using grounded theory techniques. This is followed by an equally substantial quantitative (QUAN) process that employs survey methods in the formulation of a scale to measure EBQ. The final quantitative (quan) process scores EBQ using survey research methods and intelligent decision system (IDS) analysis. Consumer perception measurements of Nigerian bank customers using the derived dimensions of EBQ - acceptability, accessibility, competence, convenience, reliability, responsiveness, security/privacy, access to support, availability of support, and usability - generated an unimpressive industry performance score of 56%. The thesis concludes that even though Nigerian bank customers are desirous of participating in the cashless economy, issues of cash security and responsiveness are paramount. Service improvement spaces for e-banking operators, centred on rigorous strategic planning initiatives, are identified alongside additional initiatives for bank customers and regulators. In summary, this thesis presents an alternative scale to measure consumer perceptions of EBQ that adds to the existing body of knowledge.
20
Coussement, Romain. "Mécanisme d'aide à la décision pour les IDS dans les réseaux VANETs." Thèse, Université du Québec à Trois-Rivières, 2014. http://depot-e.uqtr.ca/7337/1/030631144.pdf.
Full text
21
Peddisetty, Naga Raju. "State-of-the-art Intrusion Detection: Technology, Challenges, and Evaluation." Thesis, Linköping University, Department of Electrical Engineering, 2005. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-2792.
Full textAbstract:
Due to the invention of automated hacking tools, Hacking is not a black art anymore. Even script kiddies can launch attacks in few seconds. Therefore, there is a great emphasize on the Security to protect the resources from camouflage. Intrusion Detection System is also one weapon in the security arsenal. It is the process of monitoring and analyzing information sources in order to detect vicious traffic. With its unique capabilities like monitoring, analyzing, detecting and archiving, IDS assists the organizations to combat against threats, to have a snap-shot of the networks, and to conduct Forensic Analysis. Unfortunately there are myriad products inthe market. Selecting a right product at time is difficult. Due to the wide spread rumors and paranoia, in this work I have presented the state-of-the-art IDS technologies, assessed the products, and evaluated. I have also presented some of the novel challenges that IDS products are suffering. This work will be a great help for pursuing IDS technology and to deploy Intrusion Detection Systems in an organization. It also gives in-depth knowledge of the present IDS challenges.
22
Bojanic, Irena. "On-line adaptive IDS scheme for detecting unknown network attacks using HMM models." College Park, Md. : University of Maryland, 2005. http://hdl.handle.net/1903/2571.
Full textAbstract:
Thesis (M.S.) -- University of Maryland, College Park, 2005.Thesis research directed by: Electrical Engineering. Title from t.p. of PDF. Includes bibliographical references. Published by UMI Dissertation Services, Ann Arbor, Mich. Also available in paper.
23
Grässlin, Yvonne. "Validierung der deutschen Version des inventory of depressive symptoms (IDS) in einem Selbstbeurteilungsverfahren." [S.l.] : [s.n.], 2004. http://deposit.ddb.de/cgi-bin/dokserv?idn=97138312X.
Full text
24
SILVA, Mauro Lopes Carvalho. "Modelo de IDS Remoto baseado na tecnologia de Agentes, Web Services e MDA." Universidade Federal do Maranhão, 2006. http://tedebc.ufma.br:8080/jspui/handle/tede/465.
Full textAbstract:
Made available in DSpace on 2016-08-17T14:53:16Z (GMT). No. of bitstreams: 1
Mauro Lopes.pdf: 3194169 bytes, checksum: 5496ba534a60c6689d7701eda431ad46 (MD5)
Previous issue date: 2006-12-01In the current state of the Internet, information security presents a permanent concern. In many cases, information security is vital a maintenance and continuity of the businesses. The organizations have used the Internet as one of the main points for rendering of services for other organizations as well as for their final users. We can cite some organizations such as Banks, Institutions of Education, Administrators of Credit cards and the Federal Government. The use of Security policies associated with a set of tools such as Firewall, Antivirus and IDS (Intrusion Detection System) have helped organizations to achieve some security and thus allowing the continuity of the businesses. On the other extremity of the rendering of services for organizations we have the final users. The necessity for effectiveness in computational security to the final users has increased in function of the considerable growth on the occurrence of attacks to this type of user. This problem creates a niche for the research in security directed to the final user. This work is motivated by the above problem. Our work consists of a proposal of a model and an implementation of a Remote IDS (Intrusion Detection System) using the technology of Multi-agent Systems, Web Services and MDA (Model-Driven Architecture). This model adapts and extends the NIDIA (Network Intrusion Detection System based on Intelligent Agents) to provide a remote IDS on the Internet. The purpose is that users that do not have a local IDS can use the services provided by a remote IDS (e.g. NIDIA). NIDIA is an IDS whose architecture consists of a set of cooperative agents. The Remote IDS functionalities are provided as a set of accessible services on the Internet through Web Services. The architecture of our IDS uses MDA to support metadata management such as profiles of configurations, profiles of users and profiles of services. The prototype of the proposed model and the tests demonstrate the viability of our solution. An illustrative example of the execution of the Remote IDS is presented.
No atual contexto da Internet, a segurança da informação constitui-se uma preocupação permanente. Em muitos casos, a segurança da informação é vital para a manutenção e continuidade dos negócios. As organizações têm usado a Internet como um dos principais pontos para a prestação de serviços para outras organizações assim como para seus usuários finais. Podemos citar algumas organizações como Bancos, Instituições de Ensino, Administradoras de Cartões de Crédito e o Governo Federal. O uso de Políticas de Segurança associado ao uso de um conjunto de ferramentas, como Firewall, Antivírus e IDS (Intrusion Detection System) tem apoiado as organizações no objetivo de manter a segurança e desta forma a continuidade dos negócios. Na outra extremidade da prestação de serviços pelas organizações temos os usuários finais. A necessidade por eficácia em segurança computacional aos usuários finais tem aumentado em função do crescimento considerável na ocorrência de ataques a este tipo de usuário. Este problema cria um nicho para a pesquisa em segurança voltada ao usuário final. Esta dissertação tem por motivação esse cenário, consistindo na proposta do modelo e a implementação de um IDS Remoto usando a tecnologia de Sistemas Multiagentes, Web services e MDA (Model-Driven Architecture). O modelo adapta e extende o NIDIA (Network Intrusion Detection System based on Intelligent Agents) para prover um IDS remoto na Internet. A proposta é que usuários que não têm um IDS local possam usar os serviços providos por nosso IDS Remoto. O NIDIA é um IDS cuja arquitetura consiste em um conjunto de agentes cooperativos. As funcionalidades do IDS Remoto são providas como um conjunto de serviços acessíveis na Internet através de Web services. O nosso modelo de IDS usa MDA para suportar o gerenciamento de metadados tais como profiles de configuração, profiles de usuários e profiles de serviços. A implementação do protótipo do modelo proposto e os testes realizados demonstram a viabilidade da solução. Desta forma, um exemplo ilustrativo do funcionamento do IDS Remoto é apresentado.
25
Ferreira, Pedro Henrique Matheus da Costa. "Análise de dados de bases de honeypots: estatística descritiva e regras de IDS." Universidade Presbiteriana Mackenzie, 2015. http://tede.mackenzie.br/jspui/handle/tede/1460.
Full textAbstract:
Made available in DSpace on 2016-03-15T19:37:56Z (GMT). No. of bitstreams: 1
PEDRO HENRIQUE MATHEUS DA COSTA FERREIRA.pdf: 2465586 bytes, checksum: c81a1527d816aeb0b216330fd4267b93 (MD5)
Previous issue date: 2015-03-04Fundação de Amparo a Pesquisa do Estado de São Paulo
A honeypot is a computer security system dedicated to being probed, attacked or compromised. The information collected help in the identification of threats to computer network assets. When probed, attacked and compromised the honeypot receives a sequence of commands that are mainly intended to exploit a vulnerability of the emulated systems. This work uses data collected by honeypots to create rules and signatures for intrusion detection systems. The rules are extracted from decision trees constructed from the data sets of real honeypots. The results of experiments performed with four databases, both public and private, showed that the extraction of rules for an intrusion detection system is possible using data mining techniques, particularly decision trees. The technique pointed out similarities between the data sets, even the collection occurring in places and periods of different times. In addition to the rules obtained, the technique allows the analyst to identify problems quickly and visually, facilitating the analysis process.
Um honeypot é um sistema computacional de segurança dedicado a ser sondado, atacado ou comprometido. As informações coletadas auxiliam na identificação de ameaças computacionais aos ativos de rede. Ao ser sondado, atacado e comprometido o honeypot recebe uma sequência de comandos que têm como principal objetivo explorar uma vulnerabilidade dos sistemas emulados. Este trabalho faz uso dos dados coletados por honeypots para a criação de regras e assinaturas para sistemas de detecção de intrusão. As regras são extraídas de árvores de decisão construídas a partir dos conjuntos de dados de um honeypot real. Os resultados dos experimentos realizados com quatro bases de dados, duas públicas e duas privadas, mostraram que é possível a extração de regras para um sistema de detecção de intrusão utilizando técnicas de mineração de dados, em particular as árvores de decisão. A técnica empregada apontou similaridades entre os conjuntos de dados, mesmo a coleta ocorrendo em locais e períodos de tempos distintos. Além das regras obtidas, a técnica permite ao analista identificar problemas existentes de forma rápida e visual, facilitando o processo de análise.
26
Manrique, Huamaní Renzo Edú. "Estudio del rendimiento de sistemas de detección de intrusos (IDS) en redes SDN." Bachelor's thesis, Pontificia Universidad Católica del Perú, 2020. http://hdl.handle.net/20.500.12404/19789.
Full textAbstract:
El presente trabajo tiene como enfoque realizar un estudio sobre el rendimiento de
diversas soluciones de sistemas de detección de intrusos (IDS) basados en redes definidas por
software (SDN). Debido a que SDN ha cobrado relevancia en los últimos años, es importante
abordar el tema de la ciberseguridad en esta y realizar un análisis; ya que, si bien SDN puede
agregar mejoras respecto a este ámbito, también puede generar nuevas vulnerabilidades que
ponen en riesgo los datos de los usuarios y empresas. Por lo tanto, este estudio tiene como
objetivos: analizar el rendimiento de diversas soluciones IDS aplicadas a entornos SDN, hacer
una comparación entre ellas basándonos en los objetivos y resultados de las evaluaciones de
cada solución propuesta y; finalmente, determinar que soluciones son las más prometedoras.
El estudio evidencia que existen una gran cantidad de soluciones relacionas con el tema
de ciberseguridad y SDN; estas tienen como fin el abordar diversos tipos de ataques como DoS,
escaneo de puertos, redes botnet; así como también, proponer nuevas funcionalidades como es
el caso de mejorar el rendimiento de la red mediante el bypass de algunos firewalls o disminuir
la carga de tráfico reflejado al IDS. Para el desarrollo del presente trabajo se realiza una
investigación bibliográfica en los temas referentes a aplicaciones de IDS enfocados a entornos
SDN.Trabajo de investigación
27
Utimura, Luan Nunes. "Aplicação em tempo real de técnicas de aprendizado de máquina no Snort IDS /." São José do Rio Preto, 2020. http://hdl.handle.net/11449/192443.
Full textAbstract:
Orientador: Kelton Augusto Pontara da CostaResumo: À medida que a Internet cresce com o passar dos anos, é possível observar um aumento na quantidade de dados que trafegam nas redes de computadores do mundo todo. Em um contexto onde o volume de dados encontra-se em constante renovação, sob a perspectiva da área de Segurança de Redes de Computadores torna-se um grande desafio assegurar, em termos de eficácia e eficiência, os sistemas computacionais da atualidade. Dentre os principais mecanismos de segurança empregados nestes ambientes, destacam-se os Sistemas de Detecção de Intrusão em Rede. Muito embora a abordagem de detecção por assinatura seja suficiente no combate de ataques conhecidos nessas ferramentas, com a eventual descoberta de novas vulnerabilidades, faz-se necessário a utilização de abordagens de detecção por anomalia para amenizar o dano de ataques desconhecidos. No campo acadêmico, diversos trabalhos têm explorado o desenvolvimento de abordagens híbridas com o intuito de melhorar a acurácia dessas ferramentas, com o auxílio de técnicas de Aprendizado de Máquina. Nesta mesma linha de pesquisa, o presente trabalho propõe a aplicação destas técnicas para a detecção de intrusão em um ambiente tempo real mediante uma ferramenta popular e amplamente utilizada, o Snort. Os resultados obtidos mostram que em determinados cenários de ataque, a abordagem de detecção baseada em anomalia pode se sobressair em relação à abordagem de detecção baseada em assinatura, com destaque às técnicas AdaBoost, Florestas Aleatórias, Árvor... (Resumo completo, clicar acesso eletrônico abaixo)
Abstract: As the Internet grows over the years, it is possible to observe an increase in the amount of data that travels on computer networks around the world. In a context where data volume is constantly being renewed, from the perspective of the Network Security area it becomes a great challenge to ensure, in terms of effectiveness and efficiency, today’s computer systems. Among the main security mechanisms employed in these environments, stand out the Network Intrusion Detection Systems. Although the signature-based detection approach is sufficient to combat known attacks in these tools, with the eventual discovery of new vulnerabilities, it is necessary to use anomaly-based detection approaches to mitigate the damage of unknown attacks. In the academic field, several works have explored the development of hybrid approaches in order to improve the accuracy of these tools, with the aid of Machine Learning techniques. In this same line of research, the present work proposes the application of these techniques for intrusion detection in a real time environment using a popular and widely used tool, the Snort. The obtained results shows that in certain attack scenarios, the anomaly-based detection approach may outperform the signature-based detection approach, with emphasis on the techniques AdaBoost, Random Forests, Decision Tree and Linear Support Vector Machine.
Mestre
28
Johansson, Karin, and Frida Ljungek. "GLOBAL SOLUTION, LOCAL INCLUSION? : A study of digital IDs for refugees in Uganda." Thesis, Uppsala universitet, Kulturgeografiska institutionen, 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:uu:diva-385681.
Full textAbstract:
This thesis examines the main implications, as well as future possibilities and challenges of a high-tech ID-system for refugees in Uganda. The implemented system captures biometric information and targets the UN sustainable development goal 16.9 legal identity for all. Through examining the involved parties’ experiences, perceptions and attitudes towards the digital ID system, the study contextualizes a global high-tech system in local rural areas. It moreover highlights the importance of social and geographical factors. The thesis is a result of a qualitative field study in Uganda where governmental and NGO representatives, working in the refugee settlements, were interviewed. The findings show that the IDs have improved the Ugandan refugee response and function as a base for delivering and receiving assistance in terms of food and cash distribution as well as access to SIM-cards. The IDs also give the providers more accurate data about the refugees, enabling population tracking for protection. The data is however sensitive and vulnerable to bias and misusage. Lastly, the provided IDs are important for an increased inclusion of refugees in Uganda aligned with the global goal.
29
Clark, Christopher R. "Design of Efficient FPGA Circuits For Matching Complex Patterns in Network Intrusion Detection Systems." Thesis, Georgia Institute of Technology, 2004. http://hdl.handle.net/1853/5137.
Full textAbstract:
The objective of this research is to design and develop a reconfigurable string matching co-processor using field-programmable gate array (FPGA) technology that is capable of matching thousands of complex patterns at gigabit network rates for network intrusion detection systems (NIDS). The motivation for this work is to eliminate the most significant bottleneck in current NIDS software, which is the pattern matching process. The tasks involved with this research include designing efficient, high-performance hardware circuits for pattern matching and integrating the pattern matching co-processor with other NIDS components running on a network processor. The products of this work include a system to translate standard intrusion detection patterns to FPGA pattern matching circuits that support all the functionality required by modern NIDS. The system generates circuits efficient enough to enable the entire ruleset of a popular NIDS containing over 1,500 patterns and 17,000 characters to fit into a single low-end FPGA chip and process data at an input rate of over 800 Mb/s. The capacity and throughput both scale linearly, so larger and faster FPGA devices can be used to further increase performance. The FPGA co-processor allows the task of pattern matching to be completely offloaded from a NIDS, significantly improving the overall performance of the system.
30
Chapčák, David. "Behaviorální analýza síťového provozu a detekce útoků (D)DoS." Master's thesis, Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií, 2017. http://www.nusl.cz/ntk/nusl-317014.
Full textAbstract:
The semestral thesis deals with the analysis of the modern open-source NIDPS tools for monitoring and analyzing the network traffic. The work rates these instruments in terms of their network location and functions. Also refers about more detailed analysis of detecting and alerting mechanisms. Further analyzes the possibilities of detection of anomalies, especially in terms of statistical analysis and shows the basics of other approaches, such as approaches based on data mining and machine learning. The last section presents specific open-source tools, deals with comparison of their activities and the proposal allowing monitoring and traffic analysis, classification, detection of anomalies and (D)DoS attacks.
31
Boden, Sandra [Verfasser], and Martin [Akademischer Betreuer] Hautzinger. "Diagnostik von Depressivität : Validierung des Inventars depressiver Symptome (IDS) / Sandra Boden ; Betreuer: Martin Hautzinger." Tübingen : Universitätsbibliothek Tübingen, 2019. http://d-nb.info/1182985947/34.
Full text
32
Kahwage, Cássia Maria Carneiro. "Ataques a redes de computadores e recomendações para Sistema de Detecção de Intrusos - IDS." Florianópolis, SC, 2002. http://repositorio.ufsc.br/xmlui/handle/123456789/84285.
Full textAbstract:
Dissertação (mestrado) - Universidade Federal de Santa Catarina, Centro Tecnológico. Programa de Pós-Graduação em Ciência da Computação.Made available in DSpace on 2012-10-20T07:57:54Z (GMT). No. of bitstreams: 0Bitstream added on 2014-09-26T01:10:08Z : No. of bitstreams: 1 195816.pdf: 6296399 bytes, checksum: 0e570e6de8db267f76c38c27885d042a (MD5)
33
Šabík, Erik. "Detekce těžení kryptoměn pomocí analýzy dat o IP tocích." Master's thesis, Vysoké učení technické v Brně. Fakulta informačních technologií, 2017. http://www.nusl.cz/ntk/nusl-363908.
Full textAbstract:
This master’s thesis describes the general information about cryptocurrencies, what principles are used in the process of creation of new coins and why mining cryptocurrencies can be malicious. Further, it discusses what is an IP flow, and how to monitor networks by monitoring network traffic using IP flows. It describes the Nemea framework that is used to build comprehensive system for detecting malicious traffic. It explains how the network data with communications of the cryptocurrencies mining process were obtained and then provides an analysis of this data. Based on this analysis a proposal is created for methods capable of detecting mining cryptocurrencies by using IP flows records. Finally, proposed detection method was evaluated on various networks and the results are further described.
34
Klimeš, Jan. "Filtrace útoků na odepření služeb." Master's thesis, Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií, 2019. http://www.nusl.cz/ntk/nusl-400904.
Full textAbstract:
This thesis deals with filtering selected DDoS attacks on denial of the service. The the toretical part deals with the problems of general mechanisms used for DDoS attacks, defense mechanisms and mechanisms of detection and filtration. The practical part deals with the filtering of attacks using the iptables and IPS Suricata firewall on the Linux operating system in an experimental workplace using a network traffic generator to verify its functionality and performance, including the statistical processing of output data from filter tools using the Elasticsearch database.
35
Kim, Taekyu. "Ontology/Data Engineering Based Distributed Simulation Over Service Oriented Architecture For Network Behavior Analysis." Diss., The University of Arizona, 2008. http://hdl.handle.net/10150/193678.
Full textAbstract:
As network uses increase rapidly and high quality-of-service (QoS) is required, efficient network managing methods become important. Many previous studies and commercial tools of network management systems such as tcpdump, Ethereal, and other applications have weaknesses: limited size of files, command line execution, and large memory and huge computational power requirement. Researchers struggle to find fast and effective analyzing methods to save maintenance budgets and recover from systematic problems caused by the rapid increment of network traffic or intrusions. The main objective of this study is to propose an approach to deal with a large amount of network behaviors being quickly and efficiently analyzed. We study an ontology/data engineering methodology based network analysis system. We design a behavior, which represents network traffic activity and network packet information such as IP addresses, protocols, and packet length, based on the System Entity Structure (SES) methodology. A significant characteristic of SES, a hierarchical tree structure, enables systems to access network packet information quickly and efficiently. Also, presenting an automated system design is the secondary purpose of this study. Our approach shows adaptive awareness of pragmatic frames (contexts) and makes a network traffic analysis system with high throughput and a fast response time that is ready to respond to user applications. We build models and run simulations to evaluate specific purposes, i.e., analyzing network protocols use, evaluating network throughput, and examining intrusion detection algorithms, based on Discrete Event System Specification (DEVS) formalism. To study speed up, we apply a web-based distributed simulation methodology. DEVS/Service Oriented Architecture (DEVS/SOA) facilitates deploying workloads into multi-servers and consequently increasing overall system performance. In addition to the scalability limitations, both tcpdump and Ethereal have a security issue. As well as basic network traffic information, captured files by these tools contain secure information: user identification numbers and passwords. Therefore, captured files should not allow to be leaked out. However, network analyses need to be performed outside target networks in some cases. The distributed simulation--allocating distributing models inside networks and assigning analyzing models outside networks--also allows analysis of network behaviors out of networks while keeping important information secured.
36
Fahlström, Albin, and Victor Henriksson. "Intrångsdetektering i processnätverk." Thesis, Mälardalens högskola, Akademin för innovation, design och teknik, 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:mdh:diva-39881.
Full textAbstract:
The threat against industrial networks have increased, which raises the demands on the industries cybersecurity. The industrial networks are not constructed with cybersecurity in mind, which makes these systems vulnerable to attacks. Even if the networks outer protection is deemed sufficient, the system may still be infected. This risk demands an intrusion detection system (IDS) that can identify infected components. An IDS scans all traffic of a point in the network and looks for traffic matching its detections parameters, if a match is made the IDS will send an alarm to the administrators. It can also analyze the network traffic using a behavior based method which means that the IDS will alert administrators if network activity deviates from the normal traffic flow. It is of vital essence that the IDS do not impair with the system, an outage of the industrial process can have a high cost for the industry. This report aims to put forward plans for the implementation of an IDS in one of Mälarenergi AB’s industrial networks, this will be made using the Bro and Snort intrusion detection systems.Hoten mot industrinätverken har blivit större vilket har ställt högre krav på industriernas cybersäkerhet. Industrinätverk är ofta inte konstruerade med cybersäkerhet i åtanke, vilket har gjort dessa system sårbara mot attacker. Även om nätverkets yttre skydd anses gott går det inte att vara säker på att ett industrinätverk förblir osmittat. Detta ställer krav på någon form av intrångsdetekteringssystem (IDS) som kan upptäcka infekterad utrustning och suspekt datatrafik i nätverket. En IDS skannar alla paket vid en viss punkt i nätverket, om IDS:en upptäcker något paket som matchar med dess signatur kommer den att larma en administratör. IDS:en kan även använda beteendeanalys där den larmar om nätverksaktiviteten avviker från det normala. Det är mycket viktigt att en IDS inte orsakar avbrott i industriprocessen, om en process stannar kan det innebära stora kostnader för industrin. Denna rapport syftar till att lämna ett lösningsförslag på en IDS-implementation till ett av Mälarenergi AB: s processnätverk, lösningen konstruerades med hjälp av IDS:erna Bro och Snort.
Vissa bilder i den elektroniska rapporten har tagits bort av upphovrättsliga skäl. Författarna har bedömt att rapporten är förståelig även utan dessa bilder.
37
Qaisi, Ahmed Abdulrheem Jerribi. "Network Forensics and Log Files Analysis : A Novel Approach to Building a Digital Evidence Bag and Its Own Processing Tool." Thesis, University of Canterbury. Computer Science and Software Engineering, 2011. http://hdl.handle.net/10092/5999.
Full textAbstract:
Intrusion Detection Systems (IDS) tools are deployed within networks to monitor data that is transmitted to particular destinations such as MySQL,Oracle databases or log files. The data is normally dumped to these destinations without a forensic standard structure. When digital evidence is needed, forensic specialists are required to analyse a very large volume of data. Even though forensic tools can be utilised, most of this process has to be done manually, consuming time and resources. In this research, we aim to address this issue by combining several existing tools to archive the original IDS data into a new container (Digital Evidence Bag) that has a structure based upon standard forensic processes. The aim is to develop a method to improve the current IDS database function in a forensic manner. This database will be optimised for future, forensic, analysis.
Since evidence validity is always an issue, a secondary aim of this research is to develop a new monitoring scheme. This is to provide the necessary evidence to prove that an attacker had surveyed the network prior to the attack. To achieve this, we will set up a network that will be monitored by multiple IDSs. Open source tools will be used to carry input validation attacks into the network including SQL injection. We will design a new tool to obtain the original data in order to store it within the proposed DEB. This tool will collect the data from several databases of the different IDSs. We will assume that the IDS will not have been compromised.
38
Kuchař, Karel. "Vhodná strategie pro detekci bezpečnostních incidentů v průmyslových sítích." Master's thesis, Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií, 2020. http://www.nusl.cz/ntk/nusl-412978.
Full textAbstract:
This diploma thesis is focused on problematics of the industrial networks and offered security by the industrial protocols. The goal of this thesis is to create specific methods for detection of security incidents. This thesis is mainly focused on protocols Modbus/TCP and DNP3. In the theoretical part, the industrial protocols are described, there are defined vectors of attacks and is described security of each protocol. The practical part is focused on the description and simulation of security incidents. Based on the data gathered from the simulations, there are identified threats by the introduced detection methods. These methods are using for detecting the security incident an abnormality in the network traffic by created formulas or machine learning. Designed methods are implemented to IDS (Intrusion Detection System) of the system Zeek. With the designed methods, it is possible to detect selected security incidents in the destination workstation.
39
Ringström, Saltin Markus. "Intrusion Detection Systems : utvärdering av Snort." Thesis, University of Skövde, School of Humanities and Informatics, 2009. http://urn.kb.se/resolve?urn=urn:nbn:se:his:diva-3081.
Full textAbstract:
Det här examensarbetet undersöker effektiviteten hos ett Intrusion Detection System(IDS). Ett IDS är ett system som skall upptäcka om klienter på ett nätverk attackerasav en ”hacker” eller om någon obehörig försöker inkräkta, ungefär som en vakthund.Det IDS som testats är Snort, ett mycket populärt IDS skrivet med öppen källkod.Syftet med studien är att kunna påvisa huruvida ett IDS är ett bra komplement till ettsystems säkerhet eller inte, då det gjorts väldigt få metodiska undersökningar avSnort, och IDS i allmänhet.Den studie som gjorts utfördes med hjälp av ett antal experiment i enlaborationsmiljö, där effektiviteten hos Snort sattes på prov med hjälp av olika typerav attacker.Utifrån det resultat som uppkom så går det att konstatera att ett IDS absolut är ettkomplement värt att överväga för en organisation som är villig att ägna de resursersom systemet kräver, då ett högt antal av de utförda attackerna upptäcktes – attackersom anti-virus eller brandväggar inte är skapade för att reagera på.
40
Magnusson, Jonas. "Intrångsdetekteringssystem : En jämförelse mellan Snort och Suricata." Thesis, University of Skövde, School of Humanities and Informatics, 2010. http://urn.kb.se/resolve?urn=urn:nbn:se:his:diva-4401.
Full textAbstract:
Arbetets syfte är att jämföra intrångsdetekteringssystemen Snort och Suricata för att ge en uppfattning om vilken av applikationerna som lämpar sig att implementeras hos en internetleverantör för att upptäcka attacker och öka säkerheten på nätverket. Jämförelsen utförs med hänseende till antal upptäckta attacker, prestanda, implementeringstid, antal konfigurationsfiler samt vilka operativsystem de finns tillgängliga på.
Resultatet visar att Suricata med sitt stöd för att använda signaturer skapade för Snort upptäcker fler attacker än Snort. Snort däremot går både smidigare och snabbare att implementera. Prestandamässigt så visar Suricata bäst resultat, genom att använda sig av flera kärnor och mindre minne.
41
Pepakayala, Sagar. "Contributions of honeyports to network security." Thesis, Linköping University, Department of Computer and Information Science, 2007. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-9177.
Full textAbstract:
A honeypot is an attractive computer target placed inside a network to lure the attackers into it. There are many advantages of this technology, like, information about attacker's tools and techniques can be fingerprinted, malicious traffic can be diverted away from the real target etc. With the increased activity from the blackhat community day by day, honeypots could be an effective weapon in the
network security administrator's armor. They have been studied rigorously during the past few years as a part of the security
industry's drive to combat malicious traffic. While the whitehats are trying to make honeypots stealthier, blackhats are coming up with techniques to identify them (therefore nullifying any
further use) or worse, use them in their favor. The game is on. The goal of this thesis is to study different architectural issues regarding honeypot deployment, various stages in utilizing honeypots like forensic analysis etc. Other concepts like IDSs and firewalls which are used in conjunction with honeypots are also discussed, because security is about cooperation among different security components. In the security industry, it is customary for whitehats to watch what blackhats are doing and vice versa. So the thesis
discusses recent techniques to defeat honeypots and risks involved in deploying honeypots. Commercial viability of honeypots and business cases for outsourcing honeypot maintenance are presented. A great interest from the security community about honeypots has propelled the research and resulted in various new and innovative applications of honeypots. Some of these applications, which made an impact, are discussed. Finally, future directions in research in honeypot technology are perused.
42
DUARTE, Lianna Mara Castro. "FORENSE COMPUTACIONAL EM AMBIENTE DE REDE BASEADO NA GERAÇÃO DE ALERTAS DE SISTEMAS DE DETECÇÃO DE INTRUSOS AUXILIADO PELA ENGENHARIA DIRIGIDA POR MODELOS." Universidade Federal do Maranhão, 2012. http://tedebc.ufma.br:8080/jspui/handle/tede/498.
Full textAbstract:
Made available in DSpace on 2016-08-17T14:53:23Z (GMT). No. of bitstreams: 1
Dissertacao Liana Mara.pdf: 7779999 bytes, checksum: eff54ba035aa6dab1569b8f121f7ee0a (MD5)
Previous issue date: 2012-10-19Coordenação de Aperfeiçoamento de Pessoal de Nível Superior
Even the great progress of techniques used by protection systems as firewalls, intrusion detection systems and antivirus to detect and prevent attacks are not enough to eliminate the cyber-attacks threat. Known attacks for decades still achieve success, and well-known vulnerabilities continue to exist and reappear on the Internet and corporate networks [1]. The intrusion detection technologies we have today provide rich information about attacks. However, the main focus of intrusion detection focuses on the fact that security has been compromised. The computer forensics, on the other hand, attempts to understand and explain what happened to the security environment and how a security violation can happen [2]. However, there is a lack of investigative mechanisms to work synergistically with these sensors and identify not only the attackers, but the malicious actions that were performed. The lack of standardization in the process of computer and network forensics [3], as well as the heterogeneity of tools and the fact that the log/alert files depend on developers, causes a large variety in the formats of these security alerts. Moreover, the knowledge used in the incidents investigation still restricted to security analysts in each case. This work proposes, the development of a model based on computer forensics that can be applied in a network environment to work with IDS NIDIA [4] and heterogeneous IDSs associating information to alerts about procedures that can be performed to investigate the incident using existing tools. The methodology used to develop this was initially use literature to achieve the proposed objectives, derived from books, theses, dissertations, research papers and hypermedia documents, followed by the gathering of information for the development of the solution and analysis tools that could assist in the implementation and modeling the prototype, that was assisted by Model Driven Architecture.
Mesmo o grande progresso das técnicas utilizadas pelos sistemas de proteção como firewalls, sistemas de detecção de invasão e antivírus para detecção e prevenção de ataques, não são suficientes para eliminar a ameaça dos ciberataques. Mesmo ataques que existem há décadas ainda alcançam sucesso, e as vulnerabilidades bem conhecidas continuam a existir e reaparecer na Internet e redes corporativas [1]. As tecnologias de detecção de intrusão atuais fornecem informações ricas sobre um ataque. No entanto, o principal foco de detecção de intrusão centra-se no fato da segurança ter sido comprometida. A computação forense, por outro lado, tenta entender e explicar o que aconteceu com o ambiente de segurança e como uma violação de segurança pode acontecer [2]. No entanto, existe uma carência de mecanismos investigativos que possam trabalhar em sinergia com estes sensores e identificar não só os atacantes, mas as ações maliciosas que foram executadas. A falta de padronização no processo de realização da forense computacional e de rede [3], assim como a heterogeneidade das ferramentas e o fato de que os tipos de arquivos de logs dependem dos desenvolvedores, faz com que haja uma grande variedade nos formatos destes alertas de segurança. Além disto, o conhecimento empregado na investigação dos incidentes fica restrito aos analistas de segurança de cada caso. Esta dissertação propõe, de forma geral, o desenvolvimento de um modelo baseado na forense computacional que possa ser aplicado em ambiente de rede para trabalhar em conjunto com o IDS NIDIA [4] e IDSs heterogêneos associando aos alertas informações sobre procedimentos que podem ser executados para a investigação dos incidentes utilizando ferramentas existentes. A metodologia empregada para o desenvolvimento deste trabalho utilizou inicialmente de pesquisa bibliográfica para atingir os objetivos propostos, oriundas de livros, teses, dissertações, artigos científicos e documentos hipermídia, seguida de levantamento das informações para a elaboração da solução e uma análise de ferramentas que pudessem auxiliar no processo de modelagem e implementação do protótipo que foi auxiliado pela Arquitetura Dirigida por Modelos.
43
Bate, Rachael. "Mapping and gene identification within the Ids to Dmd region of the mouse X chromosome." Thesis, Oxford Brookes University, 2002. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.247810.
Full text
44
Karlsson, Kristin. "S-Kalcidiol : En metodjämförelse mellan IDS-iSYS och Cobas E801 vid analys av S-Kalcidiol." Thesis, Linnéuniversitetet, Institutionen för kemi och biomedicin (KOB), 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:lnu:diva-105003.
Full textAbstract:
Vitamin D är den sammanlagda koncentrationen för metaboliterna vitamin D2 och vitamin D3 och är en tillförlitlig indikator gällande vitamin D-statusen i kroppen. Den huvudsakliga källan till vitamin D är bildandet av metaboliten vitamin D3 i huden med hjälp av ultraviolett B-ljus och vitaminet har bland annat en viktig roll för skelettets utveckling. Koncentrationen kalcidiol (25(OH) vitamin D) kan bestämmas till exempel med hjälp av elektrokemiluminiscens med kompetitiv inbindning. Mätprincipen har flera likheter med kemiluminiscens med den huvudsakliga skillnaden att elektrisk spänning används för att starta reaktionen. När en analys ska flyttas från ett instrument till ett annat är det viktigt att verifiera att de är överensstämmande gällande bland annat precision. Syftet med projektet var att genomföra en metodjämförelse för analys av kalcidiol i serum (S-Kalcidiol) mellan instrumenten IDS-iSYS och Cobas E801 samt att genomföra en jämförelse av kontroller från företagen Roche Diagnostics och ThermoFisher Scientific och utifrån de erhållna resultaten avgöra vilka som var mest lämpliga att använda vid analys med Cobas E801. Kontrollerna från Roche Diagnostics är optimerade för analysen, men det vore fördelaktigt att kunna använda kontrollerna från ThermoFisher Scientific eftersom de även kan användas för flera andra analyser. Metodjämförelsen gjordes med hjälp av en inomserie- och totalimprecisionsstudie med en låg och en hög kontrollnivå från företagen Roche Diagnostics och ThermoFisher Scientific samt en korrelationsstudie med 20 stycken patientprover bestående av serum. Inomserie- och totalimprecisionen resulterade i att Cobas E801 hade likvärdig precision med IDS-iSYS. Gällande kontrollerna var endast kontrollerna från Roche Diagnostics inom acceptansintervallen och är därmed lämpligast att använda. Korrelationsstudien resulterade i determinationskoefficienten 0,942, vilket tyder på ett tydligt linjärt samband. Studien visar dock att Cobas E801 har en större spridning när koncentrationen kalcidiol överstiger 50 nmol/L. Utifrån de erhållna resultaten kan en flytt av analysen från IDS-iSYS till Cobas E801 genomföras för att effektivisera arbetsflödet.
45
Spandidos, Nikiforos. "Regulation of RNA polymerase III transcription by the ID1, ID2, ID3 and E47 proteins." Thesis, University of Glasgow, 2010. http://theses.gla.ac.uk/1723/.
Full textAbstract:
RNA polymerase III (pol III) is responsible for transcribing a set of genes that are involved in protein synthesis, including transfer (tRNA) and 5S ribosomal RNA (5S rRNA). Pol III transcription levels are increased in many cancers, as increased protein synthesis is required for tumour growth. Furthermore, it has been shown that a number of oncoproteins and tumour suppressor proteins interact directly with the pol III machinery. The work presented in this thesis aimed to investigate whether the inhibitor of differentiation (ID) and E47 proteins regulate pol III transcription, as well as the mechanisms behind these processes.
46
Ibrahim, Tarik Mohamed Abdel-Kader. "Improving intrusion prevention, detection and response." Thesis, University of Plymouth, 2011. http://hdl.handle.net/10026.1/479.
Full textAbstract:
In the face of a wide range of attacks, Intrusion Detection Systems (IDS) and other Internet security tools represent potentially valuable safeguards to identify and combat the problems facing online systems. However, despite the fact that a variety of commercial and open source solutions are available across a range of operating systems and network platforms, it is notable that the deployment of IDS is often markedly less than other well-known network security countermeasures and other tools may often be used in an ineffective manner. This thesis considers the challenges that users may face while using IDS, by conducting a web-based questionnaire to assess these challenges. The challenges that are used in the questionnaire were gathered from the well-established literature. The participants responses varies between being with or against selecting them as challenges but all the listed challenges approved that they are consider problems in the IDS field. The aim of the research is to propose a novel set of Human Computer Interaction-Security (HCI-S) usability criteria based on the findings of the web-based questionnaire. Moreover, these criteria were inspired from previous literature in the field of HCI. The novelty of the criteria is that they focus on the security aspects. The new criteria were promising when they were applied to Norton 360, a well known Internet security suite. Testing the alerts issued by security software was the initial step before testing other security software. Hence, a set of security software were selected and some alerts were triggered as a result of performing a penetration test conducted within a test-bed environment using the network scanner Nmap. The findings reveal that four of the HCI-S usability criteria were not fully addressed by all of these security software. Another aim of this thesis is to consider the development of a prototype to address the HCI-S usability criteria that seem to be overlooked in the existing security solutions. The thesis conducts a practical user trial and the findings are promising and attempt to find a proper solution to solve this problem. For instance, to take advantage of previous security decisions, it would be desirable for a system to consider the user‟s previous decisions on similar alerts, and modify alerts accordingly to account for the user‟s previous behaviour. Moreover, in order to give users a level of flexibility, it is important to enable them to make informed decisions, and to be able to recover from them if needed. It is important to address the proposed criteria that enable users to confirm / recover the impact of their decision, maintain an awareness of system status all the time, and to offer responses that match users‟ expectations. The outcome of the current study is a set of a proposed 16 HCI-S usability criteria that can be used to design and to assess security alerts issued by any Internet security suite. These criteria are not equally important and they vary between high, medium and low.
47
Shonubi, Felix, Ciara Lynton, Joshua Odumosu, and Daryl Moten. "Exploring Vulnerabilities in Networked Telemetry." International Foundation for Telemetering, 2015. http://hdl.handle.net/10150/596435.
Full textAbstract:
ITC/USA 2015 Conference Proceedings / The Fifty-First Annual International Telemetering Conference and Technical Exhibition / October 26-29, 2015 / Bally's Hotel & Convention Center, Las Vegas, NVThe implementation of Integrated Network Enhanced Telemetry (iNET) in telemetry applications provides significant enhancements to telemetry operations. Unfortunately such networking brings the potential for devastating cyber-attacks and networked telemetry is also susceptible to these attacks. This paper demonstrates a worked example of a social engineering attack carried out on a test bed network, analyzing the attack process from launch to detection. For this demonstration, a penetration-testing tool is used to launch the attack. This attack will be monitored to detect its signature using a network monitoring tool, and this signature will then be used to create a rule which will trigger an alert in an Intrusion Detection System. This work highlights the importance of network security in telemetry applications and is critical to current and future telemetry networks as cyber threats are widespread and potentially devastating.
48
Sagayam, Arul Thileeban. "LIDS: An Extended LSTM Based Web Intrusion Detection System With Active and Distributed Learning." Thesis, Virginia Tech, 2021. http://hdl.handle.net/10919/103471.
Full textAbstract:
Intrusion detection systems are an integral part of web application security. As Internet use continues to increase, the demand for fast, accurate intrusion detection systems has grown. Various IDSs like Snort, Zeek, Solarwinds SEM, and Sleuth9, detect malicious intent based on existing patterns of attack. While these systems are widely deployed, there are limitations with their approach, and anomaly-based IDSs that classify baseline behavior and trigger on deviations were developed to address their shortcomings. Existing anomaly-based IDSs have limitations that are typical of any machine learning system, including high false-positive rates, a lack of clear infrastructure for deployment, the requirement for data to be centralized, and an inability to add modules tailored to specific organizational threats. To address these shortcomings, our work proposes a system that is distributed in nature, can actively learn and uses experts to improve accuracy. Our results indicate that the integrated system can operate independently as a holistic system while maintaining an accuracy of 99.03%, a false positive rate of 0.5%, and speed of processing 160,000 packets per second for an average system.Master of Science
Intrusion detection systems are an integral part of web application security. The task of an intrusion detection system is to identify attacks on web applications. As Internet use continues to increase, the demand for fast, accurate intrusion detection systems has grown. Various IDSs like Snort, Zeek, Solarwinds SEM, and Sleuth9, detect malicious intent based on existing attack patterns. While these systems are widely deployed, there are limitations with their approach, and anomaly-based IDSs that learn a system's baseline behavior and trigger on deviations were developed to address their shortcomings. Existing anomaly-based IDSs have limitations that are typical of any machine learning system, including high false-positive rates, a lack of clear infrastructure for deployment, the requirement for data to be centralized, and an inability to add modules tailored to specific organizational threats. To address these shortcomings, our work proposes a system that is distributed in nature, can actively learn and uses experts to improve accuracy. Our results indicate that the integrated system can operate independently as a holistic system while maintaining an accuracy of 99.03%, a false positive rate of 0.5%, and speed of processing 160,000 packets per second for an average system.
49
Černý, Michal. "Systémy detekce a prevence průniku." Master's thesis, Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií, 2010. http://www.nusl.cz/ntk/nusl-218240.
Full textAbstract:
The detection and intrusion prevention systems could be realized as independent hardware or set in the software form on to the host. The primary purpose of these protective elements is the undesirable activity detection such as integrity intrusion of the files, invalid attempts while connecting to the remote service or acquisition of the local network data. The systems react to the event on the basis of the action that is defined by internal rules. We can include the caution sending or communication blocking among possible counteractions. The base principals of the detection and intrusion prevention systems are described in the dissertation. Various types of captured data analyses and processes of the inhere rules creation and further more caution formats are mentioned in the dissertation. There are also considered the alternatives of their location including advantages of selected situations. There is described the installation and setting up of particular elements of the realized network and security systems. In order to the verification of functionality and factor of the protection providing there was realized several selected types of attacks.
50
Ormazábal, Sánchez Gaizka. "El IDS: Un nuevo sistema integrado de toma de decisiones para la gestión de projectos constructivos." Doctoral thesis, Universitat Politècnica de Catalunya, 2002. http://hdl.handle.net/10803/6152.
Full textAbstract:
La evolución del mercado y por ende de la demanda del sector de la construcción hace que hoy en día sea cada vez más necesario el desarrollo de un plano transversal de estudio que integre las diversas vertientes del proyecto en vistas a buscar una mayor competitividad. La nueva clave del éxito no será ya tan sólo la alta productividad, sino la gestión orientada a los requerimientos de cada cliente y la capacidad de adaptarse a una demanda y un entorno en cambio continuo y rápido. Dicho plano transversal está constituido por los aspectos de gestión del proyecto, en los que adquiere una singular importancia el problema de la toma de decisión, que constituye el objeto de esta tesis.A raíz de la revisión del desarrollo de dicho problema en el ámbito de la economía y la gestión empresarial se identifican dos paradigmas en su enfoque. El primero corresponde a una perspectiva positivista del problema, que hace hincapié en los aspectos cuantificables y objetivizables. Posteriormente, con base en los criticismos generados en torno a este primer enfoque surgió una visión posmoderna del mismo, basada en un enfoque social que desconfía de la racionalidad y articula su propuesta en el consenso entre las partes.
En este contexto, la propuesta de esta tesis se fundamenta en lo que aquí se ha denominado "paradigma integrador", el cual parte del reconocimiento de las aportaciones de los dos enfoques anteriores siendo consciente a la vez de sus limitaciones. Por ello, aboga por una adopción ad hoc de los enfoques y herramientas asociadas a ambas perspectivas, según las características específicas del problema, abriendo las puertas a una posible combinación de ambas.
Desde esta perspectiva integradora, en lo relativo a la vertiente metodológica se propone un instrumento de toma de decisiones al que se denomina IDS (Integrated Decision System), y que se articula en torno a dos conceptos que constituyen los ejes principales de la propuesta: el valor y el riesgo. Por otro lado, la razón de ser de la denominación de "sistema" corresponde a su concepción como conjunto de elementos: conceptos, formulaciones, métodos, metodologías y herramientas.
La propuesta se define y describe con un carácter general, aplicable a cualquier ámbito de la gestión, si bien se adapta y particulariza el estudio para el campo específico de la gestión de proyectos constructivos. Posteriormente se explora su potencialidad a través del estudio de su aplicabilidad, en primer lugar en el ámbito de una técnica de gestión, la metodología del valor o Value Management, y posteriormente en el campo más general de la gestión de proyectos o Project Management. En el primer caso se realiza también un estudio para su aplicabilidad en el seno del sector de la construcción española. Finalmente se hace una ulterior investigación de la aplicabilidad del sistema propuesto en el ámbito de la gestión de organizaciones.