Dissertations / Theses on the topic 'IDS'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 dissertations / theses for your research on the topic 'IDS.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
Monzer, Mohamad-Houssein. "Model-based IDS design pour ICS." Thesis, Université Grenoble Alpes, 2020. http://www.theses.fr/2020GRALT056.
Full textIndustrial systems present security risks related to their IT vulnerabilities. These systems, spread over the world, continue to be targets of attacks. While Industrial systems share common vulnerabilities with IT systems, they tend to have more constraints due to the interaction between cyber and physical systems.Intrusion detection systems give visibility to the system and are considered as one of the solutions to detect targeting attacks. Hence, it seems relevant to rely on a physical model of the cyber-physical system to obtain an intrusion detection system (IDS) for industrial systems. Most IDSs are based on rules that define how possible attacks are detected. These rules are generally used to either describe possible attack scenarios on the systems or used to describe the normal system behavior of the system. However, manually creating and maintaining rules for a complex system can prove to be a very tedious and difficult task.This thesis proposes a solution to model ICS and to design specific IDS for industrial systems. A model-based IDS rule generator is also proposed, which converts a system model into anomaly-based IDS rules. Finally, the effectiveness of the generated rules is evaluated
Fernandez, Maria del Mar, and Ignacio Porres. "An Evaluation of current IDS." Thesis, Linköping University, Department of Electrical Engineering, 2008. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-11635.
Full textWith the possibility of connecting several computers and networks the necessity of protecting the whole data and machines from attackers (hackers) that try to get some confident information to use for their own benefit or just destroy or modify valuable information was born. At this point IDS appears to help users, companies or institutions to detect when they are getting compromised. This thesis will cover two main parts: the first one consists of an intense research study about the world of IDS and its environment. Subsequently, we will conclude this part with some points where IDS still needs to be questioned and show up desirable requirements for “the perfect” intrusion detection system. This “perfect” adjective can of course be discussed variously. The second part of the thesis approaches the implementation of the most used open source IDS: Snort. Some basic attacks on the machine where Snort is installed will be performed in order to make the future user see what kind of protection it ensures and the usability of this. There is a brief discussion about two of the main challenges in IDS will follow: analyzing big amounts of packets and encrypted traffic. Finally there are conclusions for a safe computer environment as well as the suggestion that some skilled programmer should give Snort a more friendly interface for every kind of users and a built in programme package which includes webserver, database and other libraries that are needed to run it properly with all its features.
Alevizon, John V. "Odds and Ids : a novel." Virtual Press, 1988. http://liblink.bsu.edu/uhtbin/catkey/539859.
Full textDepartment of English
Šišmiš, Lukáš. "Optimalizace IDS/IPS systému Suricata." Master's thesis, Vysoké učení technické v Brně. Fakulta informačních technologií, 2021. http://www.nusl.cz/ntk/nusl-445503.
Full textZika, Ondřej. "Analýza IDS Prahy a Bratislavy." Master's thesis, Vysoká škola ekonomická v Praze, 2012. http://www.nusl.cz/ntk/nusl-162145.
Full textJohansson, Fredrik, Jörgen Johansson, and Marcus Johansson. "IDS för alla : Intrångsdetekteringssystem för hemmaanvändare." Thesis, Högskolan i Halmstad, Sektionen för Informationsvetenskap, Data– och Elektroteknik (IDE), 2013. http://urn.kb.se/resolve?urn=urn:nbn:se:hh:diva-23229.
Full textTjhai, Gina C. "Anomaly-based correlation of IDS alarms." Thesis, University of Plymouth, 2011. http://hdl.handle.net/10026.1/308.
Full textAspernäs, Andreas, and Thommy Simonsson. "IDS on Raspberry Pi : A Performance Evaluation." Thesis, Linnéuniversitetet, Institutionen för datavetenskap (DV), 2015. http://urn.kb.se/resolve?urn=urn:nbn:se:lnu:diva-43997.
Full textDen här rapporten behandlar möjligheten att använda en Raspberry Pi som ett intrångdetekteringssystem i en hemma miljö för att öka nätverkssäkerheten. Fokusen i den här studien ligger på hur väl de två senaste generationerna av Raspberry Pi skulle kunna hantera nätverkstrafik samtidigt som den undersöker nätverkstrafiken och söker efter hot. För att kontrollera hur väl en Raspberry Pi kan fungera som ett intrångdetekteringssystem har en laborationsmiljö upprättats bestående av två fysiska maskiner som vardera används för att virtualisera en virtuell maskin. Tester för att mäta datagenomströmning, processor och minnesbelastning utfördes på var och en av Raspberry Pi. Två modeller av Raspberry Pi användes; Raspberry Pi model b+ och Raspberry Pi 2 model b, både körde operativsystemet Arch Linux ARM. Resultatet av testerna visade att det går att använda båda enheterna för att upprätta ett intrångdetekteringssystem, men det finns vissa begränsningar i enheterna vilket kan begränsa implementationsmöjligheterna. Raspberry Pi 2 model B uppvisade bättre resultat i form av att den är lägre belastad och har en högre datagenomströmning till skillnad från Raspberry Pi model B+. Raspberry Pi 2 model B har nyare och snabbare hårdvara vilket är den troliga orsaken till att den presterar bättre.
SILVA, Aline Lopes da. "MODELO DE IDS PARA USUÁRIOS DE DISPOSITIVOS MÓVEIS." Universidade Federal do Maranhão, 2008. http://tedebc.ufma.br:8080/jspui/handle/tede/335.
Full textMobile devices are increasing common reality in wireless networks and have integrated the wireless environment, helping to ease and to make available information. Meanwhile, the wireless environment is subject to vulnerabilities because of the way of spreading information that is given through the air, and is subject to interception or even information theft. Mobile Devices in addition of its vulnerability to these vulnerabilities common in wireless environments, are devices with some physical limitations such as lack of processing capacity and memory, beyond the limited battery life. These limitations become critical in this kind of environment, when unidentified threats attack are directed mobile devices. It is necessary to develop an intrusion detection system dedicated to these devices to identify intrusive behaviour, taking into account their physical limitations. This work proposes an intrusion detection system (IDS, Intrusion Detection System) for wireless networks and mobile devices. This is an adaptation and extension of NIDIA-IDS (Intrusion Detection System-Network Intrusion Detection System based on Intelligent Agents). The system acts with two processes: the first one is an information tracking on the device performance and the second one is a wireless network traffic monitoring, analyzing both the traffic of monitored devices. As proof of concepts a prototype was developed and some experiments were carried to validate this solution.
Os dispositivos móveis são uma realidade cada vez mais comum em redes wireless e se integraram ao ambiente wireless, contribuindo para facilidade e disponibilidade da informação. Entretanto, o ambiente wireless está sujeito a vulnerabilidades, devido à forma de propagação da informação que se dá através do ar, estando sujeito a intercepção ou até mesmo roubo das informações. Dispositivos móveis além de estarem sujeitos a essas vulnerabilidades comuns em ambientes wireless, são dispositivos com algumas limitações físicas, como pouca capacidade de processamento e memória, além da vida útil de bateria limitada. Estas limitações tornam-se críticas neste tipo ambiente, quando ameaças não identificadas são direcionadas a dispositivos móveis. Torna-se necessário a implementação de sistema de detecção de intrusão voltado para estes dispositivos a fim de identificar comportamentos intrusivos, levando em consideração suas limitações físicas. Este trabalho propõe um sistema de detecção de intrusão (IDS, Intrusion Detection System) em redes wireless destinados a dispositivos móveis como adaptação e extensão do IDS-NIDIA (Intrusion Detection System- Network Intrusion Detection System based on Intelligent Agents). O mecanismo utiliza dois processos: o primeiro faz o monitoramento de informações sobre o comportamento do dispositivo e o segundo através do monitoramento de tráfego da rede wireless, analisando o tráfego destinado e originado aos dispositivos monitorados. A implementação da arquitetura e os testes realizados demonstram a viabilidade da solução.
MORAES, Falkner de Área Leão. "SEGURANÇA E CONFIABILIDADE EM IDS BASEADOS EM AGENTES." Universidade Federal do Maranhão, 2009. http://tedebc.ufma.br:8080/jspui/handle/tede/1843.
Full textMade available in DSpace on 2017-08-21T12:14:23Z (GMT). No. of bitstreams: 1 Falkner de Arêa Leão Moraes.pdf: 2601896 bytes, checksum: 0fa8b49e3f279d911a70b4f78d9cbe08 (MD5) Previous issue date: 2009-02-16
Lack of security is a constant concern in open distributed systems. Threats are present within environments insecure, uncertain and constantly changing. Due to this problem, many tools for evaluating vulnerabilities of the network as well as for their protection are being developed as techniques for encryption and software systems such as antivirus, firewall and IDS (Intrusion Detection System). Among these, there are IDS systems that are being conceived, designed and implemented, using techniques executed by agents. However, it is necessary to assure security and reliability of exchanged messages inside IDS. For this purpose, this paper proposes a security solution for IDS based on agents. The proposed solution provides a methodology and a secure mechanism for communication among agents, through information protection configuration mechanisms, authentication and authorization, key control and messages persistence using XML. The proposed solution is implemented as an extension to the IDS-NIDIA (Network Intrusion Detection System based on Intelligent Agents), whose architecture has an intelligent agent society that communicate in a cooperative way in a distributed environment. The implementation of the prototype and tests proposed in this work show the applicability of the proposed solution.
A falta de segurança é uma preocupação constante em sistemas distribuídos abertos. Ameaças estão presentes dentro de ambientes inseguros, incertos e que mudam constantemente. Devido a esses problemas, diversas ferramentas para avaliação de vulnerabilidades da rede, bem como para sua proteção, estão sendo desenvolvidas como técnicas de criptografia e softwares como antivírus, firewall e IDS (Intrusion Detection System). Dentre estas, destaca-se Sistemas IDS que estão crescentemente sendo concebidos, projetados e implementados, usando técnicas de segurança executadas por agentes. Entretanto, é necessário que a segurança e a confiabilidade das mensagens trocadas dentro de um sistema IDS sejam asseguradas. Para este fim, este trabalho propõe uma solução segura e confiável para IDS baseada em agentes. A solução propõe estabelecer um esquema de execução e comunicação segura dos agentes através de mecanismos de proteção de informações de configuração, autenticação e autorização, controle de chaves e persistência de mensagens do IDS, utilizando XML. A solução proposta é implementada como uma extensão do IDS-NIDIA (Network Intrusion Detection System based on Intelligent Agents), cuja arquitetura consiste em uma sociedade de agentes inteligentes que se comunicam de forma cooperativa em um ambiente distribuído. A implementação do protótipo e os testes apresentados neste trabalho demonstram a aplicabilidade da solução proposta.
Scrobonia, David. "Rules Based Analysis Engine for Application Layer IDS." DigitalCommons@CalPoly, 2017. https://digitalcommons.calpoly.edu/theses/1773.
Full textCarey, Nathan. "Correlation of Heterogenous IDS Alerts for Attack Detection." Thesis, Queensland University of Technology, 2004. https://eprints.qut.edu.au/15872/1/Nathan_Carey_Thesis.pdf.
Full textCarey, Nathan. "Correlation of Heterogenous IDS Alerts for Attack Detection." Queensland University of Technology, 2004. http://eprints.qut.edu.au/15872/.
Full textVirti, Émerson Salvadori. "Implementação de um IDS utilizando SNMP e lógica difusa." reponame:Biblioteca Digital de Teses e Dissertações da UFRGS, 2007. http://hdl.handle.net/10183/11475.
Full textThis work develops a study about Computer Network Security through the implementation of an Instruction Detection System (IDS) based on system information captured by the SNMP protocol. To reach a reduction in the number of false positive and false negative, a peculiar problem to the majority of the IDS, it is used fuzzy logic and the assistance of Network Security Administrators. Thus it is possible to build an Intrusion Detection System better adjusted to the network characteristics that must be monitored. At last, by monitoring a production network, it is evaluated the overall security improvement obtained by the IDS proposed in this work and considers its adoption as a complementary network security mechanism.
Ovšonka, Daniel. "Obfuskace síťového provozu pro zabránění jeho detekce pomocí IDS." Master's thesis, Vysoké učení technické v Brně. Fakulta informačních technologií, 2013. http://www.nusl.cz/ntk/nusl-236209.
Full textAussibal, Julien. "Rsids : un IDS distribué basé sur le framework CVSS." Pau, 2009. http://www.theses.fr/2009PAUU3044.
Full textIntrusion detection is a method that ensures the availability concept in systems and computer networks. This availability is generally undermined by various anomalies. These anomalies can be caused either legitimately unintended result has operations working on these systems (broken link, traffic, or. . . ), so illegitimate with malicious operations designed to undermine the availability of these systems. The implementation of these various anomalies detection tools, such as IDS (Intrusion Detection System), contribute to early identification of these anomalies and to block them. This thesis has enabled us to develop a new generation platform to generate legitimate and illegitimate anomalies. This work was carried out under the project METROSEC. This platform has enabled us to obtain various traffic captures containing these anomalies. The various illegimitate anomalies were performed with classic tools to make Denial of Service like TFN2k or Trinoo. Legitimate Anormalies were also conducted with flash crowd phenomenon. All these catch real traffic were used in further research on intrusion detection for the evaluation of new methods of detection. In a second part, the implementation of a new detection tool seems necessary to improve the quality of detection of these anomalies. This new distributed IDS, called RSIDS (Risk Scored Intrusion Detection System), will retrieve the results of a multitude of heterogeneous probes. The use of probes will remove the risk of false alarms. Indeed, a probe is not able to detect all anomalies that occur on a system or network. Each alert provided by its probes will be evaluated according to their degree of dangerousness. The assessment of dangerousness based on the framework CVSS (Common Vulnerability Scoring System)
Čmela, Libor. "Přestupní terminál IDS JMK u žel. stanice Brno - Řečkovice." Master's thesis, Vysoké učení technické v Brně. Fakulta stavební, 2012. http://www.nusl.cz/ntk/nusl-225526.
Full textKatti, Sachin (Katti Rajsekhar). "On attack correlation and the benefits of sharing IDS data." Thesis, Massachusetts Institute of Technology, 2005. http://hdl.handle.net/1721.1/34363.
Full textIncludes bibliographical references (p. 47-49).
This thesis presents the first wide-scale study of correlated attacks, i.e., attacks mounted by the same source IP against different networks. Using a large dataset from 1700 intrusion detection systems (IDSs), this thesis shows that correlated attacks are prevalent in the current Internet; 20% of all offending sources mount correlated attacks and they account for more than 40% of all the IDS alerts in our logs. Correlated attacks appear at different networks within a few minutes of each other, indicating the difficulty of warding off these attacks by occasional offline exchange of lists of malicious IP addresses. Furthermore, correlated attacks are highly targeted. The 1700 DSs can be divided into small groups with 4-6 members that do not change with time; IDSs in the same group experience a large number of correlated attacks, while IDSs in different groups see almost no correlated attacks These results have important implications on collaborative intrusion detection of common attackers. They show that collaborating IDSs need to exchange alert information in realtime. Further, exchanging alerts among the few fixed IDSs in the same correlation group achieves almost the same benefits as collaborating with all IDSs, while dramatically reducing the overhead.
by Sachin Katti.
S.M.
David-West, Olayinka. "An IDS assessment of electronic banking performance in retail banking." Thesis, University of Manchester, 2012. https://www.research.manchester.ac.uk/portal/en/theses/an-ids-assessment-of-electronic-banking-performance-in-retail-banking(b2fa0a96-16a1-4c85-98d1-8bb8952919c8).html.
Full textCoussement, Romain. "Mécanisme d'aide à la décision pour les IDS dans les réseaux VANETs." Thèse, Université du Québec à Trois-Rivières, 2014. http://depot-e.uqtr.ca/7337/1/030631144.pdf.
Full textPeddisetty, Naga Raju. "State-of-the-art Intrusion Detection: Technology, Challenges, and Evaluation." Thesis, Linköping University, Department of Electrical Engineering, 2005. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-2792.
Full textDue to the invention of automated hacking tools, Hacking is not a black art anymore. Even script kiddies can launch attacks in few seconds. Therefore, there is a great emphasize on the Security to protect the resources from camouflage. Intrusion Detection System is also one weapon in the security arsenal. It is the process of monitoring and analyzing information sources in order to detect vicious traffic. With its unique capabilities like monitoring, analyzing, detecting and archiving, IDS assists the organizations to combat against threats, to have a snap-shot of the networks, and to conduct Forensic Analysis. Unfortunately there are myriad products inthe market. Selecting a right product at time is difficult. Due to the wide spread rumors and paranoia, in this work I have presented the state-of-the-art IDS technologies, assessed the products, and evaluated. I have also presented some of the novel challenges that IDS products are suffering. This work will be a great help for pursuing IDS technology and to deploy Intrusion Detection Systems in an organization. It also gives in-depth knowledge of the present IDS challenges.
Bojanic, Irena. "On-line adaptive IDS scheme for detecting unknown network attacks using HMM models." College Park, Md. : University of Maryland, 2005. http://hdl.handle.net/1903/2571.
Full textThesis research directed by: Electrical Engineering. Title from t.p. of PDF. Includes bibliographical references. Published by UMI Dissertation Services, Ann Arbor, Mich. Also available in paper.
Grässlin, Yvonne. "Validierung der deutschen Version des inventory of depressive symptoms (IDS) in einem Selbstbeurteilungsverfahren." [S.l.] : [s.n.], 2004. http://deposit.ddb.de/cgi-bin/dokserv?idn=97138312X.
Full textSILVA, Mauro Lopes Carvalho. "Modelo de IDS Remoto baseado na tecnologia de Agentes, Web Services e MDA." Universidade Federal do Maranhão, 2006. http://tedebc.ufma.br:8080/jspui/handle/tede/465.
Full textIn the current state of the Internet, information security presents a permanent concern. In many cases, information security is vital a maintenance and continuity of the businesses. The organizations have used the Internet as one of the main points for rendering of services for other organizations as well as for their final users. We can cite some organizations such as Banks, Institutions of Education, Administrators of Credit cards and the Federal Government. The use of Security policies associated with a set of tools such as Firewall, Antivirus and IDS (Intrusion Detection System) have helped organizations to achieve some security and thus allowing the continuity of the businesses. On the other extremity of the rendering of services for organizations we have the final users. The necessity for effectiveness in computational security to the final users has increased in function of the considerable growth on the occurrence of attacks to this type of user. This problem creates a niche for the research in security directed to the final user. This work is motivated by the above problem. Our work consists of a proposal of a model and an implementation of a Remote IDS (Intrusion Detection System) using the technology of Multi-agent Systems, Web Services and MDA (Model-Driven Architecture). This model adapts and extends the NIDIA (Network Intrusion Detection System based on Intelligent Agents) to provide a remote IDS on the Internet. The purpose is that users that do not have a local IDS can use the services provided by a remote IDS (e.g. NIDIA). NIDIA is an IDS whose architecture consists of a set of cooperative agents. The Remote IDS functionalities are provided as a set of accessible services on the Internet through Web Services. The architecture of our IDS uses MDA to support metadata management such as profiles of configurations, profiles of users and profiles of services. The prototype of the proposed model and the tests demonstrate the viability of our solution. An illustrative example of the execution of the Remote IDS is presented.
No atual contexto da Internet, a segurança da informação constitui-se uma preocupação permanente. Em muitos casos, a segurança da informação é vital para a manutenção e continuidade dos negócios. As organizações têm usado a Internet como um dos principais pontos para a prestação de serviços para outras organizações assim como para seus usuários finais. Podemos citar algumas organizações como Bancos, Instituições de Ensino, Administradoras de Cartões de Crédito e o Governo Federal. O uso de Políticas de Segurança associado ao uso de um conjunto de ferramentas, como Firewall, Antivírus e IDS (Intrusion Detection System) tem apoiado as organizações no objetivo de manter a segurança e desta forma a continuidade dos negócios. Na outra extremidade da prestação de serviços pelas organizações temos os usuários finais. A necessidade por eficácia em segurança computacional aos usuários finais tem aumentado em função do crescimento considerável na ocorrência de ataques a este tipo de usuário. Este problema cria um nicho para a pesquisa em segurança voltada ao usuário final. Esta dissertação tem por motivação esse cenário, consistindo na proposta do modelo e a implementação de um IDS Remoto usando a tecnologia de Sistemas Multiagentes, Web services e MDA (Model-Driven Architecture). O modelo adapta e extende o NIDIA (Network Intrusion Detection System based on Intelligent Agents) para prover um IDS remoto na Internet. A proposta é que usuários que não têm um IDS local possam usar os serviços providos por nosso IDS Remoto. O NIDIA é um IDS cuja arquitetura consiste em um conjunto de agentes cooperativos. As funcionalidades do IDS Remoto são providas como um conjunto de serviços acessíveis na Internet através de Web services. O nosso modelo de IDS usa MDA para suportar o gerenciamento de metadados tais como profiles de configuração, profiles de usuários e profiles de serviços. A implementação do protótipo do modelo proposto e os testes realizados demonstram a viabilidade da solução. Desta forma, um exemplo ilustrativo do funcionamento do IDS Remoto é apresentado.
Ferreira, Pedro Henrique Matheus da Costa. "Análise de dados de bases de honeypots: estatística descritiva e regras de IDS." Universidade Presbiteriana Mackenzie, 2015. http://tede.mackenzie.br/jspui/handle/tede/1460.
Full textFundação de Amparo a Pesquisa do Estado de São Paulo
A honeypot is a computer security system dedicated to being probed, attacked or compromised. The information collected help in the identification of threats to computer network assets. When probed, attacked and compromised the honeypot receives a sequence of commands that are mainly intended to exploit a vulnerability of the emulated systems. This work uses data collected by honeypots to create rules and signatures for intrusion detection systems. The rules are extracted from decision trees constructed from the data sets of real honeypots. The results of experiments performed with four databases, both public and private, showed that the extraction of rules for an intrusion detection system is possible using data mining techniques, particularly decision trees. The technique pointed out similarities between the data sets, even the collection occurring in places and periods of different times. In addition to the rules obtained, the technique allows the analyst to identify problems quickly and visually, facilitating the analysis process.
Um honeypot é um sistema computacional de segurança dedicado a ser sondado, atacado ou comprometido. As informações coletadas auxiliam na identificação de ameaças computacionais aos ativos de rede. Ao ser sondado, atacado e comprometido o honeypot recebe uma sequência de comandos que têm como principal objetivo explorar uma vulnerabilidade dos sistemas emulados. Este trabalho faz uso dos dados coletados por honeypots para a criação de regras e assinaturas para sistemas de detecção de intrusão. As regras são extraídas de árvores de decisão construídas a partir dos conjuntos de dados de um honeypot real. Os resultados dos experimentos realizados com quatro bases de dados, duas públicas e duas privadas, mostraram que é possível a extração de regras para um sistema de detecção de intrusão utilizando técnicas de mineração de dados, em particular as árvores de decisão. A técnica empregada apontou similaridades entre os conjuntos de dados, mesmo a coleta ocorrendo em locais e períodos de tempos distintos. Além das regras obtidas, a técnica permite ao analista identificar problemas existentes de forma rápida e visual, facilitando o processo de análise.
Manrique, Huamaní Renzo Edú. "Estudio del rendimiento de sistemas de detección de intrusos (IDS) en redes SDN." Bachelor's thesis, Pontificia Universidad Católica del Perú, 2020. http://hdl.handle.net/20.500.12404/19789.
Full textTrabajo de investigación
Utimura, Luan Nunes. "Aplicação em tempo real de técnicas de aprendizado de máquina no Snort IDS /." São José do Rio Preto, 2020. http://hdl.handle.net/11449/192443.
Full textResumo: À medida que a Internet cresce com o passar dos anos, é possível observar um aumento na quantidade de dados que trafegam nas redes de computadores do mundo todo. Em um contexto onde o volume de dados encontra-se em constante renovação, sob a perspectiva da área de Segurança de Redes de Computadores torna-se um grande desafio assegurar, em termos de eficácia e eficiência, os sistemas computacionais da atualidade. Dentre os principais mecanismos de segurança empregados nestes ambientes, destacam-se os Sistemas de Detecção de Intrusão em Rede. Muito embora a abordagem de detecção por assinatura seja suficiente no combate de ataques conhecidos nessas ferramentas, com a eventual descoberta de novas vulnerabilidades, faz-se necessário a utilização de abordagens de detecção por anomalia para amenizar o dano de ataques desconhecidos. No campo acadêmico, diversos trabalhos têm explorado o desenvolvimento de abordagens híbridas com o intuito de melhorar a acurácia dessas ferramentas, com o auxílio de técnicas de Aprendizado de Máquina. Nesta mesma linha de pesquisa, o presente trabalho propõe a aplicação destas técnicas para a detecção de intrusão em um ambiente tempo real mediante uma ferramenta popular e amplamente utilizada, o Snort. Os resultados obtidos mostram que em determinados cenários de ataque, a abordagem de detecção baseada em anomalia pode se sobressair em relação à abordagem de detecção baseada em assinatura, com destaque às técnicas AdaBoost, Florestas Aleatórias, Árvor... (Resumo completo, clicar acesso eletrônico abaixo)
Abstract: As the Internet grows over the years, it is possible to observe an increase in the amount of data that travels on computer networks around the world. In a context where data volume is constantly being renewed, from the perspective of the Network Security area it becomes a great challenge to ensure, in terms of effectiveness and efficiency, today’s computer systems. Among the main security mechanisms employed in these environments, stand out the Network Intrusion Detection Systems. Although the signature-based detection approach is sufficient to combat known attacks in these tools, with the eventual discovery of new vulnerabilities, it is necessary to use anomaly-based detection approaches to mitigate the damage of unknown attacks. In the academic field, several works have explored the development of hybrid approaches in order to improve the accuracy of these tools, with the aid of Machine Learning techniques. In this same line of research, the present work proposes the application of these techniques for intrusion detection in a real time environment using a popular and widely used tool, the Snort. The obtained results shows that in certain attack scenarios, the anomaly-based detection approach may outperform the signature-based detection approach, with emphasis on the techniques AdaBoost, Random Forests, Decision Tree and Linear Support Vector Machine.
Mestre
Johansson, Karin, and Frida Ljungek. "GLOBAL SOLUTION, LOCAL INCLUSION? : A study of digital IDs for refugees in Uganda." Thesis, Uppsala universitet, Kulturgeografiska institutionen, 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:uu:diva-385681.
Full textClark, Christopher R. "Design of Efficient FPGA Circuits For Matching Complex Patterns in Network Intrusion Detection Systems." Thesis, Georgia Institute of Technology, 2004. http://hdl.handle.net/1853/5137.
Full textChapčák, David. "Behaviorální analýza síťového provozu a detekce útoků (D)DoS." Master's thesis, Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií, 2017. http://www.nusl.cz/ntk/nusl-317014.
Full textBoden, Sandra [Verfasser], and Martin [Akademischer Betreuer] Hautzinger. "Diagnostik von Depressivität : Validierung des Inventars depressiver Symptome (IDS) / Sandra Boden ; Betreuer: Martin Hautzinger." Tübingen : Universitätsbibliothek Tübingen, 2019. http://d-nb.info/1182985947/34.
Full textKahwage, Cássia Maria Carneiro. "Ataques a redes de computadores e recomendações para Sistema de Detecção de Intrusos - IDS." Florianópolis, SC, 2002. http://repositorio.ufsc.br/xmlui/handle/123456789/84285.
Full textMade available in DSpace on 2012-10-20T07:57:54Z (GMT). No. of bitstreams: 0Bitstream added on 2014-09-26T01:10:08Z : No. of bitstreams: 1 195816.pdf: 6296399 bytes, checksum: 0e570e6de8db267f76c38c27885d042a (MD5)
Šabík, Erik. "Detekce těžení kryptoměn pomocí analýzy dat o IP tocích." Master's thesis, Vysoké učení technické v Brně. Fakulta informačních technologií, 2017. http://www.nusl.cz/ntk/nusl-363908.
Full textKlimeš, Jan. "Filtrace útoků na odepření služeb." Master's thesis, Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií, 2019. http://www.nusl.cz/ntk/nusl-400904.
Full textKim, Taekyu. "Ontology/Data Engineering Based Distributed Simulation Over Service Oriented Architecture For Network Behavior Analysis." Diss., The University of Arizona, 2008. http://hdl.handle.net/10150/193678.
Full textFahlström, Albin, and Victor Henriksson. "Intrångsdetektering i processnätverk." Thesis, Mälardalens högskola, Akademin för innovation, design och teknik, 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:mdh:diva-39881.
Full textHoten mot industrinätverken har blivit större vilket har ställt högre krav på industriernas cybersäkerhet. Industrinätverk är ofta inte konstruerade med cybersäkerhet i åtanke, vilket har gjort dessa system sårbara mot attacker. Även om nätverkets yttre skydd anses gott går det inte att vara säker på att ett industrinätverk förblir osmittat. Detta ställer krav på någon form av intrångsdetekteringssystem (IDS) som kan upptäcka infekterad utrustning och suspekt datatrafik i nätverket. En IDS skannar alla paket vid en viss punkt i nätverket, om IDS:en upptäcker något paket som matchar med dess signatur kommer den att larma en administratör. IDS:en kan även använda beteendeanalys där den larmar om nätverksaktiviteten avviker från det normala. Det är mycket viktigt att en IDS inte orsakar avbrott i industriprocessen, om en process stannar kan det innebära stora kostnader för industrin. Denna rapport syftar till att lämna ett lösningsförslag på en IDS-implementation till ett av Mälarenergi AB: s processnätverk, lösningen konstruerades med hjälp av IDS:erna Bro och Snort.
Vissa bilder i den elektroniska rapporten har tagits bort av upphovrättsliga skäl. Författarna har bedömt att rapporten är förståelig även utan dessa bilder.
Qaisi, Ahmed Abdulrheem Jerribi. "Network Forensics and Log Files Analysis : A Novel Approach to Building a Digital Evidence Bag and Its Own Processing Tool." Thesis, University of Canterbury. Computer Science and Software Engineering, 2011. http://hdl.handle.net/10092/5999.
Full textKuchař, Karel. "Vhodná strategie pro detekci bezpečnostních incidentů v průmyslových sítích." Master's thesis, Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií, 2020. http://www.nusl.cz/ntk/nusl-412978.
Full textRingström, Saltin Markus. "Intrusion Detection Systems : utvärdering av Snort." Thesis, University of Skövde, School of Humanities and Informatics, 2009. http://urn.kb.se/resolve?urn=urn:nbn:se:his:diva-3081.
Full textDet här examensarbetet undersöker effektiviteten hos ett Intrusion Detection System(IDS). Ett IDS är ett system som skall upptäcka om klienter på ett nätverk attackerasav en ”hacker” eller om någon obehörig försöker inkräkta, ungefär som en vakthund.Det IDS som testats är Snort, ett mycket populärt IDS skrivet med öppen källkod.Syftet med studien är att kunna påvisa huruvida ett IDS är ett bra komplement till ettsystems säkerhet eller inte, då det gjorts väldigt få metodiska undersökningar avSnort, och IDS i allmänhet.Den studie som gjorts utfördes med hjälp av ett antal experiment i enlaborationsmiljö, där effektiviteten hos Snort sattes på prov med hjälp av olika typerav attacker.Utifrån det resultat som uppkom så går det att konstatera att ett IDS absolut är ettkomplement värt att överväga för en organisation som är villig att ägna de resursersom systemet kräver, då ett högt antal av de utförda attackerna upptäcktes – attackersom anti-virus eller brandväggar inte är skapade för att reagera på.
Magnusson, Jonas. "Intrångsdetekteringssystem : En jämförelse mellan Snort och Suricata." Thesis, University of Skövde, School of Humanities and Informatics, 2010. http://urn.kb.se/resolve?urn=urn:nbn:se:his:diva-4401.
Full textArbetets syfte är att jämföra intrångsdetekteringssystemen Snort och Suricata för att ge en uppfattning om vilken av applikationerna som lämpar sig att implementeras hos en internetleverantör för att upptäcka attacker och öka säkerheten på nätverket. Jämförelsen utförs med hänseende till antal upptäckta attacker, prestanda, implementeringstid, antal konfigurationsfiler samt vilka operativsystem de finns tillgängliga på.
Resultatet visar att Suricata med sitt stöd för att använda signaturer skapade för Snort upptäcker fler attacker än Snort. Snort däremot går både smidigare och snabbare att implementera. Prestandamässigt så visar Suricata bäst resultat, genom att använda sig av flera kärnor och mindre minne.
Pepakayala, Sagar. "Contributions of honeyports to network security." Thesis, Linköping University, Department of Computer and Information Science, 2007. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-9177.
Full textA honeypot is an attractive computer target placed inside a network to lure the attackers into it. There are many advantages of this technology, like, information about attacker's tools and techniques can be fingerprinted, malicious traffic can be diverted away from the real target etc. With the increased activity from the blackhat community day by day, honeypots could be an effective weapon in the
network security administrator's armor. They have been studied rigorously during the past few years as a part of the security
industry's drive to combat malicious traffic. While the whitehats are trying to make honeypots stealthier, blackhats are coming up with techniques to identify them (therefore nullifying any
further use) or worse, use them in their favor. The game is on. The goal of this thesis is to study different architectural issues regarding honeypot deployment, various stages in utilizing honeypots like forensic analysis etc. Other concepts like IDSs and firewalls which are used in conjunction with honeypots are also discussed, because security is about cooperation among different security components. In the security industry, it is customary for whitehats to watch what blackhats are doing and vice versa. So the thesis
discusses recent techniques to defeat honeypots and risks involved in deploying honeypots. Commercial viability of honeypots and business cases for outsourcing honeypot maintenance are presented. A great interest from the security community about honeypots has propelled the research and resulted in various new and innovative applications of honeypots. Some of these applications, which made an impact, are discussed. Finally, future directions in research in honeypot technology are perused.
DUARTE, Lianna Mara Castro. "FORENSE COMPUTACIONAL EM AMBIENTE DE REDE BASEADO NA GERAÇÃO DE ALERTAS DE SISTEMAS DE DETECÇÃO DE INTRUSOS AUXILIADO PELA ENGENHARIA DIRIGIDA POR MODELOS." Universidade Federal do Maranhão, 2012. http://tedebc.ufma.br:8080/jspui/handle/tede/498.
Full textCoordenação de Aperfeiçoamento de Pessoal de Nível Superior
Even the great progress of techniques used by protection systems as firewalls, intrusion detection systems and antivirus to detect and prevent attacks are not enough to eliminate the cyber-attacks threat. Known attacks for decades still achieve success, and well-known vulnerabilities continue to exist and reappear on the Internet and corporate networks [1]. The intrusion detection technologies we have today provide rich information about attacks. However, the main focus of intrusion detection focuses on the fact that security has been compromised. The computer forensics, on the other hand, attempts to understand and explain what happened to the security environment and how a security violation can happen [2]. However, there is a lack of investigative mechanisms to work synergistically with these sensors and identify not only the attackers, but the malicious actions that were performed. The lack of standardization in the process of computer and network forensics [3], as well as the heterogeneity of tools and the fact that the log/alert files depend on developers, causes a large variety in the formats of these security alerts. Moreover, the knowledge used in the incidents investigation still restricted to security analysts in each case. This work proposes, the development of a model based on computer forensics that can be applied in a network environment to work with IDS NIDIA [4] and heterogeneous IDSs associating information to alerts about procedures that can be performed to investigate the incident using existing tools. The methodology used to develop this was initially use literature to achieve the proposed objectives, derived from books, theses, dissertations, research papers and hypermedia documents, followed by the gathering of information for the development of the solution and analysis tools that could assist in the implementation and modeling the prototype, that was assisted by Model Driven Architecture.
Mesmo o grande progresso das técnicas utilizadas pelos sistemas de proteção como firewalls, sistemas de detecção de invasão e antivírus para detecção e prevenção de ataques, não são suficientes para eliminar a ameaça dos ciberataques. Mesmo ataques que existem há décadas ainda alcançam sucesso, e as vulnerabilidades bem conhecidas continuam a existir e reaparecer na Internet e redes corporativas [1]. As tecnologias de detecção de intrusão atuais fornecem informações ricas sobre um ataque. No entanto, o principal foco de detecção de intrusão centra-se no fato da segurança ter sido comprometida. A computação forense, por outro lado, tenta entender e explicar o que aconteceu com o ambiente de segurança e como uma violação de segurança pode acontecer [2]. No entanto, existe uma carência de mecanismos investigativos que possam trabalhar em sinergia com estes sensores e identificar não só os atacantes, mas as ações maliciosas que foram executadas. A falta de padronização no processo de realização da forense computacional e de rede [3], assim como a heterogeneidade das ferramentas e o fato de que os tipos de arquivos de logs dependem dos desenvolvedores, faz com que haja uma grande variedade nos formatos destes alertas de segurança. Além disto, o conhecimento empregado na investigação dos incidentes fica restrito aos analistas de segurança de cada caso. Esta dissertação propõe, de forma geral, o desenvolvimento de um modelo baseado na forense computacional que possa ser aplicado em ambiente de rede para trabalhar em conjunto com o IDS NIDIA [4] e IDSs heterogêneos associando aos alertas informações sobre procedimentos que podem ser executados para a investigação dos incidentes utilizando ferramentas existentes. A metodologia empregada para o desenvolvimento deste trabalho utilizou inicialmente de pesquisa bibliográfica para atingir os objetivos propostos, oriundas de livros, teses, dissertações, artigos científicos e documentos hipermídia, seguida de levantamento das informações para a elaboração da solução e uma análise de ferramentas que pudessem auxiliar no processo de modelagem e implementação do protótipo que foi auxiliado pela Arquitetura Dirigida por Modelos.
Bate, Rachael. "Mapping and gene identification within the Ids to Dmd region of the mouse X chromosome." Thesis, Oxford Brookes University, 2002. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.247810.
Full textKarlsson, Kristin. "S-Kalcidiol : En metodjämförelse mellan IDS-iSYS och Cobas E801 vid analys av S-Kalcidiol." Thesis, Linnéuniversitetet, Institutionen för kemi och biomedicin (KOB), 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:lnu:diva-105003.
Full textSpandidos, Nikiforos. "Regulation of RNA polymerase III transcription by the ID1, ID2, ID3 and E47 proteins." Thesis, University of Glasgow, 2010. http://theses.gla.ac.uk/1723/.
Full textIbrahim, Tarik Mohamed Abdel-Kader. "Improving intrusion prevention, detection and response." Thesis, University of Plymouth, 2011. http://hdl.handle.net/10026.1/479.
Full textShonubi, Felix, Ciara Lynton, Joshua Odumosu, and Daryl Moten. "Exploring Vulnerabilities in Networked Telemetry." International Foundation for Telemetering, 2015. http://hdl.handle.net/10150/596435.
Full textThe implementation of Integrated Network Enhanced Telemetry (iNET) in telemetry applications provides significant enhancements to telemetry operations. Unfortunately such networking brings the potential for devastating cyber-attacks and networked telemetry is also susceptible to these attacks. This paper demonstrates a worked example of a social engineering attack carried out on a test bed network, analyzing the attack process from launch to detection. For this demonstration, a penetration-testing tool is used to launch the attack. This attack will be monitored to detect its signature using a network monitoring tool, and this signature will then be used to create a rule which will trigger an alert in an Intrusion Detection System. This work highlights the importance of network security in telemetry applications and is critical to current and future telemetry networks as cyber threats are widespread and potentially devastating.
Sagayam, Arul Thileeban. "LIDS: An Extended LSTM Based Web Intrusion Detection System With Active and Distributed Learning." Thesis, Virginia Tech, 2021. http://hdl.handle.net/10919/103471.
Full textMaster of Science
Intrusion detection systems are an integral part of web application security. The task of an intrusion detection system is to identify attacks on web applications. As Internet use continues to increase, the demand for fast, accurate intrusion detection systems has grown. Various IDSs like Snort, Zeek, Solarwinds SEM, and Sleuth9, detect malicious intent based on existing attack patterns. While these systems are widely deployed, there are limitations with their approach, and anomaly-based IDSs that learn a system's baseline behavior and trigger on deviations were developed to address their shortcomings. Existing anomaly-based IDSs have limitations that are typical of any machine learning system, including high false-positive rates, a lack of clear infrastructure for deployment, the requirement for data to be centralized, and an inability to add modules tailored to specific organizational threats. To address these shortcomings, our work proposes a system that is distributed in nature, can actively learn and uses experts to improve accuracy. Our results indicate that the integrated system can operate independently as a holistic system while maintaining an accuracy of 99.03%, a false positive rate of 0.5%, and speed of processing 160,000 packets per second for an average system.
Černý, Michal. "Systémy detekce a prevence průniku." Master's thesis, Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií, 2010. http://www.nusl.cz/ntk/nusl-218240.
Full textOrmazábal, Sánchez Gaizka. "El IDS: Un nuevo sistema integrado de toma de decisiones para la gestión de projectos constructivos." Doctoral thesis, Universitat Politècnica de Catalunya, 2002. http://hdl.handle.net/10803/6152.
Full textA raíz de la revisión del desarrollo de dicho problema en el ámbito de la economía y la gestión empresarial se identifican dos paradigmas en su enfoque. El primero corresponde a una perspectiva positivista del problema, que hace hincapié en los aspectos cuantificables y objetivizables. Posteriormente, con base en los criticismos generados en torno a este primer enfoque surgió una visión posmoderna del mismo, basada en un enfoque social que desconfía de la racionalidad y articula su propuesta en el consenso entre las partes.
En este contexto, la propuesta de esta tesis se fundamenta en lo que aquí se ha denominado "paradigma integrador", el cual parte del reconocimiento de las aportaciones de los dos enfoques anteriores siendo consciente a la vez de sus limitaciones. Por ello, aboga por una adopción ad hoc de los enfoques y herramientas asociadas a ambas perspectivas, según las características específicas del problema, abriendo las puertas a una posible combinación de ambas.
Desde esta perspectiva integradora, en lo relativo a la vertiente metodológica se propone un instrumento de toma de decisiones al que se denomina IDS (Integrated Decision System), y que se articula en torno a dos conceptos que constituyen los ejes principales de la propuesta: el valor y el riesgo. Por otro lado, la razón de ser de la denominación de "sistema" corresponde a su concepción como conjunto de elementos: conceptos, formulaciones, métodos, metodologías y herramientas.
La propuesta se define y describe con un carácter general, aplicable a cualquier ámbito de la gestión, si bien se adapta y particulariza el estudio para el campo específico de la gestión de proyectos constructivos. Posteriormente se explora su potencialidad a través del estudio de su aplicabilidad, en primer lugar en el ámbito de una técnica de gestión, la metodología del valor o Value Management, y posteriormente en el campo más general de la gestión de proyectos o Project Management. En el primer caso se realiza también un estudio para su aplicabilidad en el seno del sector de la construcción española. Finalmente se hace una ulterior investigación de la aplicabilidad del sistema propuesto en el ámbito de la gestión de organizaciones.