Dissertations / Theses on the topic 'Intrusion Detection System'
To see the other types of publications on this topic, follow the link: Intrusion Detection System.
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 dissertations / theses for your research on the topic 'Intrusion Detection System.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
1
Sainani, Varsha. "Hybrid Layered Intrusion Detection System." Scholarly Repository, 2009. http://scholarlyrepository.miami.edu/oa_theses/44.
Full textAbstract:
The increasing number of network security related incidents has made it necessary for the organizations to actively protect their sensitive data with network intrusion detection systems (IDSs). Detecting intrusion in a distributed network from outside network segment as well as from inside is a difficult problem. IDSs are expected to analyze a large volume of data while not placing a significant added load on the monitoring systems and networks. This requires good data mining strategies which take less time and give accurate results. In this study, a novel hybrid layered multiagent-based intrusion detection system is created, particularly with the support of a multi-class supervised classification technique. In agent-based IDS, there is no central control and therefore no central point of failure. Agents can detect and take predefined actions against malicious activities, which can be detected with the help of data mining techniques. The proposed IDS shows superior performance compared to central sniffing IDS techniques, and saves network resources compared to other distributed IDSs with mobile agents that activate too many sniffers causing bottlenecks in the network. This is one of the major motivations to use a distributed model based on a multiagent platform along with a supervised classification technique. Applying multiagent technology to the management of network security is a challenging task since it requires the management on different time instances and has many interactions. To facilitate information exchange between different agents in the proposed hybrid layered multiagent architecture, a low cost and low response time agent communication protocol is developed to tackle the issues typically associated with a distributed multiagent system, such as poor system performance, excessive processing power requirement, and long delays. The bandwidth and response time performance of the proposed end-to-end system is investigated through the simulation of the proposed agent communication protocol on our private LAN testbed called Hierarchical Agent Network for Intrusion Detection Systems (HAN-IDS). The simulation results show that this system is efficient and extensible since it consumes negligible bandwidth with low cost and low response time on the network.
2
Maharjan, Nadim, and Paria Moazzemi. "Telemetry Network Intrusion Detection System." International Foundation for Telemetering, 2012. http://hdl.handle.net/10150/581632.
Full textAbstract:
ITC/USA 2012 Conference Proceedings / The Forty-Eighth Annual International Telemetering Conference and Technical Exhibition / October 22-25, 2012 / Town and Country Resort & Convention Center, San Diego, CaliforniaTelemetry systems are migrating from links to networks. Security solutions that simply encrypt radio links no longer protect the network of Test Articles or the networks that support them. The use of network telemetry is dramatically expanding and new risks and vulnerabilities are challenging issues for telemetry networks. Most of these vulnerabilities are silent in nature and cannot be detected with simple tools such as traffic monitoring. The Intrusion Detection System (IDS) is a security mechanism suited to telemetry networks that can help detect abnormal behavior in the network. Our previous research in Network Intrusion Detection Systems focused on "Password" attacks and "Syn" attacks. This paper presents a generalized method that can detect both "Password" attack and "Syn" attack. In this paper, a K-means Clustering algorithm is used for vector quantization of network traffic. This reduces the scope of the problem by reducing the entropy of the network data. In addition, a Hidden-Markov Model (HMM) is then employed to help to further characterize and analyze the behavior of the network into states that can be labeled as normal, attack, or anomaly. Our experiments show that IDS can discover and expose telemetry network vulnerabilities using Vector Quantization and the Hidden Markov Model providing a more secure telemetry environment. Our paper shows how these can be generalized into a Network Intrusion system that can be deployed on telemetry networks.
3
Sonbul, O., M. Byamukama, S. Alzebda, and A. N. Kalashnikov. "Autonomous intrusion detection information system." Thesis, Сумський державний університет, 2012. http://essuir.sumdu.edu.ua/handle/123456789/28777.
Full textAbstract:
Abstract – Implementation of security arrangements for insecure premises, for example, for temporary exhibitions or infrequent public events, usually results in substantial security personnel costs which can be potentially reduced by employing an easily installable ad hoc intrusion detection information system. In the paper we described the architecture, design and experimental results for a fully prototyped information system that utilizes ultrasonic sensors operating in the pulse echo mode for the perimeter control and ZigBee transceivers for wireless networking. The system consists of inexpensive autonomous sensor nodes with the component cost of less than £25 and a control terminal with a graphical user interface controlled by a touch screen. The nodes are programmed wirelessly to detect intrusion within any user set distance up to the operating distance of the node, and can operate unattended for days.
When you are citing the document, use the following link http://essuir.sumdu.edu.ua/handle/123456789/28777
4
Ademi, Muhamet. "Web-Based Intrusion Detection System." Thesis, Malmö högskola, Fakulteten för teknik och samhälle (TS), 2013. http://urn.kb.se/resolve?urn=urn:nbn:se:mau:diva-20271.
Full textAbstract:
Web applications are growing rapidly and as the amount of web sites globallyincreases so do security threats. Complex applications often interact with thirdparty services and databases to fetch information and often interactions requireuser input. Intruders are targeting web applications specifically and they are ahuge security threat to organizations and a way to combat this is to haveintrusion detection systems. Most common web attack methods are wellresearched and documented however due to time constraints developers oftenwrite applications fast and may not implement the best security practices. Thisreport describes one way to implement a intrusion detection system thatspecifically detects web based attacks.
5
Satam, Shalaka Chittaranjan, and Shalaka Chittaranjan Satam. "Bluetooth Anomaly Based Intrusion Detection System." Thesis, The University of Arizona, 2017. http://hdl.handle.net/10150/625890.
Full textAbstract:
Bluetooth is a wireless technology that is used to communicate over personal area networks (PAN). With the advent of Internet of Things (IOT), Bluetooth is the technology of choice for small and short range communication networks. For instance, most of the modern cars have the capability to connect to mobile devices using Bluetooth. This ubiquitous presence of Bluetooth makes it important that it is secure and its data is protected. Previous work has shown that Bluetooth is vulnerable to attacks like the man in the middle attack, Denial of Service (DoS) attack, etc. Moreover, all Bluetooth devices are mobile devices and thus power utilization is an import performance parameter. The attacker can easily increase power consumption of a mobile device by launching an attack vector against that device.
As a part of this thesis we present an anomaly based intrusion detection system for Bluetooth network, Bluetooth IDS (BIDS). The BIDS uses Ngram based approach to characterize the normal behavior of the Bluetooth protocol. Machine learning algorithms were used to build the normal behavior models for the protocol during the training phase of the system, and thus allowing classification of observed Bluetooth events as normal or abnormal during the operational phase of the system. The experimental results showed that the models that were developed in this thesis had a high accuracy with precision of 99.2% and recall of 99.5%.
6
Prasad, Praveen. "A dynamically reconfigurable intrusion detection system." NCSU, 2003. http://www.lib.ncsu.edu/theses/available/etd-05202003-181843/.
Full textAbstract:
This dissertation implements a Network Based Intrusion Detection System on a Dynamically Reconfigurable Architecture. The design is captured using synthesizable Verilog HDL. The Dynamically Reconfigurable Intrusion Detection System (DRIDS) addresses the challenges faced by typical applications that use Reconfigurable devices that do not exploit their full computational density because of the limited FPGA memory, inefficient FPGA utilization, processor to FPGA communication bottlenecks and high reconfiguration latencies. The implementation of Intrusion Detection on the DRIDS boasts of high computational density and better performance through the exploitation of parallelism inherent in this application.
7
Song, Jingping. "Feature selection for intrusion detection system." Thesis, Aberystwyth University, 2016. http://hdl.handle.net/2160/3143de58-208f-405e-ab18-abcecfc8f33b.
Full textAbstract:
Intrusion detection is an important task for network operators in today?s Internet. Traditional network intrusion detection systems rely on either specialized signatures of previously seen attacks, or on labeled traffic datasets that are expensive and difficult to reproduce for user-profiling to hunt out network attacks. Machine learning methods could be used in this area since they could get knowledge from signatures or as normal-operation profiles. However, there is usually a large volume of data in intrusion detection systems, for both features and instances. Feature selection can be used to optimize the classifiers used to identify attacks by removing redundant or irrelevant features while improving the quality. In this thesis, six feature selection algorithms are developed, and their application to intrusion detection is evaluated. They are: Cascading Fuzzy C Means Clustering and C4.5 Decision Tree Classification Algorithm, New Evidence Accumulation Ensemble with Hierarchical Clustering Algorithm, Modified Mutual Information-based Feature Selection Algorithm, Mutual Information-based Feature Grouping Algorithm, Feature Grouping by Agglomerative Hierarchical Clustering Algorithm, and Online Streaming Feature Selection Algorithm. All algorithms are evaluated on the KDD 99 dataset, the most widely used data set for the evaluation of anomaly detection methods, and are compared with other algorithms. The potential application of these algorithms beyond intrusion detection is also examined and discussed.
8
Barrios, Rita M. "An Adaptive Database Intrusion Detection System." NSUWorks, 2011. http://nsuworks.nova.edu/gscis_etd/86.
Full textAbstract:
Intrusion detection is difficult to accomplish when attempting to employ current methodologies when considering the database and the authorized entity. It is a common understanding that current methodologies focus on the network architecture rather than the database, which is not an adequate solution when considering the insider threat. Recent findings suggest that many have attempted to address this concern with the utilization of various detection methodologies in the areas of database authorization, security policy management and behavior analysis but have not been able to find an adequate solution to achieve the level of detection that is required.
While each of these methodologies has been addressed on an individual basis, there has been very limited work to address the methodologies as a single entity in an attempt to function within the detection environment in a harmonious fashion. Authorization is at the heart of most database implementations however, is not enough to prevent a rogue, authorized entity from instantiating a malicious action. Similarly, eliminating the current security policies only exacerbates the problem due to a lack of knowledge in a fashion when the policies have been modified. The behavior of the authorized entity is the most significant concern in terms of intrusion detection. However, behavior identification methodologies alone will not produce a complete solution. The detection of the insider threat during database access by merging the individual intrusion detection methodologies as noted will be investigated.
To achieve the goal, this research is proposing the creation of a procedural framework to be implemented as a precursor to the effecting of the data retrieval statement. The intrusion model and probability thresholds will be built utilizing the intrusion detection standards as put forth in research and industry. Once an intrusion has been indicated, the appropriate notifications will be distributed for further action by the security administrator while the transaction will continue to completion.
This research is proposing the development of a Database Intrusion Detection framework with the introduction of a process as defined in this research, to be implemented prior to data retrieval. This addition will enable an effective and robust methodology to determine the probability of an intrusion by the authorized entity, which will ultimately address the insider threat phenomena.
9
Moyers, Benjamin. "Multi-Vector Portable Intrusion Detection System." Thesis, Virginia Tech, 2009. http://hdl.handle.net/10919/34265.
Full textAbstract:
This research describes an intrusion detection system designed to fulfill the need for increased mobile device security. The Battery-Sensing Intrusion Protection System (B-SIPS) [1] initially took a non-conventional approach to intrusion detection by recognizing attacks based on anomalous Instantaneous Current (IC) drainage. An extension of B-SIPS, the Multi-Vector Portable Intrusion Detection System (MVP-IDS) validates the idea of recognizing attacks based on anomalous IC drain by correlating the detected anomalies with wireless attack traffic from both the Wi-Fi and Bluetooth mediums. To effectively monitor the Wi-Fi and Bluetooth mediums for malicious packet streams, the Snort-Based Wi-Fi and Bluetooth Attack Detection and Signature System (BADSS) modules were introduced.
MVP-IDS illustrates that IC anomalies, representing attacks, can be correlated with wireless attack traffic through a collaborative and multi-module approach. Furthermore, MVP-IDS not only correlates wireless attacks, but mitigates them and defends its clients using an administrative response mechanism.
This research also provides insight into the ramifications of battery exhaustion Denial of Service (DoS) attacks on battery-powered mobile devices. Several IEEE 802.11 Wi-Fi, IEEE 802.15.1 Bluetooth, and blended attacks are studied to understand their effects on device battery lifetimes. In the worst case, DoS attacks against mobile devices were found to accelerate battery depletion as much as 18.5%. However, if the MVP-IDS version of the B-SIPS client was allowed to run in the background during a BlueSYN flood attack, it could mitigate the attack and preserve as much as 16% of a mobile deviceâ s battery lifetime as compared with an unprotected device.Master of Science
10
Le, Anhtuan. "Intrusion Detection System for detecting internal threats in 6LoWPAN." Thesis, Middlesex University, 2017. http://eprints.mdx.ac.uk/21958/.
Full textAbstract:
6LoWPAN (IPv6 over Low-power Wireless Personal Area Network) is a standard developed by the Internet Engineering Task Force group to enable the Wireless Sensor Networks to connect to the IPv6 Internet. This standard is rapidly gaining popularity for its applicability, ranging extensively from health care to environmental monitoring. Security is one of the most crucial issues that need to be considered properly in 6LoWPAN. Common 6LoWPAN security threats can come from external or internal attackers. Cryptographic techniques are helpful in protecting the external attackers from illegally joining the network. However, because the network devices are commonly not tampered-proof, the attackers can break the cryptography codes of such devices and use them to operate like an internal source. These malicious sources can create internal attacks, which may downgrade significantly network performance. Protecting the network from these internal threats has therefore become one of the centre security problems on 6LoWPAN. This thesis investigates the security issues created by the internal threats in 6LoWPAN and proposes the use of Intrusion Detection System (IDS) to deal with such threats. Our main works are to categorise the 6LoWPAN threats into two major types, and to develop two different IDSs to detect each of this type effectively. The major contributions of this thesis are summarised as below. First, we categorise the 6LoWPAN internal threats into two main types, one that focuses on compromising directly the network performance (performance-type) and the other is to manipulate the optimal topology (topology-type), to later downgrade the network service quality indirectly. In each type, we select some typical threats to implement, and assess their particular impacts on network performance as well as identify performance metrics that are sensitive in the attacked situations, in order to form the basis detection knowledge. In addition, on studying the topology-type, we propose several novel attacks towards the Routing Protocol for Low Power and Lossy network (RPL - the underlying routing protocol in 6LoWPAN), including the Rank attack, Local Repair attack and DIS attack. Second, we develop a Bayesian-based IDS to detect the performance-type internal threats by monitoring typical attacking targets such as traffic, channel or neighbour nodes. Unlike other statistical approaches, which have a limited view by just using a single metric to monitor a specific attack, our Bayesian-based IDS can judge an abnormal behaviour with a wiser view by considering of different metrics using the insightful understanding of their relations. Such wiser view helps to increase the IDS’s accuracy significantly. Third, we develop a Specification-based IDS module to detect the topology-type internal threats based on profiling the RPL operation. In detail, we generalise the observed states and transitions of RPL control messages to construct a high-level abstract of node operations through analysing the trace files of the simulations. Our profiling technique can form all of the protocol’s legal states and transitions automatically with corresponding statistic data, which is faster and easier to verify compare with other manual specification techniques. This IDS module can detect the topology-type threats quickly with a low rate of false detection. We also propose a monitoring architecture that uses techniques from modern technologies such as LTE (Long-term Evolution), cloud computing, and multiple interface sensor devices, to expand significantly the capability of the IDS in 6LoWPAN. This architecture can enable the running of both two proposed IDSs without much overhead created, to help the system to deal with most of the typical 6LoWPAN internal threats. Overall, the simulation results in Contiki Cooja prove that our two IDS modules are effective in detecting the 6LoWPAN internal threats, with the detection accuracy is ranging between 86 to 100% depends on the types of attacks, while the False Positive is also satisfactory, with under 5% for most of the attacks. We also show that the additional energy consumptions and the overhead of the solutions are at an acceptable level to be used in the 6LoWPAN environment.
11
Gade, Vaibhav. "Intrusion Detection System as a Service : Providing intrusion detection system on a subscription basis for cloud deployment." Thesis, Blekinge Tekniska Högskola, Institutionen för kommunikationssystem, 2015. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-10833.
Full text
12
Gandre, Amit Prafullachandra. "Implementation of a policy-based intrusion detection system--Generic Intrusion Detection Model (GIDEM version 1.1)." [Gainesville, Fla.] : University of Florida, 2001. http://purl.fcla.edu/fcla/etd/UFE0000317.
Full textAbstract:
Thesis (M.S.)--University of Florida, 2001.Title from title page of source document. Document formatted into pages; contains vi, 66 p.; also contains graphics. Includes vita. Includes bibliographical references.
13
Ozbey, Halil. "A Genetic-based Intelligent Intrusion Detection System." Master's thesis, METU, 2005. http://etd.lib.metu.edu.tr/upload/2/12606636/index.pdf.
Full textAbstract:
In this study we address the problem of detecting new types of intrusions to computer systems which cannot be handled by widely implemented knowledge-based mechanisms. The solutions offered by behavior-based prototypes either suffer low accuracy and low completeness or require use data eplaining abnormal behavior which actually is not available. Our aim is to develop an algorithm which can produce a satisfactory model of the target system&rsquos behavior in the absence of negative data. First, we design and develop an intelligent and behavior-based detection mechanism using genetic-based machine learning techniques with subsidies in the Bucket Brigade Algorithm. It classifies the possible system states to be normal and abnormal and interprets the abnormal state observations as evidences for the presence of an intrusion. Next we provide another algorithm which focuses on capturing normal behavior of the target system to detect intrusions again by identifying anomalies. A compact and highly complete rule set is generated by continuously inserting observed states as rules into the rule set and combining similar rule pairs in each step. Experiments conducted using the KDD-99 data set have produced fairly good results for both of the algorihtms.
14
Otto, vor dem gentschen Felde Nils. "Ein föderiertes Intrusion Detection System für Grids." Diss., lmu, 2008. http://nbn-resolving.de/urn:nbn:de:bvb:19-95066.
Full text
15
Nguyen, Quang Trung. "Intrusion Detection System for Classifying User Behavior." Thesis, KTH, Skolan för informations- och kommunikationsteknik (ICT), 2010. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-26398.
Full textAbstract:
Nowaday, we use computers for everything from banking and investing to shopping and communicating with others through email or chat programs. Not only for personal use, computers and network of computers become crucial parts of companies, organizations, governments. A lot of important information is stored in computers and transfered across networks and the Internet. Unauthorized users break into systems to have access to private information. This brings the need of a system that can detect and prevent those harmful activities. Intrusion detection systems (IDSs) monitor networks and/or systems to detect malicious activities. That helps us to re-act and stop intruders. There are two types of IDSs, network-based IDSs and host-based IDSs. A network-based IDS monitors network traffic and activities to find attacks, and a host-based IDS monitors activities in a computer system to detect malicious actions. This thesis is a research on using machine learning techniques in implementing a host-based IDS that can tell us a computer process is normal (harmless) or abnormal (harmful). Three machine learning techniques are applied to Basic Security Module (BSM) log files of a Solaris system. Data sets used in experiments are from DARPA Intrusion Detection Evaluation 1998. The research provides some ways to apply Support Vector Machines, k-Nearest Neighbors and Hidden Markov Models to an IDS, and compares performances of these three methods
16
Karimi, Ahmad Maroof. "Distributed Machine Learning Based Intrusion Detection System." University of Toledo / OhioLINK, 2016. http://rave.ohiolink.edu/etdc/view?acc_num=toledo1470401374.
Full text
17
Salce, Licia <1973>. "Potenzialità e limiti degli Intrusion Detection System." Master's Degree Thesis, Università Ca' Foscari Venezia, 2014. http://hdl.handle.net/10579/4792.
Full textAbstract:
Si effettua un'analisi dell'efficacia delle regole di un Intrusion Detection System per il rilevamento di attacchi informatici rivolti a servizi web. Si studia l'elaborazione di un insieme di regole per scoprire i tentativi di attacchi in condizioni generali e di una strategia applicabile a casi particolari, in cui sia nota la struttura dell'applicazione web. Si esplora inoltre la possibilità di riuscire a rilevare solo gli attacchi andati a buon fine riducendo al minimo i messaggi derivanti da tentativi non riusciti.
18
Judd, John David. "Stream splitting in support of intrusion detection." Thesis, Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2003. http://library.nps.navy.mil/uhtbin/hyperion-image/03Jun%5FJudd.pdf.
Full text
19
Hansen, Sinclair D. "An intrusion detection system for supervisory control and data acquisition systems." Thesis, Queensland University of Technology, 2008. https://eprints.qut.edu.au/16636/1/Sinclair_Hansen_Thesis.pdf.
Full textAbstract:
Despite increased awareness of threats against Critical Infrastructure (CI), securing of Supervisory Control and Data Acquisition (SCADA) systems remains incomplete. The majority of research focuses on preventative measures such as improving communication protocols and implementing security policies. New attempts are being made to use commercial Intrusion Detection System (IDS) software to protect SCADA systems. These have limited effectiveness because the ability to detect specific threats requires the context of the SCADA system. SCADA context is defined as any information that can be used to characterise the current status and function of the SCADA system. In this thesis the standard IDS model will be used with the varying SCADA data sources to provide SCADA context to a signature and anomaly detection engine. A novel addition to enhance the IDS model will be to use the SCADA data sources to simulate the remote SCADA site. The data resulting from the simulation is used by the IDS to make behavioural comparison between the real and simulated SCADA site. To evaluate the enhanced IDS model the specific context of a water and wastewater system is used to develop a prototype. Using this context it was found that the inflow between sites has similar diurnal characteristic to network traffic. This introduced the idea of using inflow data to detect abnormal behaviour for a remote wastewater site. Several experiments are proposed to validate the prototype using data from a real SCADA site. Initial results show good promise for detecting abnormal behaviour and specific threats against water and wastewater SCADA systems.
20
Hansen, Sinclair D. "An intrusion detection system for supervisory control and data acquisition systems." Queensland University of Technology, 2008. http://eprints.qut.edu.au/16636/.
Full textAbstract:
Despite increased awareness of threats against Critical Infrastructure (CI), securing of Supervisory Control and Data Acquisition (SCADA) systems remains incomplete. The majority of research focuses on preventative measures such as improving communication protocols and implementing security policies. New attempts are being made to use commercial Intrusion Detection System (IDS) software to protect SCADA systems. These have limited effectiveness because the ability to detect specific threats requires the context of the SCADA system. SCADA context is defined as any information that can be used to characterise the current status and function of the SCADA system. In this thesis the standard IDS model will be used with the varying SCADA data sources to provide SCADA context to a signature and anomaly detection engine. A novel addition to enhance the IDS model will be to use the SCADA data sources to simulate the remote SCADA site. The data resulting from the simulation is used by the IDS to make behavioural comparison between the real and simulated SCADA site. To evaluate the enhanced IDS model the specific context of a water and wastewater system is used to develop a prototype. Using this context it was found that the inflow between sites has similar diurnal characteristic to network traffic. This introduced the idea of using inflow data to detect abnormal behaviour for a remote wastewater site. Several experiments are proposed to validate the prototype using data from a real SCADA site. Initial results show good promise for detecting abnormal behaviour and specific threats against water and wastewater SCADA systems.
21
Moten, Daryl, and Farhad Moazzami. "Telemetry Network Intrusion Detection Test Bed." International Foundation for Telemetering, 2013. http://hdl.handle.net/10150/579527.
Full textAbstract:
ITC/USA 2013 Conference Proceedings / The Forty-Ninth Annual International Telemetering Conference and Technical Exhibition / October 21-24, 2013 / Bally's Hotel & Convention Center, Las Vegas, NVThe transition of telemetry from link-based to network-based architectures opens these systems to new security risks. Tools such as intrusion detection systems and vulnerability scanners will be required for emerging telemetry networks. Intrusion detection systems protect networks against attacks that occur once the network boundary has been breached. An intrusion detection model was developed in the Wireless Networking and Security lab at Morgan State University. The model depends on network traffic being filtered into traffic streams. The streams are then reduced to vectors. The current state of the network can be determined using Viterbi analysis of the stream vectors. Viterbi uses the output of the Hidden Markov Model to find the current state of the network. The state information describes the probability of the network being in predefined normal or attack states based on training data. This output can be sent to a network administrator depending on threshold levels. In this project, a penetration-testing tool called Metasploit was used to launch attacks against systems in an isolated test bed. The network traffic generated during an attack was analyzed for use in the MSU intrusion detection model.
22
Prestberg, Lars. "Automatisk sammanställning av mätbara data : Intrusion detection system." Thesis, Mittuniversitetet, Avdelningen för informations- och kommunikationssystem, 2016. http://urn.kb.se/resolve?urn=urn:nbn:se:miun:diva-28254.
Full textAbstract:
Projektet utförs på IT-säkerhetsbolaget i Skandinavien AB, en del i deras utbud är ett Cyberlarm där delar skall automatiseras för att kunna presentera information till kunder på ett smidigare sätt. Syftet är att kunna erbjuda kunder mer valuta för pengarna vilket samtidigt innebär ett extra säljargument för produkten. Cyberlarmet är förenklat ett Intrusion Detection System som läser av trafik på ett nätverk och larmar operatören om något suspekt sker på nätet. Utifrån databasen som all information sparas i skapas grafer och tabeller som en översikt av nätet, denna information skall skickas till kunder på veckobasis, vilket sker genom ett Python-script samt ett antal open-source programvaror. Resultatet visar att det automatiserade sättet att utföra uppgiften tar 5,5% av tiden det tog att skapa en levererad grafsida med orginalmetoden. Mot den föreslagna manuella metoden, för tre sensorer, tog den automatiserade metoden 11% av tiden. När endast skapandet av pdf utfördes låg den automatiserade metoden på 82,1% respektive 69,7% av den manuella tiden för en respektive tre sensorer.
23
Sohal, Amandeep Kaur. "A taxonomy-based approach to intrusion detection system." abstract and full text PDF (free order & download UNR users only), 2007. http://0-gateway.proquest.com.innopac.library.unr.edu/openurl?url_ver=Z39.88-2004&rft_val_fmt=info:ofi/fmt:kev:mtx:dissertation&res_dat=xri:pqdiss&rft_dat=xri:pqdiss:1446428.
Full text
24
Ang, Kah Kin. "A multilevel secure constrained intrusion detection system prototype." Thesis, Monterey, California. Naval Postgraduate School, 2010. http://hdl.handle.net/10945/5026.
Full textAbstract:
Approved for public release; distribution is unlimitedThe Monterey Security Architecture (MYSEA) provides a distributed multilevel secure (MLS) environment consisting of a MLS local area network (LAN) and multiple single-level networks. The MYSEA server enforces a mandatory access control policy to ensure that users can only access data for which they are authorized. Intrusion detection systems (IDS) placed on a single-level network can store the alerts in the IDS databases at the same classification level as the network being monitored. As most databases do not support the enforcement of mandatory security policies, access to these databases is restricted to singlelevel access only. Thus, administrators are not presented with a coherent view of IDS alerts from all of the connected networks. The objective of this thesis is to design a database proxy to allow administrators to view and analyze IDS information at multiple classification levels while enforcing the systems overall mandatory policy. Based on the derived concept of operations and the requirements, a design for the database proxy that mediates access to databases at different levels was conceived. A prototype database proxy was implemented along with modifications to a web-based analysis tool to allow the viewing and analysis of IDS information at multiple classification levels.
25
Al-Nashif, Youssif. "MULTI-LEVEL ANOMALY BASED AUTONOMIC INTRUSION DETECTION SYSTEM." Diss., The University of Arizona, 2008. http://hdl.handle.net/10150/195504.
Full textAbstract:
The rapid growth and deployment of network technologies and Internet services has made security and management of networks a challenging research problem. This growth is accompanied by an exponential growth in the number of network attacks, which have become more complex, more organized, more dynamic, and more severe than ever. Current network protection techniques are static, slow in responding to attacks, and inefficient due to the large number of false alarms. Attack detection systems can be broadly classified as being signature-based, classification-based, or anomaly-based. In this dissertation, I present a multi-level anomaly based autonomic network defense system which can efficiently detect both known and unknown types of network attacks with a high detection rate and low false alarms. The system uses autonomic computing to automate the control and management of multi-level intrusion detection system and integrate the different components of the system. The system defends the network by detecting anomalies in network operations that may have been caused by network attacks. Like other anomaly detection systems, AND captures a profile of normal network behavior.In this dissertation, I introduce experimental results that evaluate the effectiveness and performance of the multi-level anomaly based autonomic network intrusion detection system in detecting network attacks. The system consist of monitoring modules, feature aggregation and correlation modules, behavior analysis modules, decision fusion module, global visualization module, risk and impact analysis module, action module, attack classification module, and the adaptive learning module. I have successfully implemented a prototype system based on my multi-level anomaly based approach. The experimental results and evaluation of our prototype show that our multi-level intrusion detection system can efficiently and effectively detect and protect against any type of network attacks known or unknown in real-time. Furthermore, the overhead of our approach is insignificant on the normal network operations and services.
26
Langin, Chester Louis. "A SOM+ Diagnostic System for Network Intrusion Detection." OpenSIUC, 2011. https://opensiuc.lib.siu.edu/dissertations/389.
Full textAbstract:
This research created a new theoretical Soft Computing (SC) hybridized network intrusion detection diagnostic system including complex hybridization of a 3D full color Self-Organizing Map (SOM), Artificial Immune System Danger Theory (AISDT), and a Fuzzy Inference System (FIS). This SOM+ diagnostic archetype includes newly defined intrusion types to facilitate diagnostic analysis, a descriptive computational model, and an Invisible Mobile Network Bridge (IMNB) to collect data, while maintaining compatibility with traditional packet analysis. This system is modular, multitaskable, scalable, intuitive, adaptable to quickly changing scenarios, and uses relatively few resources.
27
Borek, Martin. "Intrusion Detection System for Android : Linux Kernel System Salls Analysis." Thesis, KTH, Skolan för informations- och kommunikationsteknik (ICT), 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-222382.
Full textAbstract:
Smartphones provide access to a plethora of private information potentially leading to financial and personal hardship, hence they need to be well protected. With new Android malware obfuscation and evading techniques, including encrypted and downloaded malicious code, current protection approaches using static analysis are becoming less effective. A dynamic solution is needed that protects Android phones in real time. System calls have previously been researched as an effective method for Android dynamic analysis. However, these previous studies concentrated on analysing system calls captured in emulated sandboxed environments, which does not prove the suitability of this approach for real time analysis on the actual device. This thesis focuses on analysis of Linux kernel system calls on the ARMv8 architecture. Given the limitations of android phones it is necessary to minimise the resources required for the analyses, therefore we focused on the sequencing of system calls. With this approach, we sought a method that could be employed for a real time malware detection directly on Android phones. We also experimented with different data representation feature vectors; histogram, n-gram and co-occurrence matrix. All data collection was carried out on a real Android device as existing Android emulators proved to be unsuitable for emulating a system with the ARMv8 architecture. Moreover, data were collected on a human controlled device since reviewed Android event generators and crawlers did not accurately simulate real human interactions. The results show that Linux kernel sequencing carry enough information to detect malicious behaviour of malicious applications on the ARMv8 architecture. All feature vectors performed well. In particular, n-gram and co-occurrence matrix achieved excellent results. To reduce the computational complexity of the analysis, we experimented with including only the most commonly occurring system calls. While the accuracy degraded slightly, it was a worthwhile trade off as the computational complexity was substantially reduced.Smartphones ger tillgång till en uppsjö av privat information som potentiellt kan leda till finansiella och personliga svårigheter. Därför måste de vara väl skyddade. En dynamisk lösning behövs som skyddar Android-telefoner i realtid. Systemanrop har tidigare undersökts som en effektiv metod för dynamisk analys av Android. Emellertid fokuserade dessa tidigare studier på systemanrop i en emulerad sandbox miljö, vilket inte visar lämpligheten av detta tillvägagångssätt för realtidsanalys av själva enheten. Detta arbete fokuserar på analys av Linux kärnan systemanrop på ARMv8 arkitekturen. Givet begränsningarna som existerar i Android-telefoner är det väsentligt att minimera resurserna som krävs för analyserna. Därför fokuserade vi på sekvenseringen av systemanropen. Med detta tillvägagångssätt sökte vi en metod som skulle kunna användas för realtidsdetektering av skadliga program direkt på Android-telefoner. Vi experimenterade dessutom med olika funktionsvektorer för att representera data; histogram, n-gram och co-occurrence matriser. All data hämtades från en riktig Android enhet då de existerande Android emulatorerna visade sig vara olämpliga för att emulera ett system med ARMv8 arkitekturen. Resultaten visar att Linus kärnans sekvensering har tillräckligt med information för att upptäcka skadligt beteende av skadliga applikationer på ARMv8 arkitekturen. Alla funktionsvektorer presterade bra. N-gram och cooccurrence matriserna uppnådde till och med lysande resultat. För att reducera beräkningskomplexiteten av analysen, experimenterade vi med att enbart använda de vanligaste systemanropen. Fast noggrannheten minskade lite, var det värt uppoffringen eftersom beräkningskomplexiteten reducerades märkbart.
28
Buennemeyer, Timothy Keith. "Battery-Sensing Intrusion Protection System (B-SIPS)." Diss., Virginia Tech, 2008. http://hdl.handle.net/10919/30037.
Full textAbstract:
This dissertation investigates using instantaneous battery current sensing techniques as a means of detecting IEEE 802.15.1 Bluetooth and 802.11b (Wi-Fi) attacks and anomalous activity on small mobile wireless devices. This research explores alternative intrusion detection methods in an effort to better understand computer networking threats. This research applies to Personal Digital Assistants (PDAs) and smart phones, operating with sensing software in wireless network environments to relay diagnostic battery readings and threshold breaches to indicate possible battery exhaustion attack, intrusion, virus, and worm activity detections. The system relies on host-based software to collect smart battery data to sense instantaneous current characteristics of anomalous network activity directed against small mobile devices. This effort sought to develop a methodology, design and build a net-centric system, and then further explore this non-traditional intrusion detection system (IDS) approach. This research implements the Battery-Sensing Intrusion Protection System (B-SIPS) client detection capabilities for small mobile devices, a server-based Correlation Intrusion Detection Engine (CIDE) for attack correlation with Snortâ s network-based IDS, device power profiling, graph views, security administrator alert notification, and a database for robust data storage. Additionally, the server-based CIDE provides the interface and filtering tools for a security administrator to further mine our database and conduct forensic analysis. A separate system was developed using a digital oscilloscope to observe Bluetooth, Wi-Fi, and blended attack traces and to create unique signatures.
The research endeavor makes five significant contributions to the security field of intrusion detection. First, this B-SIPS work creates an effective intrusion detection approach that can operate on small, mobile host devices in networking environments to sense anomalous patterns in instantaneous battery current as an indicator of malicious activity using an innovative Dynamic Threshold Calculation (DTC) algorithm. Second, the Current Attack Signature Identification and Matching System (CASIMS) provides a means for high resolution current measurements and supporting analytical tools. This system investigates Bluetooth, Wi-Fi, and blended exploits using an oscilloscope to gather high fidelity data. Instantaneous current changes were examined on mobile devices during representative attacks to determine unique attack traces and recognizable signatures. Third, two B-SIPS supporting theoretical models are presented to investigate static and dynamic smart battery polling. These analytical models are employed to examine smart battery characteristics to support the theoretical intrusion detection limits and capabilities of B-SIPS. Fourth, a new genre of attack, known as a Battery Polling Cycle Timing Attack, is introduced. Todayâ s smart battery technology polling rates are designed to support Advanced Power Management needs. Every PDA and smart phone has a polling rate that is determined by the device and smart battery original equipment manufacturers. If an attacker knows the precise timing of the polling rate of the batteryâ s chipset, then the attacker could attempt to craft intrusion packets to arrive within those limited time windows and between the batteryâ s polling intervals. Fifth, this research adds to the body of knowledge about non-traditional attack sensing and correlation by providing a component of an intrusion detection strategy. This work expands todayâ s research knowledge towards a more robust multilayered network defense by creating a novel design and methodology for employing mobile computing devices as a first line of defense to improve overall network security and potentially through extension to other communication mediums in need of defensive capabilities. Mobile computing and communications devices such as PDAs, smart phones, and ultra small general purpose computing devices are the typical targets for the results of this work. Additionally, field-deployed battery operated sensors and sensor networks will also benefit by incorporating security mechanisms developed and described here.Ph. D.
29
Karkera, Akhil Narayan. "Design and implementation of a policy-based intrusion detection system generic intrusion detection model for a distributed network /." [Gainesville, Fla.] : University of Florida, 2002. http://purl.fcla.edu/fcla/etd/UFE0000550.
Full text
30
Nayeem, Fatima, and M. Vijayakamal. "Policies Based Intrusion Response System for DBMS." IJCSN, 2012. http://hdl.handle.net/10150/271494.
Full textAbstract:
Relational databases are built on Relational Model
proposed by Dr. E. F. Codd. The relational model has
become a consistent and widely used DBMS in the world.
The databases in this model are efficient in storing and
retrieval of data besides providing authentication through
credentials. However, there might be many other attacks
apart from stealing credentials and intruding database.
Adversaries may always try to intrude into the relational
database for monetary or other gains [1]. The relational
databases are subjected to malicious attacks as they hold
the valuable business data which is sensitive in nature.
Monitoring such database continuously is a task which is
inevitable keeping the importance of database in mind.
This is a strategy that is in top five database strategies as
identified by Gartner research which are meant for getting
rid of data leaks in organizations [2]. There are regulations
from governments like US with respect to managing data
securely. The data management like HIAPP, GLBA, and
PCI etc. is mentioned in the regulations as examples.Intrusion detection systems play an important role in detecting online intrusions and provide necessary alerts. Intrusion detection can also be done for relational databases. Intrusion response system for a relational database is essential to protect it from external and internal attacks. We propose a new intrusion response system for relational databases based on the database response policies. We have developed an interactive language that helps database administrators to determine the responses to be provided by the response system based on the malicious requests encountered by relational database. We also maintain a policy database that maintains policies with respect to response system. For searching the suitable policies algorithms are designed and implemented. Matching the right policies and policy administration are the two problems that are addressed in this paper to ensure faster action and prevent any malicious changes to be made to policy objects. Cryptography is also used in the process of protecting the relational database from attacks. The experimental results reveal that the proposed response system is effective and useful.
31
Fleming, Theodor, and Hjalmar Wilander. "Network Intrusion and Detection : An evaluation of SNORT." Thesis, Linköpings universitet, Institutionen för datavetenskap, 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-144335.
Full textAbstract:
Network security has become a vital part for computer networks to ensure that they operate as expected. With many of today's services relying on networks it is of great importance that the usage of networks are not being compromised. One way to increase the security of a computer network is to implement a Network Intrusion Detection System (NIDS). This system monitors the traffic sent to, from and within the network. This study investigates how a NIDS called SNORT with different configurations handles common network attacks. The knowledge of how SNORT managed the attacks is used to evaluate and indicate the vulnerability of different SNORT configurations. Different approaches on both how to bypass SNORT and how to detect attacks are described both theoretically, and practically with experiments. This study concludes that a carefully prepared configuration is the factor for SNORT to perform well in network intrusion detection.
32
Schiavo, Sandra Jean. "An intrusion-detection tutoring system using means-ends analysis." Thesis, Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 1995. http://handle.dtic.mil/100.2/ADA294283.
Full text
33
Hashmi, Adeel. "Hardware Acceleration of Network Intrusion Detection System Using FPGA." Thesis, Manchester Metropolitan University, 2011. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.526973.
Full text
34
Zhang, Huan. "Parallelization of a software based intrusion detection system - Snort." Thesis, University of Canterbury. Electrical and Computer Engineering, 2011. http://hdl.handle.net/10092/5988.
Full textAbstract:
Computer networks are already ubiquitous in people’s lives and work and network security is becoming a critical part. A simple firewall, which can only scan the bottom four OSI layers, cannot satisfy all security requirements. An intrusion detection system (IDS) with deep packet inspection, which can filter all seven OSI layers, is becoming necessary for more and more networks. However, the processing throughputs of the IDSs are far behind the current network speed. People have begun to improve the performance of the IDSs by implementing them on different hardware platforms, such as Field-Programmable Gate Array (FPGA) or some special network processors. Nevertheless, all of these options are either less flexible or more expensive to deploy. This research focuses on some possibilities of implementing a parallelized IDS on a general computer environment based on Snort, which is the most popular open-source IDS at the moment.
In this thesis, some possible methods have been analyzed for the parallelization of the pattern-matching engine based on a multicore computer. However, owing to the small granularity of the network packets, the pattern-matching engine of Snort is unsuitable for parallelization. In addition, a pipelined structure of Snort has been implemented and analyzed. The universal packet capture API - LibPCAP has been modified for a new feature, which can capture a packet directly to an external buffer. Then, the performance of the pipelined Snort can have an improvement up to 60% on an Intel i7 multicore computer for jumbo frames. A primary limitation is on the memory bandwidth. With a higher bandwidth, the performance of the parallelization can be further improved.
35
McDonald, Kevin E. (Kevin Edward) 1978. "A lightweight real-time host-based intrusion detection system." Thesis, Massachusetts Institute of Technology, 2001. http://hdl.handle.net/1721.1/86677.
Full textAbstract:
Thesis (M.Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2001.Includes bibliographical references (leaves 98-100).
by Kevin E. McDonald.
M.Eng.
36
Stanley, Fred Philip. "Intrusion detection and response for system and network attacks." [Ames, Iowa : Iowa State University], 2009.
Find full text
37
Liu, Zhen. "A lightweight intrusion detection system for the cluster environment." Master's thesis, Mississippi State : Mississippi State University, 2003. http://sun.library.msstate.edu/ETD-db/theses/available/etd-07102003-152642/unrestricted/ZhenLiu%5Fthesis.pdf.
Full text
38
Ganesh, Kandalgaonkar Amol. "Enhancing an intrusion detection system framework using selective feedback." Columbus, Ohio : Ohio State University, 2003. http://rave.ohiolink.edu/etdc/view?acc%5Fnum=osu1162313091.
Full text
39
Vigo, Jr John L. "Wireless intrusion detection system." 2004. http://etd-db.uno.edu/theses/available/etd-11242004-142849/.
Full textAbstract:
Thesis (M.S.)--University of New Orleans, 2004.Title from electronic submission form. "A thesis ... in partial fulfillment of the requirements for the degree of Master of Science in the Department of Computer Science."--Thesis t.p. Vita. Includes bibliographical references.
40
Tsai, Kuo-Shou, and 蔡國手. "An Embedded Intrusion Detection System." Thesis, 2000. http://ndltd.ncl.edu.tw/handle/40544653703402308739.
Full textAbstract:
碩士國立交通大學
資訊管理所
88
An Intrusion Detection System (IDS) is used to protect data from being misused or unauthorized accessed. It monitors the system activities to find whether they contain any predefined attack signature. But the weakness of all common IDSs is the security problem of the IDS themselves. An IDS may be the first target of experienced attackers. An Embedded Intrusion Detection System trys to avoid the problem by hiding itself in a protected host. The idea is intuitive and simple, if we want to use IDS to protect a web server, we put together the IDS and the web server. We use HTTP to talk to the IDS, and normal web visitor uses HTTP to access what he want. The IDS is “ Embedded” within the web server. It is not easy for attackers to find the IDS such that the IDS should be more secure.
41
Wang, Po-Wei, and 王博瑋. "NetFlow Based Intrusion Detection System." Thesis, 2004. http://ndltd.ncl.edu.tw/handle/82779373654190533992.
Full textAbstract:
碩士大同大學
資訊工程學系(所)
92
Due to the popularity of Internet, people can access remote resource on the Internet conveniently. But numerous malicious network events such as computer virus and hacker attack make the network management more difficult. A network intrusion detection system is thus more and more demanding. In this thesis, a NetFlow based anomaly intrusion detection system is presented. In addition, guidelines to properly configure and setup network device to minimize the possibilities that network attacks come from inside are also proposed. As the Internet becomes the platform of daily activities, the threat of network attack is also become more serious. Firewall along is not capable to protect the system from being attacked through normal service channel. Furthermore, most of the current intrusion detection system focus on the border of organization network which does not provide protection to hosts in the local network and the network itself if the attack is from inside. Therefore, in addition to the firewall and border IDS, we need to use other type of intrusion detection system to protect the critical system as well as the network itself.We propose an inexpensive and easy to implement way to perform the anomaly type intrusion detection based on the NetFlow information exported from the routers or other network probes. Our system can detect several types of network attack from inside or outside and perform counter maneuver accordingly.
42
KUMAR, VIJAY. "AN EFFICIENT INTRUSION DETECTION SYSTEM." Thesis, 2011. http://dspace.dtu.ac.in:8080/jspui/handle/repository/13830.
Full textAbstract:
M.TECHNetwork security has become a critical issue due to increase of traffic on the internet. Traffic on the internet has also increased the attack types. Intrusion detection has become one of the major tasks. It faces a number of challenges; an intrusion detection system must reliably detect malicious activities in a network and must perform efficiently to cope with the large amount of network traffic. In this thesis we are trying to analyze various techniques for intrusion detection on the bases of efficiency, accuracy and robustness. It has been seen that various anomaly based approaches face the problem of a large number of false alarms which may cause the network administrator to ignore them completely. We have implemented two of the latest hybrid approaches Layered approach using conditional random fields and Fuzzy clustering with artificial neural networks (FCANN). We observed that FCANN provide better results.
43
Lauf, Adrian Peter. "HybrIDS embeddable hybrid intrusion detection system /." Diss., 2007. http://etd.library.vanderbilt.edu/ETD-db/available/etd-12062007-095827/.
Full text
44
TSU-WEI, CHANG, and 張祖瑋. "Multi-Agent based Intrusion Detection System." Thesis, 2009. http://ndltd.ncl.edu.tw/handle/31974123819869911059.
Full textAbstract:
碩士開南大學
資訊管理學系
97
As the rapid development and pervasion of the Internet, network attacks are happened more frequently in these days. Network security becomes more important, while the firewall deployment is the first defense line for the information security. However, as the risks of network security get higher, firewalls can no longer satisfy the needs of network security. As a result, the intrusion detection system (IDS) becomes another important security mechanism. High false positive rate is one of the major issues for IDSs. An agent-based intrusion detection system is designed by combining current IDS technologies with multi-agent systems. This anomaly detection method adopts self-organizing maps exclusively to learn the characteristics of normal behaviors. As long as some network behavior is deviated from normal one, this Multi-Agent based Intrusion Detection System (MAIDS) can detect it with low false positive rate.
45
Lee, Yen-Chin, and 李彥青. "Intrusion Detection System with Temporal Relationships." Thesis, 2008. http://ndltd.ncl.edu.tw/handle/35569911356322760536.
Full textAbstract:
碩士國立臺灣科技大學
資訊工程系
96
In society nowadays, the use of Internet becomes more prevalent. However, as the Internet developed, it also has a growing number of potential risks. We need some mechanisms to help us protecting our systems from these risks. An Intrusion Detection System (IDS) is generally used to detect anomalous behaviors and give system administrators alarms if it detects suspicious behaviors. We design an intrusion detection system by considering temporal relationships among them, and then use semi-supervised learning with EM algorithm to update our model. To consider temporal relationships among data, we use a Hidden Markov Model (HMM). To deal with high dimensional data, so we combine HMM with Naive Bayes. Also, to consider temporal interaction of order higher than one, we adopt high-order Markov model and the detection result shows us better performance than the result from one-order Markov model. On the other hand, we use the result of support vector machine with temporal consideration to compare with our experiment result. By the results, we can observe that the temporal relationships can really help us to achieve higher detection accuracy. Finally, as an adaptive version of our model, we use semi-supervised learning with EM algorithm to tune our parameters. By this way, we can train a model which can fit to the real environment with adaptive manner.
46
Rabie, Mohammad A. "Attack visualization for intrusion detection system." Thesis, 2002. http://library1.njit.edu/etd/fromwebvoyage.cfm?id=njit-etd2002-092.
Full text
47
Dass, Mayukh. "LIDS a Learning Intrusion Detection System /." 2003. http://purl.galileo.usg.edu/uga%5Fetd/dass%5Fmayukh%5F200308%5Fms.
Full textAbstract:
Thesis (M.S.)--University of Georgia, 2003.Directed by Walter D. Potter. Includes articles published in The proceedings of the 16th International Flairs Conference, The proceedings of the 6th International Conference on Industrial & Engineering Applications of Artificial Intelligence & Expert Systems, and The digital proceedings of the 41st ACM Southeast Conference, and an article submitted to Network Security Conference. Includes bibliographical references.
48
Sachdev, M. "Wireless intrusion detection system using fingerprinting." Thesis, 2014. http://ethesis.nitrkl.ac.in/5636/1/E-69.pdf.
Full textAbstract:
Wireless network is the network which is easy to deploy and very easy to access that network and that network is user friendly. The main reason behind of getting popular is because it provide benefits, like as easy to installation, flexibility, mobility, scalability and reduced cost-of-ownership. But drawback in these wireless networks is that it doesn't provide security as much as required, due to that user faces attacks of various types which are damageable to user information. One of the serious attack is Identity based attacks which steals the identity of some other user in that network and performed some other attack. The available present security tools to detect such these identity(spoofed MAC) based attacks are quite limited. In this proposed work a new technique is developed for detecting masquerade(identity) attacks or spoofed MAC attack exploited in 802.11 wireless network. Current methods of device fingerprinting includes only probe request packets fingerprinting, which results in large amount of false positive. In our proposed work fingerprint is created on basis of three frames which are required in three section of connectivity phase and that frames are probe request frame, authentication frame and association frame. Time differences between consecutive frames are take into consideration and on the basis of that fingerprint is created of different device. In this proposed technique cross-correlation method is used to estimate the signals similarity in terms of time lagging to each other. Those signals are captured by different devices. Stored signature of actual device and captured signal of transmitting device is compared using this technique and after that result analysis, identification of device is done.
49
R, UNNI. "PC Based Ultrasonic Intrusion Detection System." Thesis, 2018. http://ethesis.nitrkl.ac.in/9945/1/2018_MT_216EC3221_RUnni_PC.pdf.
Full textAbstract:
An effective low-cost intrusion detection system is necessary for smart homes, offices, server room since number of theft operations are reported. For monitoring the intrusion activity an intrusion detection system is required which is placed in a monitoring location and track the intruders distance, velocity, and date of occurrence. The ultrasonic sensor is used for motion detection since it has good accuracy and is able to track the intruders distance in the range of meters. The HC-SR04 ultrasonic sensor have high frequency, high sensitivity, and high penetrating power so it can easily sense the intruder. Output of the sensor is received through a microcontroller for programming and further display in a LCD. When the intruder detected, a primary alert process is initiated followed by a text message alert. The text message alert is given to the registered number via a global system for mobile communication (GSM) module. The serial data obtained from the microcontroller is interfaced with LabVIEW for data logging. When intruder is detected a good resolution USB-camera is turned on which is controlled by LabVIEW and IMAQ vision assistant. IMAQ will receive data from the USB-camera and the intruder image is snapped and stored to the host PC (Personal computer). The obtained pictures are further carried out for human detection. MATLAB based human detection algorithm detects the intruder morphology and number of intruders. This system can be achieved with little computational power that makes the system ideal for many situations. This design could find application in security systems for smart home, bank locker, and jewelry.
50
Chen, Sout-Fong, and 陳少鋒. "Building Intrusion Pattern Miner for Snort Network Intrusion Detection System." Thesis, 2003. http://ndltd.ncl.edu.tw/handle/01429644317481328466.
Full textAbstract:
碩士國立雲林科技大學
電子與資訊工程研究所碩士班
91
Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. However, Snort cannot generate intrusion pattern automatically. It means that experts must first analyze and categorize attack packets, and hand-code the corresponding patterns and rules for misuse detection. After that, system administrators configure Snort detection rules manually to the network intrusion detection system. This results in Snort having limited extensibility and adaptability. In this paper, we propose a framework for Snort to make it have the ability of not only catching new attack patterns automatically, but also detecting sequential attack behaviors. To do that, we first build an Intrusion Pattern Discovery Module to find single intrusion patterns and sequential intrusion patterns from a collection of attack packets in off-line training. The module applies data mining technique to extract descriptive attack signatures from large stores of packets, and then it converts the signatures to Snort detection rules for on-line detection. In order to detect sequential intrusion behavior, the Snort detection engine is accompanied with our Instruction Behavior Detection Engine. When a series of incoming packets match the signatures representing sequential intrusion scenarios, Instruction Behavior Detection Engine will make an alert. In summary, we enhance the functionality of Snort by adding the Intrusion Pattern Discovery Module and Instruction Behavior Detection Engine to the original Snort system. That not only makes Snort to mine instruction patterns automatically, but also extends the detecting ability of Snort. Furthermore, it improves the false negative rate and false positive rate for Snort misuse detection.