Dissertations / Theses on the topic 'Network security intrusion detection'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 dissertations / theses for your research on the topic 'Network security intrusion detection.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
Maharjan, Nadim, and Paria Moazzemi. "Telemetry Network Intrusion Detection System." International Foundation for Telemetering, 2012. http://hdl.handle.net/10150/581632.
Full textTelemetry systems are migrating from links to networks. Security solutions that simply encrypt radio links no longer protect the network of Test Articles or the networks that support them. The use of network telemetry is dramatically expanding and new risks and vulnerabilities are challenging issues for telemetry networks. Most of these vulnerabilities are silent in nature and cannot be detected with simple tools such as traffic monitoring. The Intrusion Detection System (IDS) is a security mechanism suited to telemetry networks that can help detect abnormal behavior in the network. Our previous research in Network Intrusion Detection Systems focused on "Password" attacks and "Syn" attacks. This paper presents a generalized method that can detect both "Password" attack and "Syn" attack. In this paper, a K-means Clustering algorithm is used for vector quantization of network traffic. This reduces the scope of the problem by reducing the entropy of the network data. In addition, a Hidden-Markov Model (HMM) is then employed to help to further characterize and analyze the behavior of the network into states that can be labeled as normal, attack, or anomaly. Our experiments show that IDS can discover and expose telemetry network vulnerabilities using Vector Quantization and the Hidden Markov Model providing a more secure telemetry environment. Our paper shows how these can be generalized into a Network Intrusion system that can be deployed on telemetry networks.
Abdullah, Kulsoom B. "Scaling and Visualizing Network Data to Facilitate in Intrusion Detection Tasks." Diss., Georgia Institute of Technology, 2006. http://hdl.handle.net/1853/10509.
Full textYang, Yi. "Intrusion detection for communication network security in power systems." Thesis, Queen's University Belfast, 2013. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.603572.
Full textBalupari, Ravindra. "Real-time network-based anomaly intrusion detection." Ohio : Ohio University, 2002. http://www.ohiolink.edu/etd/view.cgi?ohiou1174579398.
Full textAdemi, Muhamet. "Web-Based Intrusion Detection System." Thesis, Malmö högskola, Fakulteten för teknik och samhälle (TS), 2013. http://urn.kb.se/resolve?urn=urn:nbn:se:mau:diva-20271.
Full textPark, Yongro. "A statistical process control approach for network intrusion detection." Diss., Georgia Institute of Technology, 2005. http://hdl.handle.net/1853/6835.
Full textStefanova, Zheni Svetoslavova. "Machine Learning Methods for Network Intrusion Detection and Intrusion Prevention Systems." Scholar Commons, 2018. https://scholarcommons.usf.edu/etd/7367.
Full textHuang, Yi-an. "Intrusion Detection and Response Systems for Mobile Ad Hoc Networks." Diss., Georgia Institute of Technology, 2006. http://hdl.handle.net/1853/14053.
Full textPikoulas, John. "An agent-based Bayesian method for network intrusion detection." Thesis, Edinburgh Napier University, 2003. http://researchrepository.napier.ac.uk/Output/4057.
Full textHaas, Steffen [Verfasser]. "Security Monitoring and Alert Correlation for Network Intrusion Detection / Steffen Haas." Hamburg : Staats- und Universitätsbibliothek Hamburg Carl von Ossietzky, 2020. http://d-nb.info/123199780X/34.
Full textFreet, David Nathan. "A Security Visualization Analysis Methodology for Improving Network Intrusion Detection Efficiency." Thesis, Indiana State University, 2017. http://pqdtopen.proquest.com/#viewpdf?dispub=10261868.
Full textThe flood of raw data generated by intrusion detection and other network monitoring devices can be so overwhelming that it causes great difficulty in detecting patterns that might indicate malicious traffic. In order to more effectively monitor and process network and forensic data within a virtualized environment, Security Visualization (SecViz) provides software-based visual interfaces to analyze live and logged network data within the domains of network security, network and cloud forensics, attack prevention, compliance management, wireless security, secure coding, and penetration testing. Modern networks generate enormous amounts of data that is often stored in logs. Due to the lack of effective approaches to organizing and visualizing log data, most network monitoring tools focus at a high level on data throughput and efficiency, or dig too far down into the packet level to allow for useful analysis by network administrators. SecViz offers a simpler and more effective approach to analyzing the massive amounts of log data generated on a regular basis. Graphical representations make it possible to identify and detect malicious activity, and spot general trends and relationships among individual data points. The human brain can rapidly process visual information in a detailed and meaningful manner. By converting network security and forensic data into a human-readable picture, SecViz can address and solve complex data analysis challenges and significantly increase the efficiency by which data is processed by information security professionals.
This study utilizes the Snort intrusion detection system and SecViz tools to monitor and analyze various attack scenarios in a virtualized cloud computing environment. Real-time attacks are conducted in order to generate traffic and log data that can then be re-played in a number of software applications for analysis. A Java-based program is written to aggregate and display Snort data, and then incorporated into a custom Linux-based software environment along with select open-source SecViz tools. A methodology is developed to correlate Snort intrusion alerts with log data in order to create a visual picture that can significantly enhance the identification of malicious network activity and discrimination from normal traffic within a virtualized cloud-based network.
Jacoby, Grant A. "Battery-based intrusion detection /." This resource online, 2005. http://scholar.lib.vt.edu/theses/available/etd-04212005-120840.
Full textEwell, Cris Vincent. "Detection of Deviations From Authorized Network Activity Using Dynamic Bayesian Networks." NSUWorks, 2011. http://nsuworks.nova.edu/gscis_etd/146.
Full textZhang, Junjie. "Effective and scalable botnet detection in network traffic." Diss., Georgia Institute of Technology, 2012. http://hdl.handle.net/1853/44837.
Full textYellapragada, Ramani. "Probabilistic Model for Detecting Network Traffic Anomalies." Ohio University / OhioLINK, 2004. http://rave.ohiolink.edu/etdc/view?acc_num=ohiou1088538020.
Full textTevemark, Jonas. "Intrusion Detection and Prevention in IP Based Mobile Networks." Thesis, Linköping University, Department of Electrical Engineering, 2008. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-12015.
Full textEricsson’s Packet Radio Access Network (PRAN) is a network solution for packet transport in mobile networks, which utilizes the Internet Protocol (IP). The IP protocol offers benefits in responsiveness and performance adaptation to data bursts when compared to Asynchronous Transfer Mode (ATM), which is still often used. There are many manufacturers / operators providing IP services, which reduce costs. The IP’s use on the Internet brings greater end-user knowledge, wider user community and more programs designed for use in IP environments. Because of this, the spectrum of possible attacks against PRAN broadens. This thesis provides information on what protection an Intrusion Prevention System (IPS) can add to the current PRAN solution.
A risk analysis is performed to identify assets in and threats against PRAN, and to discover attacks that can be mitigated by the use of an IPS. Information regarding placement of an IPS in the PRAN network is given and tests of a candidate system are performed. IPS features in hardware currently used by Ericsson as well as missing features are pinpointed . Finally, requirements for an IPS intended for use in PRAN are concluded.
Asarcıklı, Şükran Tuğlular Tuğkan. "Firewall monitoring using intrusion detection systems/." [s.l.]: [s.n.], 2005. http://library.iyte.edu.tr/tezler/master/bilgisayaryazilimi/T000390.pdf.
Full textClark, Christopher R. "Design of Efficient FPGA Circuits For Matching Complex Patterns in Network Intrusion Detection Systems." Thesis, Georgia Institute of Technology, 2004. http://hdl.handle.net/1853/5137.
Full textFogla, Prahlad. "Improving the Efficiency and Robustness of Intrusion Detection Systems." Diss., Georgia Institute of Technology, 2007. http://hdl.handle.net/1853/19772.
Full textLee, Robert. "ON THE APPLICATION OF LOCALITY TO NETWORK INTRUSION DETECTION: WORKING-SET ANALYSIS OF REAL AND SYNTHETIC NETWORK SERVER TRAFFIC." Doctoral diss., Orlando, Fla. : University of Central Florida, 2009. http://purl.fcla.edu/fcla/etd/CFE0002718.
Full textDENG, HONGMEI. "AN INTEGRATED SECURITY SCHEME WITH RESOURCE-AWARENESS FOR WIRELESS AD HOC NETWORKS." University of Cincinnati / OhioLINK, 2004. http://rave.ohiolink.edu/etdc/view?acc_num=ucin1091454944.
Full textLangin, Chester Louis. "A SOM+ Diagnostic System for Network Intrusion Detection." OpenSIUC, 2011. https://opensiuc.lib.siu.edu/dissertations/389.
Full textMantere, M. (Matti). "Network security monitoring and anomaly detection in industrial control system networks." Doctoral thesis, Oulun yliopisto, 2015. http://urn.fi/urn:isbn:9789526208152.
Full textTiivistelmä Kehittyneet yhteiskunnat käyttävät teollisuuslaitoksissaan ja infrastruktuuriensa operoinnissa monimuotoisia automaatiojärjestelmiä. Näiden automaatiojärjestelmien tieto- ja kyberturvallisuuden tila on hyvin vaihtelevaa. Laitokset ja niiden hyödyntämät järjestelmät voivat edustaa usean eri aikakauden tekniikkaa ja sisältää useiden eri aikakauden heikkouksia ja haavoittuvaisuuksia. Järjestelmät olivat aiemmin suhteellisen eristyksissä muista tietoverkoista kuin omista kommunikaatioväylistään. Tämä automaatiojärjestelmien eristyneisyyden heikkeneminen on luonut uuden joukon uhkia paljastamalla niiden kommunikaatiorajapintoja ympäröivälle maailmalle. Nämä verkkoympäristöt ovat kuitenkin edelleen verrattaen eristyneitä ja tätä ominaisuutta voidaan hyödyntää niiden valvonnassa. Tässä työssä esitetään tutkimustuloksia näiden verkkojen turvallisuuden valvomisesta erityisesti poikkeamien havainnoinnilla käyttäen hyväksi koneoppimismenetelmiä. Alkuvaiheen haasteiden ja erityispiirteiden tutkimuksen jälkeen työssä käytetään itsejärjestyvien karttojen (Self-Organizing Map, SOM) algoritmia esimerkkiratkaisun toteutuksessa uuden konseptin havainnollistamiseksi. Tämä uusi konsepti on tapahtumapohjainen koneoppiva poikkeamien havainnointi (Event-Driven Machine Learning Anomaly Detection, EMLAD). Työn kontribuutiot ovat seuraavat, kaikki teollisuusautomaatioverkkojen kontekstissa: ehdotus yhdeksi anomalioiden havainnoinnissa käytettävien ominaisuuksien ryhmäksi, koneoppivan poikkeamien havainnoinnin käyttökelpoisuuden toteaminen, laajennettava ja joustava esimerkkitoteutus uudesta EMLAD-konseptista toteutettuna Bro NSM työkalun ohjelmointikielellä
Li, Zhe. "A Neural Network Based Distributed Intrusion Detection System on Cloud Platform." University of Toledo / OhioLINK, 2013. http://rave.ohiolink.edu/etdc/view?acc_num=toledo1364835027.
Full textLabonne, Maxime. "Anomaly-based network intrusion detection using machine learning." Electronic Thesis or Diss., Institut polytechnique de Paris, 2020. http://www.theses.fr/2020IPPAS011.
Full textIn recent years, hacking has become an industry unto itself, increasing the number and diversity of cyber attacks. Threats on computer networks range from malware to denial of service attacks, phishing and social engineering. An effective cyber security plan can no longer rely solely on antiviruses and firewalls to counter these threats: it must include several layers of defence. Network-based Intrusion Detection Systems (IDSs) are a complementary means of enhancing security, with the ability to monitor packets from OSI layer 2 (Data link) to layer 7 (Application). Intrusion detection techniques are traditionally divided into two categories: signatured-based (or misuse) detection and anomaly detection. Most IDSs in use today rely on signature-based detection; however, they can only detect known attacks. IDSs using anomaly detection are able to detect unknown attacks, but are unfortunately less accurate, which generates a large number of false alarms. In this context, the creation of precise anomaly-based IDS is of great value in order to be able to identify attacks that are still unknown.In this thesis, machine learning models are studied to create IDSs that can be deployed in real computer networks. Firstly, a three-step optimization method is proposed to improve the quality of detection: 1/ data augmentation to rebalance the dataset, 2/ parameters optimization to improve the model performance and 3/ ensemble learning to combine the results of the best models. Flows detected as attacks can be analyzed to generate signatures to feed signature-based IDS databases. However, this method has the disadvantage of requiring labelled datasets, which are rarely available in real-life situations. Transfer learning is therefore studied in order to train machine learning models on large labeled datasets, then finetune them on benign traffic of the network to be monitored. This method also has flaws since the models learn from already known attacks, and therefore do not actually perform anomaly detection. Thus, a new solution based on unsupervised learning is proposed. It uses network protocol header analysis to model normal traffic behavior. Anomalies detected are then aggregated into attacks or ignored when isolated. Finally, the detection of network congestion is studied. The bandwidth utilization between different links is predicted in order to correct issues before they occur
Botes, Frans Hendrik. "Ant tree miner amyntas for intrusion detection." Thesis, Cape Peninsula University of Technology, 2018. http://hdl.handle.net/20.500.11838/2865.
Full textWith the constant evolution of information systems, companies have to acclimatise to the vast increase of data flowing through their networks. Business processes rely heavily on information technology and operate within a framework of little to no space for interruptions. Cyber attacks aimed at interrupting business operations, false intrusion detections and leaked information burden companies with large monetary and reputational costs. Intrusion detection systems analyse network traffic to identify suspicious patterns that intent to compromise the system. Classifiers (algorithms) are used to classify the data within different categories e.g. malicious or normal network traffic. Recent surveys within intrusion detection highlight the need for improved detection techniques and warrant further experimentation for improvement. This experimental research project focuses on implementing swarm intelligence techniques within the intrusion detection domain. The Ant Tree Miner algorithm induces decision trees by using ant colony optimisation techniques. The Ant Tree Miner poses high accuracy with efficient results. However, limited research has been performed on this classifier in other domains such as intrusion detection. The research provides the intrusion detection domain with a new algorithm that improves upon results of decision trees and ant colony optimisation techniques when applied to the domain. The research has led to valuable insights into the Ant Tree Miner classifier within a previously unknown domain and created an intrusion detection benchmark for future researchers.
Sawant, Ankush. "Time-based Approach to Intrusion Detection using Multiple Self-Organizing Maps." Ohio University / OhioLINK, 2005. http://www.ohiolink.edu/etd/view.cgi?ohiou1113833809.
Full textSohal, Amandeep Kaur. "A taxonomy-based approach to intrusion detection system." abstract and full text PDF (free order & download UNR users only), 2007. http://0-gateway.proquest.com.innopac.library.unr.edu/openurl?url_ver=Z39.88-2004&rft_val_fmt=info:ofi/fmt:kev:mtx:dissertation&res_dat=xri:pqdiss&rft_dat=xri:pqdiss:1446428.
Full textNwanze, Nnamdi Chike. "Anomaly-based intrusion detection using using lightweight stateless payload inspection." Diss., Online access via UMI:, 2009.
Find full textIncludes bibliographical references.
Tarim, Mehmet Cem. "A Faster Intrusion Detection Method For High-speed Computer Networks." Master's thesis, METU, 2011. http://etd.lib.metu.edu.tr/upload/12613246/index.pdf.
Full textYüksel, Ulaş Tuğlular Tuğkan. "Development of a Quality Assurance Prototype for Intrusion Detection Systems/." [s.l.]: [s.n.], 2002. http://library.iyte.edu.tr/tezler/master/bilgisayaryazilimi/T000131.pdf.
Full textTaub, Lawrence. "Application of a Layered Hidden Markov Model in the Detection of Network Attacks." NSUWorks, 2013. http://nsuworks.nova.edu/gscis_etd/320.
Full textTaylor, Adrian. "Anomaly-Based Detection of Malicious Activity in In-Vehicle Networks." Thesis, Université d'Ottawa / University of Ottawa, 2017. http://hdl.handle.net/10393/36120.
Full textTechateerawat, Piya, and piyat33@yahoo com. "Key distribution and distributed intrusion detection system in wireless sensor network." RMIT University. Electrical and Computer Systems Engineering, 2008. http://adt.lib.rmit.edu.au/adt/public/adt-VIT20080729.162610.
Full textJieke, Pan. "Cooperative Intrusion Detection For The Next Generation Carrier Ethernet." Master's thesis, Department of Informatics, University of Lisbon, 2008. http://hdl.handle.net/10451/13881.
Full textSatam, Pratik. "An Anomaly Behavior Analysis Intrusion Detection System for Wireless Networks." Thesis, The University of Arizona, 2015. http://hdl.handle.net/10150/595654.
Full textPattam, Shoban. "Enhancing Security in 802.11 and 802.1 X Networks with Intrusion Detection." ScholarWorks@UNO, 2006. http://scholarworks.uno.edu/td/1034.
Full textFragkos, Grigorios. "Near real-time threat assessment using intrusion detection system's data." Thesis, University of South Wales, 2011. https://pure.southwales.ac.uk/en/studentthesis/near-realtime-threat-assessment-using-intrusion-detection-systems-data(96a9528f-f319-4125-aaf0-71593bb61b56).html.
Full textRanang, Martin Thorsen. "An Artificial Immune System Approach to Preserving Security in Computer Networks." Thesis, Norwegian University of Science and Technology, Department of Computer and Information Science, 2002. http://urn.kb.se/resolve?urn=urn:nbn:no:ntnu:diva-255.
Full textIt is believed that many of the mechanisms present in the biological immune system are well suited for adoption to the field of computer intrusion detection, in the form of artificial immune systems. In this report mechanisms in the biological immune system are introduced, their parallels in artificial immune systems are presented, and how they may be applied to intrusion detection in a computer environment is discussed. An artificial immune system is designed, implemented and applied to detect intrusive behavior in real network data in a simulated network environment. The effect of costimulation and clonal proliferation combined with somatic hypermutation to perform affinity maturation of detectors in the artificial immune system is explored through experiments. An exact expression for the probability of a match between two randomly chosen strings using the r-contiguous matching rule is developed. The use of affinity maturation makes it possible to perform anomaly detection by using smaller sets of detectors with a high level of specificity while maintaining a high level of cover and diversity, which increases the number of true positives, while keeping a low level of false negatives.
Zhang, Tao. "RADAR: compiler and architecture supported intrusion prevention, detection, analysis and recovery." Diss., Available online, Georgia Institute of Technology, 2006, 2006. http://etd.gatech.edu/theses/available/etd-08042006-122745/.
Full textAhamad, Mustaque, Committee Member ; Pande, Santosh, Committee Chair ; Lee, Wenke, Committee Member ; Schwan, Karsten, Committee Member ; Yang, Jun, Committee Member.
Siddiqui, Abdul Jabbar. "Securing Connected and Automated Surveillance Systems Against Network Intrusions and Adversarial Attacks." Thesis, Université d'Ottawa / University of Ottawa, 2021. http://hdl.handle.net/10393/42345.
Full textFoster, Mark S. "Process forensics the crossroads of checkpointing and intrusion detection /." [Gainesville, Fla.] : University of Florida, 2004. http://purl.fcla.edu/fcla/etd/UFE0008063.
Full textMonteiro, Valter. "How intrusion detection can improve software decoy applications." Thesis, Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2003. http://library.nps.navy.mil/uhtbin/hyperion-image/03Mar%5FMonteiro.pdf.
Full textGarcía, Alfaro Joaquín. "Platform of intrusion management design and implementation." Doctoral thesis, Universitat Autònoma de Barcelona, 2006. http://hdl.handle.net/10803/3053.
Full textEsta tesis ha sido principalmente financiada por la Agencia de Gestión y Ayudas Universitarias y de Investigación (AGAUR) del Departamento de Universidades, Investigación y Sociedad de la Información (DURSI) de la Generalitat de Catalunya (num. de referencia 2003FI00126). El trabajo ha sido conjuntamente realizado en la Universitat Autònoma de Barcelona y la Ecole Nationale Superieure des Télécommunications de Bretagne.
Palabras clave: Políticas de seguridad, detección de intrusos, contramedidas, correlación de eventos, comunicación publish/subscribe, control de acceso, protección de componentes.
Since computer infrastructures are currently getting more vulnerable than ever, traditional security mechanisms are still necessary but not suficient. We need to design effective response techniques to circumvent intrusions when they are detected. We present in this dissertation the design of a platform which is intended to act as a central point to analyze and verify network security policies, and to control and configure -without anomalies or errors- both prevention and detection security components. We also present in our work a response mechanism based on a library that implements different types of countermeasures. The objective of such a mechanism is to be a support tool in order to help the administrator to choose, in this library, the appropriate counter-measure when a given intrusion occurs. We finally present an infrastructure for the communication between the components of our platform, as well as a mechanism for the protection of such components. All these approaches and proposals have been implemented and evaluated. We present the obtained results within the respectives sections of this dissertation.
This thesis has mainly been funded by the Agency for Administration of University and Research Grants (AGAUR) of the Ministry of Education and Universities (DURSI) of the Government of Catalonia (reference number 2003FI00126). The research was jointly carried out at the Universitat Autònoma de Barcelona and at the Ecole Nationale Superieure des Télécommunications de Bretagne.
Keywords: Security policies, intrusion detection, response, counter-measures, event correlation, communication publish/subscribe, access control, components protection.
Årnes, Andre. "Risk, Privacy, and Security in Computer Networks." Doctoral thesis, Norwegian University of Science and Technology, Faculty of Information Technology, Mathematics and Electrical Engineering, 2006. http://urn.kb.se/resolve?urn=urn:nbn:no:ntnu:diva-1725.
Full textWith an increasingly digitally connected society comes complexity, uncertainty, and risk. Network monitoring, incident management, and digital forensics is of increasing importance with the escalation of cybercrime and other network supported serious crimes. New laws and regulations governing electronic communications, cybercrime, and data retention are being proposed, continuously requiring new methods and tools.
This thesis introduces a novel approach to real-time network risk assessment based on hidden Markov models to represent the likelihood of transitions between security states. The method measures risk as a composition of individual hosts, providing a precise, fine-grained model for assessing risk and providing decision support for incident response. The approach has been integrated with an existing framework for distributed, large-scale intrusion detection, and the results of the risk assessment are applied to prioritize the alerts produced by the intrusion detection sensors. Using this implementation, the approach is evaluated on both simulated and real-world data.
Network monitoring can encompass large networks and process enormous amounts of data, and the practice and its ubiquity can represent a great threat to the privacy and confidentiality of network users. Existing measures for anonymization and pseudonymization are analyzed with respect to the trade-off of performing meaningful data analysis while protecting the identities of the users. The results demonstrate that most existing solutions for pseudonymization are vulnerable to a range of attacks. As a solution, some remedies for strengthening the schemes are proposed, and a method for unlinkable transaction pseudonyms is considered.
Finally, a novel method for performing digital forensic reconstructions in a virtual security testbed is proposed. Based on a hypothesis of the security incident in question, the testbed is configured with the appropriate operating systems, services, and exploits. Attacks are formulated as event chains and replayed on the testbed. The effects of each event are analyzed in order to support or refute the hypothesis. The purpose of the approach is to facilitate reconstruction experiments in digital forensics. Two examples are given to demonstrate the approach; one overview example based on the Trojan defense and one detailed example of a multi-step attack. Although a reconstruction can neither prove a hypothesis with absolute certainty, nor exclude the correctness of other hypotheses, a standardized environment combined with event reconstruction and testing can lend credibility to an investigation and can be a valuable asset in court.
La, Vinh Hoa. "Security monitoring for network protocols and applications." Thesis, Université Paris-Saclay (ComUE), 2016. http://www.theses.fr/2016SACLL006/document.
Full textComputer security, also known as cyber-security or IT security, is always an emerging topic in computer science research. Because cyber attacks are growing in both volume and sophistication, protecting information systems or networks becomes a difficult task. Therefore, researchers in research community give an ongoing attention in security including two main directions: (i)-designing secured infrastructures with secured communication protocols and (ii)-monitoring/supervising the systems or networks in order to find and re-mediate vulnerabilities. The former assists the later by forming some additional monitoring-supporting modules. Whilst, the later verifies whether everything designed in the former is correctly and securely functioning as well as detecting security violations. This is the main topic of this thesis.This dissertation presents a security monitoring framework that takes into consideration different types of audit dataset including network traffic and application logs. We propose also some novel approaches based on supervised machine learning to pre-process and analyze the data input. Our framework is validated in a wide range of case studies including traditional TCP/IPv4 network monitoring (LAN, WAN, Internet monitoring), IoT/WSN using 6LoWPAN technology (IPv6), and other applications' logs. Last but not least, we provide a study regarding intrusion tolerance by design and propose an emulation-based approach to simultaneously detect and tolerate intrusion.In each case study, we describe how we collect the audit dataset, extract the relevant attributes, handle received data and decode their security meaning. For these goals, the tool Montimage Monitoring Tool (MMT) is used as the core of our approach. We assess also the solution's performance and its possibility to work in "larger scale" systems with more voluminous dataset
Gu, Guofei. "Correlation-based Botnet Detection in Enterprise Networks." Diss., Georgia Institute of Technology, 2008. http://hdl.handle.net/1853/24634.
Full textJudd, John David. "Stream splitting in support of intrusion detection." Thesis, Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2003. http://library.nps.navy.mil/uhtbin/hyperion-image/03Jun%5FJudd.pdf.
Full textKalibjian, Jeffrey R. "APPLICATION OF INTRUSION DETECTION SOFTWARE TO PROTECT TELEMETRY DATA IN OPEN NETWORKED COMPUTER ENVIRONMENTS." International Foundation for Telemetering, 2000. http://hdl.handle.net/10150/606817.
Full textOver the past few years models for Internet based sharing and selling of telemetry data have been presented [1] [2] [3] at ITC conferences. A key element of these sharing/selling architectures was security. This element was needed to insure that information was not compromised while in transit or to insure particular parties had a legitimate right to access the telemetry data. While the software managing the telemetry data needs to be security conscious, the networked computer hosting the telemetry data to be shared or sold also needs to be resistant to compromise. Intrusion Detection Systems (IDS) may be used to help identify and protect computers from malicious attacks in which data can be compromised.
Zomlot, Loai M. M. "Handling uncertainty in intrusion analysis." Diss., Kansas State University, 2014. http://hdl.handle.net/2097/17603.
Full textDepartment of Computing and Information Sciences
Xinming Ou
Intrusion analysis, i.e., the process of combing through Intrusion Detection System (IDS) alerts and audit logs to identify true successful and attempted attacks, remains a difficult problem in practical network security defense. The primary cause of this problem is the high false positive rate in IDS system sensors used to detect malicious activity. This high false positive rate is attributed to an inability to differentiate nearly certain attacks from those that are merely possible. This inefficacy has created high uncertainty in intrusion analysis and consequently causing an overwhelming amount of work for security analysts. As a solution, practitioners typically resort to a specific IDS-rules set that precisely captures specific attacks. However, this results in failure to discern other forms of the targeted attack because an attack’s polymorphism reflects human intelligence. Alternatively, the addition of generic rules so that an activity with remote indication of an attack will trigger an alert, requires the security analyst to discern true alerts from a multitude of false alerts, thus perpetuating the original problem. The perpetuity of this trade-off issue is a dilemma that has puzzled the cyber-security community for years. A solution to this dilemma includes reducing uncertainty in intrusion analysis by making IDS-nearly-certain alerts prominently discernible. Therefore, I propose alerts prioritization, which can be attained by integrating multiple methods. I use IDS alerts correlation by building attack scenarios in a ground-up manner. In addition, I use Dempster-Shafer Theory (DST), a non-traditional theory to quantify uncertainty, and I propose a new method for fusing non-independent alerts in an attack scenario. Finally, I propose usage of semi-supervised learning to capture an organization’s contextual knowledge, consequently improving prioritization. Evaluation of these approaches was conducted using multiple datasets. Evaluation results strongly indicate that the ranking provided by the approaches gives good prioritization of IDS alerts based on their likelihood of indicating true attacks.