Tesi sul tema "Intrusion"
Segui questo link per vedere altri tipi di pubblicazioni sul tema: Intrusion.
Cita una fonte nei formati APA, MLA, Chicago, Harvard e in molti altri stili
Vedi i top-50 saggi (tesi di laurea o di dottorato) per l'attività di ricerca sul tema "Intrusion".
Accanto a ogni fonte nell'elenco di riferimenti c'è un pulsante "Aggiungi alla bibliografia". Premilo e genereremo automaticamente la citazione bibliografica dell'opera scelta nello stile citazionale di cui hai bisogno: APA, MLA, Harvard, Chicago, Vancouver ecc.
Puoi anche scaricare il testo completo della pubblicazione scientifica nel formato .pdf e leggere online l'abstract (il sommario) dell'opera se è presente nei metadati.
Vedi le tesi di molte aree scientifiche e compila una bibliografia corretta.
1
Olsson, Fredrik. "Intrusion Management". Thesis, Växjö University, School of Mathematics and Systems Engineering, 2006. http://urn.kb.se/resolve?urn=urn:nbn:se:vxu:diva-794.
Testo completoAbstract (sommario):
Information security is tasked with protecting the confidentiality, integrity, and availability of an organizations information resource. A key aspect in protecting these resources is developing an
understanding of the threats, vulnerabilities, and exposures that they face by using Risk Management.
The objective of Risk Management is to identify, quantify and manage information security risks to achieve organizations objectives through a number of tasks utilizing key Risk Management techniques.
Risk Management is a process that ensures that the impact of threats exploiting vulnerabilities is within acceptable limits and at an acceptable cost.
With the increased complexity of modern dynamic networks, traditional defence mechanisms are failing and as a result cyber crime is on the rise [FBI03]. This puts organizations and corporations at risk as the defences are ill-fitted and weak [KBM04].
No information system can be absolutely secure, especially large and complex systems. Embedded security works for isolated, dedicated systems with few users but does not offer cost effective security, and even worse does not always handle security based on a real threat (this is manly due to it inherent inflexibility). A military strategy within the field of information operations suggests a method of information superiority bases on the OODA-loop. This theses propose a method of information security protection based on a combination of risk management techniques and information operation (foremost the OODA-loop). This is in order to ensure a cost effective and a viable future for information security in large
and complex systems, where the war at least at present time is lost to the “black hats”, a term often used to describe a menaced hacker.
2
Jim, Nilsson. "Fracture characterization in magmatic rock, a case study of the Sosa-dyke (Neuquén Basin, Argentina)". Thesis, Uppsala universitet, Institutionen för geovetenskaper, 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:uu:diva-411548.
Testo completoAbstract (sommario):
There are many examples worldwide were fossil magmatic intrusions influence the local water and energy supply. Due to that intrusions can act as a conductor and a reservoir, but also as a barrier for fluids and gases in the ground. The decisive feature between conductor or barrier in an intrusion is its fracture network. Hence it is of paramount importance to characterize an intrusion’s fracture network and thus its permeability. However, other than through boreholes magmatic intrusions are rather inaccessible and very little is known about their influence on aquifers and reservoir rocks in the underground. It is therefore important to increase the knowledge of magmatic intrusion by investigate the intrusions that are accessible for us at ground surface. In this study, photos from a case study about the Sosa dyke have been used to map and characterizes the fractures of the Sosa dyke, which is an accessible vertical magmatic intrusion and a part of the Chachahuén volcano complex in the southwestern parts of Argentina. The photos that were used are taken with an UAV (unmanned aerial vehicle), and to analyze the photos, map the fractures and produce the results, software as Agisoft Metashape, MOVE™ and MATLAB with the toolbox FracPaQ was used. The intrusion has two distinct fracture sets, one that is perpendicular to the intrusion margins and one that stretches parallel with the intrusion. The connectivity of the fractures is low, and since the permeability of the fractures largely depends on the connectivity, it is also low. The fracture set that is perpendicular to the intrusion margin is what’s called cooling fractures, which is created as the magma in the intrusion cools. This causes the magma to contract and break, forming fractures perpendicular to the inward migrating solidification front. The fracture set that is parallel with the intrusion is caused by minerals in the magma flow being affected by friction from the intrusion margins. This causes the minerals in the magma to elongate in the direction of flow along the sides of the dyke, creating foliation, enabling fractures to propagate along. These fracture sets are poorly connected which concludes that the mapped area of the Sosa-dyke has a low permeability.I hela världen finns det många exempel där stelnade magmatiska intrusioner påverka ett områdes vatten och energiförsörjning, på grund av att intrusioner kan agera som ledare och reservoarer men också som barriärer för vätskor och gaser in marken. Den avgörande faktorn mellan ledare och barriärer i en intrusion är dess spricknätverk. Därför är det viktigt att kartlägga och karakterisera en intrusions spricknätverk och därmed också få en uppfattning om dess permeabilitet. Magmatiska intrusioner är förutom genom borrhål ofta svåråtkomliga, det finns därför väldigt lite information om hur de påverkar akviferer och reservoarer i marken. Det är därför viktigt att öka kunskapen om magmatiska intrusioner genom att undersöka intrusionerna som är tillgängliga vid markytan. I denna studie har bilder från en fallstudie om Sosa Intrusionen använts för att kartera och karakterisera sprickor i Sosa intrusionen. Det är en vertikal magmatisk intrusion som är synlig på markytan, och en del av Chachahuén vulkan komplexet i sydvästra Argentina. Bilderna som användes är tagna med en UAV( unmanned aerial vehicle), och för att analysera bilderna, kartera sprickorna och producera resultaten, användes programmen Agisoft Metashape, MOVE™ och MATLAB med FracPaQ verktyget. Intrusionen har två distinkta sprickgrupper, en som är vinkelrät mot intrusionens kanter och en som går parallellt med kanterna. Konnektivitet mellan sprickorna är låg och eftersom permeabiliteten påverkas av konnektiviteten är den också låg. Sprickgruppen som är vinkelrätt mot intrusionskanten är så kallade kylningssprickor och bildas nät magman i intrusionen svalnar. Det leder till att magman kontraherar och spricker, och bildar sprickor som går inåt mot stelningsgränsen och därmed vinkelrätt mot intrusionskanten. Sprickgruppen som går parallellt med intrusionen bildas av att mineral i magmaströmmen påverkas av friktion från intrusionskanterna. Det gör att mineralen lägger sig och sträcks ut i samma riktning som magmaflödet, vilket när magman stelnar bildar svaghetszoner som sprickor kan fortplanta sig i. Dessa sprickgrupper har låg konnektivitet vilket gör att slutsatsen blir att det karterade området av Sosa intrusionen har låg permeabilitet.
3
Ferreira, Eduardo Alves. "Detecção autônoma de intrusões utilizando aprendizado de máquina". Universidade de São Paulo, 2011. http://www.teses.usp.br/teses/disponiveis/55/55134/tde-28072011-160306/.
Testo completoAbstract (sommario):
A evolução da tecnologia da informação popularizou o uso de sistemas computacionais para a automação de tarefas operacionais. As tarefas de implantação e manutenção desses sistemas computacionais, por outro lado, não acompanharam essa tendência de forma ágil, tendo sido, por anos, efetuadas de forma manual, implicando alto custo, baixa produtividade e pouca qualidade de serviço. A fim de preencher essa lacuna foi proposta uma iniciativa denominada Computação Autônoma, a qual visa prover capacidade de autogerenciamento a sistemas computacionais. Dentre os aspectos necessários para a construção de um sistema autônomo está a detecção de intrusão, responsável por monitorar o funcionamento e fluxos de dados de sistemas em busca de indícios de operações maliciosas. Dado esse contexto, este trabalho apresenta um sistema autônomo de detecção de intrusões em aplicações Web, baseado em técnicas de aprendizado de máquina com complexidade computacional próxima de linear. Esse sistema utiliza técnicas de agrupamento de dados e de detecção de novidades para caracterizar o comportamento normal de uma aplicação, buscando posteriormente por anomalias no funcionamento das aplicações. Observou-se que a técnica é capaz de detectar ataques com maior autonomia e menor dependência sobre contextos específicos em relação a trabalhos anterioresThe use of computers to automatically perform operational tasks is commonplace, thanks to the information technology evolution. The maintenance of computer systems, on the other hand, is commonly performed manually, resulting in high costs, low productivity and low quality of service. The Autonomous Computing initiative aims to approach this limitation, through selfmanagement of computer systems. In order to assemble a fully autonomous system, an intrusion detection application is needed to monitor the behavior and data flows on applications. Considering this context, an autonomous Web intrusion detection system is proposed, based on machine-learning techniques with near-linear computational complexity. This system is based on clustering and novelty detection techniques, characterizing an application behavior, to later pinpoint anomalies in live applications. By conducting experiments, we observed that this new approach is capable of detecting anomalies with less dependency on specific contexts than previous solutions
4
Stefanova, Zheni Svetoslavova. "Machine Learning Methods for Network Intrusion Detection and Intrusion Prevention Systems". Scholar Commons, 2018. https://scholarcommons.usf.edu/etd/7367.
Testo completoAbstract (sommario):
Given the continuing advancement of networking applications and our increased dependence upon software-based systems, there is a pressing need to develop improved security techniques for defending modern information technology (IT) systems from malicious cyber-attacks. Indeed, anyone can be impacted by such activities, including individuals, corporations, and governments. Furthermore, the sustained expansion of the network user base and its associated set of applications is also introducing additional vulnerabilities which can lead to criminal breaches and loss of critical data. As a result, the broader cybersecurity problem area has emerged as a significant concern, with many solution strategies being proposed for both intrusion detection and prevention. Now in general, the cybersecurity dilemma can be treated as a conflict-resolution setup entailing a security system and minimum of two decision agents with competing goals (e.g., the attacker and the defender). Namely, on the one hand, the defender is focused on guaranteeing that the system operates at or above an adequate (specified) level. Conversely, the attacker is focused on trying to interrupt or corrupt the system’s operation.
In light of the above, this dissertation introduces novel methodologies to build appropriate strategies for system administrators (defenders). In particular, detailed mathematical models of security systems are developed to analyze overall performance and predict the likely behavior of the key decision makers influencing the protection structure. The initial objective here is to create a reliable intrusion detection mechanism to help identify malicious attacks at a very early stage, i.e., in order to minimize potentially critical consequences and damage to system privacy and stability. Furthermore, another key objective is also to develop effective intrusion prevention (response) mechanisms. Along these lines, a machine learning based solution framework is developed consisting of two modules. Specifically, the first module prepares the system for analysis and detects whether or not there is a cyber-attack. Meanwhile, the second module analyzes the type of the breach and formulates an adequate response. Namely, a decision agent is used in the latter module to investigate the environment and make appropriate decisions in the case of uncertainty. This agent starts by conducting its analysis in a completely unknown milieu but continually learns to adjust its decision making based upon the provided feedback. The overall system is designed to operate in an automated manner without any intervention from administrators or other cybersecurity personnel. Human input is essentially only required to modify some key model (system) parameters and settings. Overall, the framework developed in this dissertation provides a solid foundation from which to develop improved threat detection and protection mechanisms for static setups, with further extensibility for handling streaming data.
5
Chatprechakul, Nattapron. "Improving performance of distributed network intrusion intrusion detection systems using mobile agents". Thesis, Cranfield University, 2005. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.423508.
Testo completo
6
Chevalier, Ronny. "Detecting and Surviving Intrusions : Exploring New Host-Based Intrusion Detection, Recovery, and Response Approaches". Thesis, CentraleSupélec, 2019. http://www.theses.fr/2019CSUP0003.
Testo completoAbstract (sommario):
Les systèmes informatiques, tels que les ordinateurs portables ou les systèmes embarqués, sont construits avec des couches de mécanismes de sécurité préventifs afin de réduire la probabilité qu’un attaquant les compromettent. Néanmoins, malgré des décennies d’avancées dans ce domaine, des intrusions surviennent toujours. Par conséquent, nous devons supposer que des intrusions auront lieu et nous devons construire nos systèmes afin qu’ils puissent les détecter et y survivre.Les systèmes d’exploitation généralistes sont déployés avec des mécanismes de détection d’intrusion, mais leur capacité à survivre à une intrusion est limitée. Les solutions de l’état de l’art nécessitent des procédures manuelles, comportent des pertes de disponibilité, ou font subir un fort coût en performance. De plus, les composants de bas niveau tels que le BIOS sont de plus en plus la cible d’attaquants cherchant à implanter des logiciels malveillants, furtifs, et résilients. Bien que des solutions de l’état de l’art garantissent l’intégrité de ces composants au démarrage, peu s’intéressent à la sécurité des services fournis par le BIOS qui sont exécutés au sein du System Management Mode (SMM).Ce manuscrit montre que nous pouvons construire des systèmes capables de détecter des intrusions au niveau du BIOS et y survivre au niveau du système d’exploitation. Tout d’abord, nous démontrons qu'une approche de survivabilité aux intrusions est viable et praticable pour des systèmes d’exploitation généralistes. Ensuite, nous démontrons qu'il est possible de détecter des intrusions au niveau du BIOS avec une solution basée sur du matérielComputing platforms, such as embedded systems or laptops, are built with layers of preventive security mechanisms to reduce the likelihood of attackers successfully compromising them. Nevertheless, given time and despite decades of improvements in preventive security, intrusions still happen. Therefore, systems should expect intrusions to occur, thus they should be built to detect and to survive them.Commodity Operating Systems (OSs) are deployed with intrusion detection solutions, but their ability to survive them is limited. State-of-the-art approaches from industry or academia either involve manual procedures, loss of availability, coarse-grained responses, or non-negligible performance overhead. Moreover, low-level components, such as the BIOS, are increasingly targeted by sophisticated attackers to implant stealthy and resilient malware. State-of-the-art solutions, however, mainly focus on boot time integrity, leaving the runtime part of the BIOS—known as the System Management Mode (SMM)—a prime target.This dissertation shows that we can build platforms that detect intrusions at the BIOS level and survive intrusions at the OS level. First, by demonstrating that intrusion survivability is a viable approach for commodity OSs. We develop a new approach that address various limitations from the literature, and we evaluate its security and performance. Second, by developing a hardware-based approach that detects attacks at the BIOS level where we demonstrate its feasibility with multiple detection methods
7
Vigo, John Louis Jr. "Wireless Intrusion Detection Sytem". ScholarWorks@UNO, 2004. http://scholarworks.uno.edu/td/203.
Testo completoAbstract (sommario):
The decrease in price and the ease of use of wireless network devices make them an attractive alternative to standard wired networks. However, the intrinsic insecurity of wireless media and weaknesses in the standards for use of wireless media leave wireless networks vulnerable to attacks from unauthorized users. The intrinsic insecurity of wireless media results from radio signals extending beyond the networks intended coverage area and the weaknesses in the standards result from the methods used for authorization and privacy. These insecurities restrict the use of wireless networks by entities that need a high level of security. This paper describes a Wireless Intrusion Detection System (WIDS) that provides additional security for 802.11b wireless networks. WIDS provides intrusion detection that can react to potential threats and locate an intruder through the use of intelligent access points equipped with rotating directional antennas.
8
Weigert, Stefan. "Community-Based Intrusion Detection". Doctoral thesis, Saechsische Landesbibliothek- Staats- und Universitaetsbibliothek Dresden, 2017. http://nbn-resolving.de/urn:nbn:de:bsz:14-qucosa-217677.
Testo completoAbstract (sommario):
Today, virtually every company world-wide is connected to the Internet. This wide-spread connectivity has given rise to sophisticated, targeted, Internet-based attacks. For example, between 2012 and 2013 security researchers counted an average of about 74 targeted attacks per day. These attacks are motivated by economical, financial, or political interests and commonly referred to as “Advanced Persistent Threat (APT)” attacks. Unfortunately, many of these attacks are successful and the adversaries manage to steal important data or disrupt vital services. Victims are preferably companies from vital industries, such as banks, defense contractors, or power plants. Given that these industries are well-protected, often employing a team of security specialists, the question is: How can these attacks be so successful?
Researchers have identified several properties of APT attacks which make them so efficient. First, they are adaptable. This means that they can change the way they attack and the tools they use for this purpose at any given moment in time. Second, they conceal their actions and communication by using encryption, for example. This renders many defense systems useless as they assume complete access to the actual communication content. Third, their
actions are stealthy — either by keeping communication to the bare minimum or by mimicking legitimate users. This makes them “fly below the radar” of defense systems which check for anomalous communication. And finally, with the goal to increase their impact or monetisation prospects, their attacks are targeted against several companies from the same industry. Since months can pass between the first attack, its detection, and comprehensive analysis, it is often too late to deploy appropriate counter-measures at businesses peers. Instead, it is much more likely that they have already been attacked successfully.
This thesis tries to answer the question whether the last property (industry-wide attacks) can be used to detect such attacks. It presents the design, implementation and evaluation of a community-based intrusion detection system, capable of protecting businesses at industry-scale. The contributions of this thesis are as follows. First, it presents a novel algorithm for community detection which can detect an industry (e.g., energy, financial, or defense industries) in Internet communication. Second, it demonstrates the design, implementation, and evaluation of a distributed graph mining engine that is able to scale with the throughput of the input data while maintaining an end-to-end latency for updates in the range of a few milliseconds. Third, it illustrates the usage of this engine to detect APT attacks against industries by analyzing IP flow information from an Internet service provider.
Finally, it introduces a detection algorithm- and input-agnostic intrusion detection engine which supports not only intrusion detection on IP flow but any other intrusion detection algorithm and data-source as well.
9
Jacoby, Grant Arthur. "Battery-Based Intrusion Detection". Diss., Virginia Tech, 2005. http://hdl.handle.net/10919/27092.
Testo completoAbstract (sommario):
This dissertation proposes an efficacious early warning system via a mobile host-based form of intrusion detection that can alert security administrators to protect their corporate network(s) by a novel technique that operates through the implementation of smart battery-based intrusion detection (B-bid) on mobile devices, such as PDAs, HandPCs and smart-phones by correlating attacks with their impact on device power consumption. A host intrusion detection engine (HIDE) monitors power behavior to detect potential intrusions by noting consumption irregularities and serves like a sensor to trigger other forms of protection. HIDE works in conjunction with a Scan Port Intrusion Engine (SPIE) that ascertains the IP and port source of the attack and with a host analysis signature trace engine (HASTE) that determines the energy signature of the attack and correlates it to a variety of the most common attacks to provide additional protection and alerts to both mobile hosts and their network.Ph. D.
10
Jacoby, Grant A. "Battery-based intrusion detection /". This resource online, 2005. http://scholar.lib.vt.edu/theses/available/etd-04212005-120840.
Testo completo
11
Nushart, Nathan. "Modeling Intrusive Geometries of a Shallow Crustal Intrusion: New Evidence From Mount Ellsworth, Utah". Scholar Commons, 2015. http://scholarcommons.usf.edu/etd/5753.
Testo completoAbstract (sommario):
Surface displacements resulting from upper-crustal intrusion of melt are a paramount concern for communities and facilities located in or near active volcanic areas (e.g. Campi Flegrei, Yucca Mtn.). Study of active intrusions such as Campi Flegrei, Italy west of Mt. Vesuvius, is limited to remote observations through geophysical/geodetic procedures. While the surface displacement due to melt emplacement at depth can easily be determined, the geometries and depth of intrusions are often based on simplified assumptions (e.g. spheres and prolate or oblate ellipsoids). These models benefit from data constraining both the geometries of the individual intrusions, and the kinematics and mechanics of deformation within the superstructure overlying the intrusions. Mount Ellsworth, a partially exposed sub-volcanic system, is an ideal natural laboratory for the study of near surface intrusions. The intrusions of the Henry Mountains are ideal because they were emplaced into relatively flat-lying stratigraphy of the Colorado Plateau, at a time when the stress field was largely isotropic. Previous geologic work done in the Henry Mountains, conducted by C.B. Hunt (1953) and Marie Jackson and Dave Pollard (1988), presents competing emplacement models (i.e. large batch intrusion or incremental sill growth), as well as, differing geologic map data and interpretations. Through a combination of 1:5000 scale field mapping and profile-oriented gravity study, we have produced detailed geologic maps and cross sections of Mt. Ellsworth assess the previous work done on Mt. Ellsworth with new datasets, as well as, evaluate criteria refining various emplacement models. Mapping results demonstrate that several of the assumptions made in models theorized by Hunt (1953) and Jackson and Pollard (1988), were inappropriately applied on Mt. Ellsworth. These assumptions include the thickness and separation of stratigraphic units, the size and distribution of sills and smaller intrusions, structural attitudes of beds and sills, and the presence of exposure of the main body of the intrusion. Gravity data collected on similar intrusions presented in Corry (1988) demonstrates the difficulty of obtaining a gravity anomaly on the wavelength of the assumed size of the intrusion. Forward gravity modeling of various potential geometries beneath Mount Ellsworth suggests that the anomalies are similar in shape with a magnitude between 16 and 20 mGal. Results from the gravity profiles collected for this study fail to predict an anomaly on the wavelength of the Mount Ellsworth intrusion and record a much more complicated anomaly than is presented by the forward models. By combining the stratigraphic data, structural data, and cross sections, it can be determined that the Mount Ellsworth intrusion is a laccolith with a floor 1.5 kilometers beneath the topographic surface, is 1 kilometer thick at its maximum, and has dimensions of 4 kilometers wide by 6 kilometers long.
12
Liao, Yihua. "Machine learning in intrusion detection /". For electronic version search Digital dissertations database. Restricted to UC campuses. Access is free to UC campus dissertations, 2005. http://uclibs.org/PID/11984.
Testo completo
13
Maier, Eric William. "Buried fiber optic intrusion sensor". Thesis, Texas A&M University, 2004. http://hdl.handle.net/1969.1/425.
Testo completoAbstract (sommario):
A distributed fiber optic intrusion sensor capable of detecting intruders from the pressure of their weight on the earth's surface was investigated in the laboratory and in field tests. The presence of an intruder above or in proximity to the buried sensor induces a phase shift in light propagating along the fiber which allows for the detection and localization of intrusions. Through the use of an ultra-stable erbium-doped fiber laser and phase sensitive optical time domain reflectometry, disturbances were monitored in long (several km) lengths of optical fiber. Narrow linewidth and low frequency drift in the laser were achieved through a combination of optical feedback and insulation of the laser cavity against environmental effects. The frequency drift of the laser, characterized using an all-fiber Mach Zehnder interferometer, was found to be less than 1 MHz/min, as required for operation of the intrusion detection system. Intrusions were simulated in a laboratory setting using a piezoelectric transducer to produce a controllable optical phase shift at the 2 km point of a 12 km path length. Interrogation of the distributed sensor was accomplished by repetitively gating light pulses from the stable laser into the sensing fiber. By monitoring the Rayleigh backscattered light with a photodetector and comparing traces with and without an induced phase shift, the phase disturbances were detected and located. Once the feasibility of such a sensor was proven in the laboratory, the experimental set up was transferred to Texas A&M's Riverside Campus. At the test site, approximately 40 meters of fiber optic cable were buried in a triangle perimeter and then spliced into the 12 km path length which was housed inside the test facility. Field tests were conducted producing results comparable to those found in the laboratory. Intrusions over this buried fiber were detectable on the φ-OTDR trace and could be localized to the intrusion point. This type of sensor has the potential benefits of heightened sensitivity, covertness, and greatly reduced cost over the conventional seismic, acoustic, infrared, magnetic, and fiber optic sensors for monitoring long (multi-km) perimeters.
14
Sainani, Varsha. "Hybrid Layered Intrusion Detection System". Scholarly Repository, 2009. http://scholarlyrepository.miami.edu/oa_theses/44.
Testo completoAbstract (sommario):
The increasing number of network security related incidents has made it necessary for the organizations to actively protect their sensitive data with network intrusion detection systems (IDSs). Detecting intrusion in a distributed network from outside network segment as well as from inside is a difficult problem. IDSs are expected to analyze a large volume of data while not placing a significant added load on the monitoring systems and networks. This requires good data mining strategies which take less time and give accurate results. In this study, a novel hybrid layered multiagent-based intrusion detection system is created, particularly with the support of a multi-class supervised classification technique. In agent-based IDS, there is no central control and therefore no central point of failure. Agents can detect and take predefined actions against malicious activities, which can be detected with the help of data mining techniques. The proposed IDS shows superior performance compared to central sniffing IDS techniques, and saves network resources compared to other distributed IDSs with mobile agents that activate too many sniffers causing bottlenecks in the network. This is one of the major motivations to use a distributed model based on a multiagent platform along with a supervised classification technique. Applying multiagent technology to the management of network security is a challenging task since it requires the management on different time instances and has many interactions. To facilitate information exchange between different agents in the proposed hybrid layered multiagent architecture, a low cost and low response time agent communication protocol is developed to tackle the issues typically associated with a distributed multiagent system, such as poor system performance, excessive processing power requirement, and long delays. The bandwidth and response time performance of the proposed end-to-end system is investigated through the simulation of the proposed agent communication protocol on our private LAN testbed called Hierarchical Agent Network for Intrusion Detection Systems (HAN-IDS). The simulation results show that this system is efficient and extensible since it consumes negligible bandwidth with low cost and low response time on the network.
15
Park, Chan-Hee. "Saltwater Intrusion in Coastal Aquifers". Diss., Georgia Institute of Technology, 2004. http://hdl.handle.net/1853/4857.
Testo completoAbstract (sommario):
Utilizing the analytical solution of the steady state sharp interface saltwater intrusion model in coastal aquifers, a multi-objective optimization formulation of pumping rates and well locations in a coastal aquifer is formulated to solve problems in water management practice. The proposed optimization problem uses progressive genetic algorithm technique and the method developed is applied to the previous work of Cheng et al. [2000]. Through this analysis, several other applications are provided to demonstrate the use of the model in practical applications. This work is the first to optimize pumping rates as well as well locations simultaneously in coastal aquifer management.
Known the limitation of the analytical solution, the work is expanded to cover the physics of saltwater intrusion in a more realistic way. This is variable density flow in a variably saturated porous medium. In this method, mixing between two fluids such as saltwater and freshwater can be described and the porous medium is also expanded to cover saturated and unsaturated zones together. One of the objectives is to develop a three dimensional physical model, verify the model, and apply to various applications in coastal aquifers.
The developed model, TechFlow, is used to investigate instability issues associated with the numerical solution of the Elder problem in the perspective that includes physical instability issues associated with density differences used in numerical solutions, sensitivity of the solution to idealization irregularity, and the importance of accurate estimation of the velocity field and its association to the grid density levels that is necessary to solve the problem accurately.
Saltwater intrusion hydrodynamics in a beach under the influence of tidal effects is also investigated using TechFlow. Based on the results of TechFlow with the use of various boundary conditions for the transport equation, the saltwater intrusion hydrodynamics in a beach under the influence of tidal effects shows unique dynamics. These solutions are primarily affected by density differences, tidal effects on a mild slope, variably saturated porous medium and finite domain solution condition. TechFlow is also used to investigate saltwater upconing beneath pumping wells both two- and three-dimensional applications.
16
Kayahan, Hüseyin. "INTRUSION EXECUTION SYSTEMS : Prototype: IMPETUS". Thesis, Linnéuniversitetet, Institutionen för datavetenskap (DV), 2013. http://urn.kb.se/resolve?urn=urn:nbn:se:lnu:diva-29546.
Testo completoAbstract (sommario):
In nature, it is inspiring to observe such an extensive variety of defensive skills distributed among species. The speed of an antelope, and the sting of a scorpion, wasp or a bee are some examples of such defensive tools or mechanisms important to survive against predators. However sophisticated the skills or tools are, the correct accurate use and on-time triggering of those tools is a matter of life and death for animals. With those defensive measures, animals come with a complementary ability called "vigilance". Vigilance is costly and the human tries to minimize vigilant behaviour in every aspect of life. The absence of vigilance, or negligence in other words, allows humans to spend more time and cognition on matters that he or she wants rather than on problems that need time. The human has an inherent and intricate mechanism that determine the vigilance level required for a particular problem. The consequences of the lack of vigilance in a work environment, more especially in the Information Technologies Security field are catastrophic and even lethal as humanity becomes an increasingly associated habitant of cyberspace ecosystem. Intrusion Execution Systems (IES) which is one of my conceptual propositions in this research, is my approach to reduce negligent behaviour in IT Security personnel. Impetus is the name of the first prototype for IES concept with limitations, which is included in this research. Impetus can successfully achieve desired behaviour in test environment, however the conceptual propositions in this research among with Impetus, should further be experimented in real-world in order to be convinced of its effectiveness.
17
Wilden, Matthew Kyle. "The intrusion collector and emulator". [Ames, Iowa : Iowa State University], 2007.
Cerca il testo completo
18
Lekkas, Stavros. "Evolving intelligent intrusion detection systems". Thesis, University of Manchester, 2009. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.503075.
Testo completoAbstract (sommario):
The vast majority of existing Intrusion Detection Systems incorporates static knowledge bases, which contain information about specific attack patterns. Although such knowledge bases can gradually expand, yet they have required the close maintenance of an expert, letting alone the possibility that the knowledge base might overload and tinally run over. Furthermore, most of the existing quantitative methods for intrusion detection require the data records to be processed in offline mode, as a batch. Unfortunately this allows only a snapshot of the actual domain to be analysed. On top of that, should new data records become available they require cost-sensitive calculations due to the fact that re-learning is ineffective for real-time applications. The prospective application of evolving nature-inspired intelligent behavior in conjunction with network intrusion detection is an attractive field which overcomes these problems, but which contains open questions remaining to be answered. A standalone Network Intrusion Detection System, which is capabk of evolving its knowledge structure and parameters in order to prevent both known and novel intrusions. is still not available. Initially, this thesis reviews a methodology for evolving fuzzy classification. which allows data to be processed in online mode by recursively modifying a fuzzy rule base on a per-sample basis. The incremental adaptation is gradually developed by the int1uence of the input data, which arrive from a data stream in succession. Recent studies have shown that the eClass algorithms are a promising elucidation since they have been extensively used for control applications and are also suitable for real-time classification tasks. such as fault detection, diagnosis, robotic navigation ctc. Finally, it is revealed that the relative eClass architecture can be further improved in terms of the predictive accuracy and that it can be effectively applied on behalf of network diagnostics. The improved algorithm is finally compared to others and seems to outperform many well-known methods and to be adequately competent.
19
Jolly, Richard J. H. "Mechanisms of igneous sheet intrusion". Thesis, University of Southampton, 1996. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.242207.
Testo completo
20
Bucks, Romola Starr. "Intrusion errors in Alzheimer's disease". Thesis, University of Bristol, 1998. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.285578.
Testo completo
21
Nazarchuk, Alex. "Water intrusion in underground structures". Thesis, Massachusetts Institute of Technology, 2008. http://hdl.handle.net/1721.1/43880.
Testo completoAbstract (sommario):
Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Civil and Environmental Engineering, 2008.Includes bibliographical references (p. 119-124).
This thesis presents a study of the permissible groundwater infiltration rates in underground structures, the consequences of this leakage and the effectiveness of mitigation measures. Design guides and codes do not restrict, address or make clear recommendations for permissible inflows in underground space. Owners, with the help of engineers, typically make decisions based on costs or specifications from past projects without looking at consequences of excessive groundwater infiltration and mitigation costs. The Author has reviewed the published leakage rates for tunnels in comparison with current international standards. After examining over one-hundred case studies, the Author infers that water leakage is the principal damage causing degradation on tunnel linings. International standards for permissible leakage rates (transit tunnels) are consistent with class A definitions of CIRIA (1979) and are approximately 0.1-2 gpm/100,000 SF (0.05-1.2 Uday/SM). The most common cause of leakage (based on numerous case studies) in cast-in-place lining is due to cracks that develop from shrinkage of concrete during curing and to the inability of the structure to accommodate movements due to thermal changes. Individual sources of leakage may be allowable within the permissible rates, however can cause damage to tunnel structure and to the surrounding environment (consolidation and differential settlement). Spalling is one of most common structural damages due to groundwater infiltration. The presence of water can cause unpleasant stains, resulting in erosion and corrosion over time. Formation of icicles, ice and water ponding can affect public safety in a tunnel and jeopardize operations. To mitigate leakage in underground structures and tunnels one may control and/or eliminate the inflow.
(cont.) Chemical grouting is one of the most common measures. However, its application has been unsuccessful in 43% of cases reported by ITA-AITES (2001). Inappropriate material selection for each particular application is major contributing factor for the lack of success. The Author focused this thesis on highway and rail tunnels, and established recommended permissible leakage rates for such underground structures based on international standards and experiences. These recommended rates can serve as guidelines for future tunnel design specifications or to compare recorded inflow rates with international standards.
by Alex Nazarchuk.
M.Eng.
22
Dehnert, Alexander Worthington. "Using VProbes for intrusion detection". Thesis, Massachusetts Institute of Technology, 2013. http://hdl.handle.net/1721.1/85414.
Testo completoAbstract (sommario):
Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2013.Cataloged from PDF version of thesis.
Includes bibliographical references (pages 89-90).
Many current intrusion detection systems (IDSes) are vulnerable to intruders because they are running under the same operating system (OS) as a potential attacker. Since an attacker will often be attempting to co-opt the OS, this leaves the IDS vulnerable to subversion by the attacker. While some systems escape this threat, they typically do so by running the OS inside a modified hypervisor. This risks of adding new bugs that reduce the correctness or security of the hypervisor, and may make it harder to incorporate upstream improvements. VMware has a technology called VProbes that allows setting breakpoints, examining machine state, and inspecting memory from a VM host. This thesis introduces VProbe Instrumentation for VM Intrusion Detection (VIVID), which makes subverting the instrumentation much harder while still allowing the use of an off-the-shelf hypervisor.
by Alexander Worthington Dehnert.
M. Eng.
23
Maharjan, Nadim, e Paria Moazzemi. "Telemetry Network Intrusion Detection System". International Foundation for Telemetering, 2012. http://hdl.handle.net/10150/581632.
Testo completoAbstract (sommario):
ITC/USA 2012 Conference Proceedings / The Forty-Eighth Annual International Telemetering Conference and Technical Exhibition / October 22-25, 2012 / Town and Country Resort & Convention Center, San Diego, CaliforniaTelemetry systems are migrating from links to networks. Security solutions that simply encrypt radio links no longer protect the network of Test Articles or the networks that support them. The use of network telemetry is dramatically expanding and new risks and vulnerabilities are challenging issues for telemetry networks. Most of these vulnerabilities are silent in nature and cannot be detected with simple tools such as traffic monitoring. The Intrusion Detection System (IDS) is a security mechanism suited to telemetry networks that can help detect abnormal behavior in the network. Our previous research in Network Intrusion Detection Systems focused on "Password" attacks and "Syn" attacks. This paper presents a generalized method that can detect both "Password" attack and "Syn" attack. In this paper, a K-means Clustering algorithm is used for vector quantization of network traffic. This reduces the scope of the problem by reducing the entropy of the network data. In addition, a Hidden-Markov Model (HMM) is then employed to help to further characterize and analyze the behavior of the network into states that can be labeled as normal, attack, or anomaly. Our experiments show that IDS can discover and expose telemetry network vulnerabilities using Vector Quantization and the Hidden Markov Model providing a more secure telemetry environment. Our paper shows how these can be generalized into a Network Intrusion system that can be deployed on telemetry networks.
24
Zomlot, Loai M. M. "Handling uncertainty in intrusion analysis". Diss., Kansas State University, 2014. http://hdl.handle.net/2097/17603.
Testo completoAbstract (sommario):
Doctor of PhilosophyDepartment of Computing and Information Sciences
Xinming Ou
Intrusion analysis, i.e., the process of combing through Intrusion Detection System (IDS) alerts and audit logs to identify true successful and attempted attacks, remains a difficult problem in practical network security defense. The primary cause of this problem is the high false positive rate in IDS system sensors used to detect malicious activity. This high false positive rate is attributed to an inability to differentiate nearly certain attacks from those that are merely possible. This inefficacy has created high uncertainty in intrusion analysis and consequently causing an overwhelming amount of work for security analysts. As a solution, practitioners typically resort to a specific IDS-rules set that precisely captures specific attacks. However, this results in failure to discern other forms of the targeted attack because an attack’s polymorphism reflects human intelligence. Alternatively, the addition of generic rules so that an activity with remote indication of an attack will trigger an alert, requires the security analyst to discern true alerts from a multitude of false alerts, thus perpetuating the original problem. The perpetuity of this trade-off issue is a dilemma that has puzzled the cyber-security community for years. A solution to this dilemma includes reducing uncertainty in intrusion analysis by making IDS-nearly-certain alerts prominently discernible. Therefore, I propose alerts prioritization, which can be attained by integrating multiple methods. I use IDS alerts correlation by building attack scenarios in a ground-up manner. In addition, I use Dempster-Shafer Theory (DST), a non-traditional theory to quantify uncertainty, and I propose a new method for fusing non-independent alerts in an attack scenario. Finally, I propose usage of semi-supervised learning to capture an organization’s contextual knowledge, consequently improving prioritization. Evaluation of these approaches was conducted using multiple datasets. Evaluation results strongly indicate that the ranking provided by the approaches gives good prioritization of IDS alerts based on their likelihood of indicating true attacks.
25
Sonbul, O., M. Byamukama, S. Alzebda e A. N. Kalashnikov. "Autonomous intrusion detection information system". Thesis, Сумський державний університет, 2012. http://essuir.sumdu.edu.ua/handle/123456789/28777.
Testo completoAbstract (sommario):
Abstract – Implementation of security arrangements for insecure premises, for example, for temporary exhibitions or infrequent public events, usually results in substantial security personnel costs which can be potentially reduced by employing an easily installable ad hoc intrusion detection information system. In the paper we described the architecture, design and experimental results for a fully prototyped information system that utilizes ultrasonic sensors operating in the pulse echo mode for the perimeter control and ZigBee transceivers for wireless networking. The system consists of inexpensive autonomous sensor nodes with the component cost of less than £25 and a control terminal with a graphical user interface controlled by a touch screen. The nodes are programmed wirelessly to detect intrusion within any user set distance up to the operating distance of the node, and can operate unattended for days.
When you are citing the document, use the following link http://essuir.sumdu.edu.ua/handle/123456789/28777
26
Ademi, Muhamet. "Web-Based Intrusion Detection System". Thesis, Malmö högskola, Fakulteten för teknik och samhälle (TS), 2013. http://urn.kb.se/resolve?urn=urn:nbn:se:mau:diva-20271.
Testo completoAbstract (sommario):
Web applications are growing rapidly and as the amount of web sites globallyincreases so do security threats. Complex applications often interact with thirdparty services and databases to fetch information and often interactions requireuser input. Intruders are targeting web applications specifically and they are ahuge security threat to organizations and a way to combat this is to haveintrusion detection systems. Most common web attack methods are wellresearched and documented however due to time constraints developers oftenwrite applications fast and may not implement the best security practices. Thisreport describes one way to implement a intrusion detection system thatspecifically detects web based attacks.
27
Semerci, Hakan Tuğlular Tuğkan. "Analysis of intrusion prevention methods/". [s.l.]: [s.n.], 2004. http://library.iyte.edu.tr/tezler/master/bilgisayaryazilimi/T000579.pdf.
Testo completo
28
Molina, Jesus. "Evaluating host intrusion detection systems". College Park, Md.: University of Maryland, 2007. http://hdl.handle.net/1903/7697.
Testo completoAbstract (sommario):
Thesis (Ph. D.) -- University of Maryland, College Park, 2007.Thesis research directed by: Dept. of Electrical and Computer Engineering. Title from t.p. of PDF. Includes bibliographical references. Published by UMI Dissertation Services, Ann Arbor, Mich. Also available in paper.
29
Lydon, Andrew. "Compilation For Intrusion Detection Systems". Ohio University / OhioLINK, 2004. http://www.ohiolink.edu/etd/view.cgi?ohiou1088179093.
Testo completo
30
Mohajer, Soltani Aria. "Users Perceptions on Computer Intrusion". Thesis, Linköpings universitet, Institutionen för datavetenskap, 2016. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-130996.
Testo completoAbstract (sommario):
This thesis is built on the hypothesis that the average computer user has very little understanding regarding computer intrusion. Due to the prevalence of computers in our day and age, the prospect of users lacking even basic knowledge regarding something a user is at risk of encountering almost daily is worrying. This thesis presents the discrepancies between how computer intrusion occurs and how the average user believes computer intrusion occurs. It does this by conducting a series of qualitative interviews with interviewees having wide ranges of experience and knowledge regarding computer intrusion, quantifying their answers, and comparing the data to existing statistics on the topic. This thesis found that the average user does indeed understand very little about computer intrusion. When asked how they believe it occurs, they in general either gave very vague answers and were unable to elaborate, or gave answers that correspond to a movie or TV show stereotype of computer hacking, with nerdy hackers rapidly tapping on their keyboards causing their computer screens to flash with bright colors and fancy graphics. Furthermore, this thesis also found that even in users who had extensive experience working within IT or with computing, a clear lack of knowledge in many areas could be observed. Additionally, this thesis also managed to reach some additional interesting conclusions based on the data gathered that were not originally the goal of the survey, such as the fact that many users seem to be far more susceptible to phising on social media as compared to email, and that users completely misunderstand the motives of people who perform computer intrusion.
31
Gandre, Amit Prafullachandra. "Implementation of a policy-based intrusion detection system--Generic Intrusion Detection Model (GIDEM version 1.1)". [Gainesville, Fla.] : University of Florida, 2001. http://purl.fcla.edu/fcla/etd/UFE0000317.
Testo completoAbstract (sommario):
Thesis (M.S.)--University of Florida, 2001.Title from title page of source document. Document formatted into pages; contains vi, 66 p.; also contains graphics. Includes vita. Includes bibliographical references.
32
Thiago, Vinicius da Silva. "Arquitetura multi-agentes para detecção de intrusão distribuida". reponame:Repositório Institucional da UFC, 2012. http://www.repositorio.ufc.br/handle/riufc/18655.
Testo completoAbstract (sommario):
THIAGO, Vinicius da Silva. Arquitetura multi-agentes para detecção de intrusão distribuida. 2012. 101 f. Dissertação (Mestrado em ciência da computação)- Universidade Federal do Ceará, Fortaleza-CE, 2012.Submitted by Elineudson Ribeiro (elineudsonr@gmail.com) on 2016-07-12T18:46:20Z No. of bitstreams: 1 2012_dis_vsthiago.pdf: 6549625 bytes, checksum: 57aa3af5bfc03f007d9bea048190cfb7 (MD5)
Approved for entry into archive by Rocilda Sales (rocilda@ufc.br) on 2016-07-22T12:47:27Z (GMT) No. of bitstreams: 1 2012_dis_vsthiago.pdf: 6549625 bytes, checksum: 57aa3af5bfc03f007d9bea048190cfb7 (MD5)
Made available in DSpace on 2016-07-22T12:47:27Z (GMT). No. of bitstreams: 1 2012_dis_vsthiago.pdf: 6549625 bytes, checksum: 57aa3af5bfc03f007d9bea048190cfb7 (MD5) Previous issue date: 2012
The growing concern about information security in computer networks is responsible for constantly producing new ways to defend them. Within this context, the development of new ways of intrusion detection plays an important role in protecting the information. Detection systems must be efficient and, at the same time, must not overload the network or the processing capabilities of the nodes within it. In order to be effective, a system must base its decisions on as many sources of information as possible and organize knowledge in a way that allows a functional communication between those sources. This dissertation describes the proposal for a Distributed Intrusion Detection System architecture that uses mobile agents and an ontology for information sharing. Mobile agents provide a convenient way to distribute the detection process, enabling peer to peer cooperation between network nodes without generating much additional traffic. The ontology provides an organized way of storing and sharing knowledge. The proposed architecture has been implemented using the Java programming language and JADE framework and a test laboratory has been assembled to verify the operation of the system. The tests results confirmed that a distributed multi-agent architecture that uses an ontology can be effective in detecting attacks on networks and systems.
A crescente preocupação com a segurança da informação em redes de computadores é responsável por produzir constantemente novas formas de defender as mesmas. Dentro desse contexto, o desenvolvimento de novas formas de detecção de intrusão assume um papel muito importante na proteção das informações. Os sistemas de detecção de intrusão precisam ser eficientes e ao mesmo tempo não devem sobrecarregar a rede ou a capacidade de processamento dos nós que a compõem. Com o objetivo de ser eficiente, um sistema deve basear as suas decisões em tantas fontes de informação quanto forem possíveis e organizar o conhecimento de forma que permita uma comunicação funcional entre essas fontes. Este trabalho descreve a proposta de uma arquitetura de um Sistema de Detecção de Intrusão Distribuído que utiliza agentes móveis e uma ontologia para o compartilhamento da informação. Os agentes móveis proporcionam uma maneira prática de distribuir o processo de detecção, possibilitando cooperação ponto a ponto entre os nós da rede sem gerar muito tráfego adicional. A ontologia fornece uma maneira organizada de armazenar e compartilhar o conhecimento. A arquitetura proposta foi implementada utilizando a linguagem de programação Java e o framework JADE e foi montado um laboratório de testes para verificar o funcionamento do sistema. Os resultados obtidos com os testes confirmaram que uma arquitetura distribuída multi-agentes que faz uso de uma ontologia pode ser eficiente na detecção de ataques a redes e sistemas.
33
Sreekar, Shenoy Govind. "Architecture support for intrusion detection systems". Doctoral thesis, Universitat Politècnica de Catalunya, 2012. http://hdl.handle.net/10803/124705.
Testo completoAbstract (sommario):
System security is a prerequisite for efficient day-to-day transactions. As a consequence, Intrusion Detection Systems (IDS) are commonly used to provide an effective security ring to systems in a network. An IDS operates by inspecting packets flowing in the network for malicious content. To do so, an IDS like Snort[49] compares bytes in a packet with a database of prior reported attacks. This functionality can also be viewed as string matching of the packet bytes with the attack string database.
Snort commonly uses the Aho-Corasick algorithm[2] to detect attacks in a packet. The Aho-Corasick algorithm works by first constructing a Finite State Machine (FSM) using the attack string database. Later the FSM is traversed with the packet bytes. The main advantage of this algorithm is that it provides a linear time search irrespective of the number of strings in the database. The issue however lies in devising a practical implementation. The FSM thus constructed gets very bloated in terms of the storage size, and so is area inefficient. This also affects its performance efficiency as the memory footprint also grows. Another issue is the limited scope for exploiting any parallelism
due to the inherent sequential nature in a FSM traversal.
This thesis explores hardware and software techniques to accelerate attack detection using the Aho-Corasick algorithm. In the first part of this thesis, we investigate techniques to improve the area and performance efficiency of an IDS. Notable among our contributions, includes a pipelined architecture that accelerates accesses to the most frequently accessed node in the FSM. The second part of this thesis studies the resilience of an IDS to evasion attempts. In an evasion attempt an adversary saturates the performance of an IDS to disable it, and thereby gain access to the network. We explore an evasion attempt that significantly degrades the performance of the Aho-Corasick al-
gorithm used in an IDS. As a counter measure, we propose a parallel architecture that improves the resilience of an IDS to an evasion attempt. The final part of this thesis explores techniques to exploit the network traffic characteristic. In our study, we observe significant redundancy in the payload bytes. So we propose a mechanism to leverage this redundancy in the FSM traversal of the Aho-Corasick algorithm. We have also implemented our proposed redundancy-aware FSM traversal in Snort.
34
Abarca, Cameo Elena. "Seawater intrusion in complex geological environments". Doctoral thesis, Universitat Politècnica de Catalunya, 2006. http://hdl.handle.net/10803/6243.
Testo completoAbstract (sommario):
Modelling seawater intrusion (SWI) has evolved from a tool for understanding to a water management need. Yet, it remains a challenge. Difficulties arise from the assessment of dispersion coefficients and the complexity of natural systems that results in complicated aquifer geometries and heterogeneity in the hydraulic parameters. Addressing such difficulties is the objective of this thesis. Specifically, factors that may affect the flow and transport in coastal aquifers and produce heterogeneous salinity distributions are studied.First, a new paradigm for seawater intrusion is proposed since the current paradigm (the Henry problem) fails to properly reproduce observed SWI wedges. Mixing is represented by means of a velocity dependent dispersion tensor in the new proposed problem. Thereby, we denote it as "dispersive Henry problem". SWI is characterized in terms of the wedge penetration, width of the mixing zone and influx of seawater. We find that the width of the mixing zone depends basically on dispersion, with longitudinal and transverse dispersion controlling different parts of the mixing zone but displaying similar overall effects. The wedge penetration is mainly controlled by the horizontal permeability and by the geometric mean of the dispersivities. Transverse dispersivity and the geometric mean of the hydraulic conductivity are the leading parameters controlling the amount of salt that enters the aquifer.
Second, the effect of heterogeneity was studied by incorporating heterogeneity in the hydraulic permeability into the modified Henry problem. Results show that heterogeneity causes the toe to recede while increases both the width and slope of the mixing zone. The shape of the interface and the saltwater flux depends on the distribution of the permeability in each realization. However, the toe penetration and the width of the mixing zone do not show large fluctuations. Both variables are satisfactorily reproduced, in cases of moderate heterogeneity, by homogeneous media with equivalent permeability and either local or effective dispersivities.
Third, the effect of aquifer geometry in horizontally large confined aquifers was analyzed. Lateral slope turned out to be a critical factor. Lateral slopes in the seaside boundary of more than 3% cause the development of horizontal convection cells. The deepest zones act as preferential zones for seawater to enter the aquifer and preferential discharging zones are developed in the upwards lateral margins. A dimensionless number, Nby, has been defined to estimate the relative importance of this effect.
All these factors can be determinant to explain the evolution of salinity in aquifers such as the Main aquifer of the Llobregat delta. Finally, a management model of this aquifer is developed to optimally design corrective measures to restore the water quality of the aquifer. The application of two different optimization methodologies, a linear and a non-linear optimization method, allowed (1) to quantify the hydraulic efficiency of two potential corrective measures: two recharge ponds and a seawater intrusion barrier; (2) to determine the water necessary to be injected in each of these measures to restore the water quality of the aquifer while minimizing changes in the pumping regime and (3) to assess the sustainable pumping regime (with and without the implementation of additional measures) once the water quality has been restored. Shadow prices obtained from linear programming become a valuable tool to quantify the hydraulic efficiency of potential corrective measures to restore water quality in the aquifer.
35
Ringström, Saltin Markus. "Intrusion Detection Systems : utvärdering av Snort". Thesis, University of Skövde, School of Humanities and Informatics, 2009. http://urn.kb.se/resolve?urn=urn:nbn:se:his:diva-3081.
Testo completoAbstract (sommario):
Det här examensarbetet undersöker effektiviteten hos ett Intrusion Detection System(IDS). Ett IDS är ett system som skall upptäcka om klienter på ett nätverk attackerasav en ”hacker” eller om någon obehörig försöker inkräkta, ungefär som en vakthund.Det IDS som testats är Snort, ett mycket populärt IDS skrivet med öppen källkod.Syftet med studien är att kunna påvisa huruvida ett IDS är ett bra komplement till ettsystems säkerhet eller inte, då det gjorts väldigt få metodiska undersökningar avSnort, och IDS i allmänhet.Den studie som gjorts utfördes med hjälp av ett antal experiment i enlaborationsmiljö, där effektiviteten hos Snort sattes på prov med hjälp av olika typerav attacker.Utifrån det resultat som uppkom så går det att konstatera att ett IDS absolut är ettkomplement värt att överväga för en organisation som är villig att ägna de resursersom systemet kräver, då ett högt antal av de utförda attackerna upptäcktes – attackersom anti-virus eller brandväggar inte är skapade för att reagera på.
36
Riegel, Martin, e Claes Lyth Walsø. "Intrusion Detection in High-Speed Networks". Thesis, Norwegian University of Science and Technology, Department of Telematics, 2007. http://urn.kb.se/resolve?urn=urn:nbn:no:ntnu:diva-8785.
Testo completoAbstract (sommario):
This thesis investigates methods for implementing an intrusion detection system (IDS) in a high-speed backbone network. The work presented in this report is run in cooperation with Kripos and Uninett. The popular IDS software, Snort, is deployed and tested in Uninett's backbone network. In addition, the monitoring API (MAPI) is considered as a possible IDS implementation in the same environment. The experiments conducted in this report make use of the programmable DAG card, which is a passive monitoring card deployed on several monitoring sensors in Uninett's backbone. As a limitation of the workload, this report only focuses on the detection of botnets. Botnets are networks consisting of infected computers, and are considered to be a significant threat on the Internet as of today. A total of seven experiments using Snort are presented. These experiments test 1) the impact the number of rules have on Snort, 2) the importance of good configuration, 3)the importance of using well written rules, 4) Snort's ability to run in an environment with minimum external traffic, 5) the impact the size of the processed packets have, 6) the impact the TCP protocol has on packet processing and 7) Snort's ability to run as a botnet detection system for a longer period of time. Based on the results from these experiments, it is concluded that Snort is able to run as a botnet detection system in a high-speed network. This report also discusses some strategies for handling high-speed network data and some future aspects. In addition, ideas for further work and research are given in the end of the report.
37
Satam, Shalaka Chittaranjan, e Shalaka Chittaranjan Satam. "Bluetooth Anomaly Based Intrusion Detection System". Thesis, The University of Arizona, 2017. http://hdl.handle.net/10150/625890.
Testo completoAbstract (sommario):
Bluetooth is a wireless technology that is used to communicate over personal area networks (PAN). With the advent of Internet of Things (IOT), Bluetooth is the technology of choice for small and short range communication networks. For instance, most of the modern cars have the capability to connect to mobile devices using Bluetooth. This ubiquitous presence of Bluetooth makes it important that it is secure and its data is protected. Previous work has shown that Bluetooth is vulnerable to attacks like the man in the middle attack, Denial of Service (DoS) attack, etc. Moreover, all Bluetooth devices are mobile devices and thus power utilization is an import performance parameter. The attacker can easily increase power consumption of a mobile device by launching an attack vector against that device.
As a part of this thesis we present an anomaly based intrusion detection system for Bluetooth network, Bluetooth IDS (BIDS). The BIDS uses Ngram based approach to characterize the normal behavior of the Bluetooth protocol. Machine learning algorithms were used to build the normal behavior models for the protocol during the training phase of the system, and thus allowing classification of observed Bluetooth events as normal or abnormal during the operational phase of the system. The experimental results showed that the models that were developed in this thesis had a high accuracy with precision of 99.2% and recall of 99.5%.
38
Smith, Reuben. "Correlating intrusion alerts with unsupervised learning". Thesis, University of Ottawa (Canada), 2006. http://hdl.handle.net/10393/27179.
Testo completoAbstract (sommario):
Alert correlation systems attempt to discover the relationships between intrusion detection system (IDS) alerts to determine the motivation of attackers. IDSs are deployed to detect computer attacks against a network, but the output of IDSs is considered low level since a single attack can be represented by several alerts. An alert correlation system enables the intrusion analyst to find important alerts and filter false positives more efficiently.
We present an alert correlation system based on unsupervised machine learning algorithms that is accurate and low maintenance. The system is implemented in two stages of correlation. At the first stage of correlation alerts are grouped together such that each group forms one step of an attack. At the second stage the groups created at the first stage are combined such that each combination of groups contains the alerts of precisely one full attack. (Abstract shortened by UMI.)
39
Gupta, Kapil Kumar. "Robust and efficient intrusion detection systems". Connect to thesis, 2009. http://repository.unimelb.edu.au/10187/3588.
Testo completoAbstract (sommario):
Intrusion Detection systems are now an essential component in the overall network and data security arsenal. With the rapid advancement in the network technologies including higher bandwidths and ease of connectivity of wireless and mobile devices, the focus of intrusion detection has shifted from simple signature matching approaches to detecting attacks based on analyzing contextual information which may be specific to individual networks and applications. As a result, anomaly and hybrid intrusion detection approaches have gained significance. However, present anomaly and hybrid detection approaches suffer from three major setbacks; limited attack detection coverage, large number of false alarms and inefficiency in operation.In this thesis, we address these three issues by introducing efficient intrusion detection frameworks and models which are effective in detecting a wide variety of attacks and which result in very few false alarms. Additionally, using our approach, attacks can not only be accurately detected but can also be identified which helps to initiate effective intrusion response mechanisms in real-time. Experimental results performed on the benchmark KDD 1999 data set and two additional data sets collected locally confirm that layered conditional random fields are particularly well suited to detect attacks at the network level and user session modeling using conditional random fields can effectively detect attacks at the application level.
We first introduce the layered framework with conditional random fields as the core intrusion detector. Layered conditional random field can be used to build scalable and efficient network intrusion detection systems which are highly accurate in attack detection. We show that our systems can operate either at the network level or at the application level and perform better than other well known approaches for intrusion detection. Experimental results further demonstrate that our system is robust to noise in training data and handles noise better than other systems such as the decision trees and the naive Bayes. We then introduce our unified logging framework for audit data collection and perform user session modeling using conditional random fields to build real-time application intrusion detection systems. We demonstrate that our system can effectively detect attacks even when they are disguised within normal events in a single user session. Using our user session modeling approach based on conditional random fields also results in early attack detection. This is desirable since intrusion response mechanisms can be initiated in real-time thereby minimizing the impact of an attack.
40
Prasad, Praveen. "A dynamically reconfigurable intrusion detection system". NCSU, 2003. http://www.lib.ncsu.edu/theses/available/etd-05202003-181843/.
Testo completoAbstract (sommario):
This dissertation implements a Network Based Intrusion Detection System on a Dynamically Reconfigurable Architecture. The design is captured using synthesizable Verilog HDL. The Dynamically Reconfigurable Intrusion Detection System (DRIDS) addresses the challenges faced by typical applications that use Reconfigurable devices that do not exploit their full computational density because of the limited FPGA memory, inefficient FPGA utilization, processor to FPGA communication bottlenecks and high reconfiguration latencies. The implementation of Intrusion Detection on the DRIDS boasts of high computational density and better performance through the exploitation of parallelism inherent in this application.
41
Balon-Perin, Alexandre. "Ensemble-based methods for intrusion detection". Thesis, Norges teknisk-naturvitenskapelige universitet, Institutt for datateknikk og informasjonsvitenskap, 2012. http://urn.kb.se/resolve?urn=urn:nbn:no:ntnu:diva-20115.
Testo completoAbstract (sommario):
AbstractThe master thesis focuses on ensemble approaches applied to intrusion detection systems (IDSs). The ensemble approach is a relatively new trend in artificial intelligence in which several machine learning algorithms are combined. The main idea is to exploit the strengths of each algorithm of the ensemble to obtain a robust classifier. Moreover, ensembles are particularly useful when a problem can be segmented into subproblems. In this case, each module of the ensemble, which can include one or more algorithms, is assigned to one particular subproblem. Network attacks can be divided into four classes: denial of service, user to root, remote to local and probe. One module of the ensemble designed in this work is itself an ensemble of decision trees and is specialized on the detection of one class of attacks. The inner structure of each module uses bagging techniques to increase the accuracy of the IDS. Experiments showed that IDSs obtain better results when each class of attacks is treated as a separate problem and handled by specialized algorithms. This work have also concluded that these algorithms need to be trained with specific subsets of fea- tures selected according to their relevance to the class of attack being detected. The efficiency of ensemble approaches is also highlighted. In all experiments, the ensemble was able to bring down the number of false positives and false negatives. However, we also observed the limitations of the KDD99 dataset. In particular, the distribution of examples of remote to local attacks between the training set and test set made difficult the evaluation of the ensemble for this class of attack.
42
Jumaat, Nor Badrul Anuar. "Incident prioritisation for intrusion response systems". Thesis, University of Plymouth, 2012. http://hdl.handle.net/10026.1/909.
Testo completoAbstract (sommario):
The landscape of security threats continues to evolve, with attacks becoming more serious and the number of vulnerabilities rising. To manage these threats, many security studies have been undertaken in recent years, mainly focusing on improving detection, prevention and response efficiency. Although there are security tools such as antivirus software and firewalls available to counter them, Intrusion Detection Systems and similar tools such as Intrusion Prevention Systems are still one of the most popular approaches. There are hundreds of published works related to intrusion detection that aim to increase the efficiency and reliability of detection, prevention and response systems. Whilst intrusion detection system technologies have advanced, there are still areas available to explore, particularly with respect to the process of selecting appropriate responses. Supporting a variety of response options, such as proactive, reactive and passive responses, enables security analysts to select the most appropriate response in different contexts. In view of that, a methodical approach that identifies important incidents as opposed to trivial ones is first needed. However, with thousands of incidents identified every day, relying upon manual processes to identify their importance and urgency is complicated, difficult, error-prone and time-consuming, and so prioritising them automatically would help security analysts to focus only on the most critical ones. The existing approaches to incident prioritisation provide various ways to prioritise incidents, but less attention has been given to adopting them into an automated response system. Although some studies have realised the advantages of prioritisation, they released no further studies showing they had continued to investigate the effectiveness of the process. This study concerns enhancing the incident prioritisation scheme to identify critical incidents based upon their criticality and urgency, in order to facilitate an autonomous mode for the response selection process in Intrusion Response Systems. To achieve this aim, this study proposed a novel framework which combines models and strategies identified from the comprehensive literature review. A model to estimate the level of risks of incidents is established, named the Risk Index Model (RIM). With different levels of risk, the Response Strategy Model (RSM) dynamically maps incidents into different types of response, with serious incidents being mapped to active responses in order to minimise their impact, while incidents with less impact have passive responses. The combination of these models provides a seamless way to map incidents automatically; however, it needs to be evaluated in terms of its effectiveness and performances. To demonstrate the results, an evaluation study with four stages was undertaken; these stages were a feasibility study of the RIM, comparison studies with industrial standards such as Common Vulnerabilities Scoring System (CVSS) and Snort, an examination of the effect of different strategies in the rating and ranking process, and a test of the effectiveness and performance of the Response Strategy Model (RSM). With promising results being gathered, a proof-of-concept study was conducted to demonstrate the framework using a live traffic network simulation with online assessment mode via the Security Incident Prioritisation Module (SIPM); this study was used to investigate its effectiveness and practicality. Through the results gathered, this study has demonstrated that the prioritisation process can feasibly be used to facilitate the response selection process in Intrusion Response Systems. The main contribution of this study is to have proposed, designed, evaluated and simulated a framework to support the incident prioritisation process for Intrusion Response Systems.
43
Ibrahim, Tarik Mohamed Abdel-Kader. "Improving intrusion prevention, detection and response". Thesis, University of Plymouth, 2011. http://hdl.handle.net/10026.1/479.
Testo completoAbstract (sommario):
In the face of a wide range of attacks, Intrusion Detection Systems (IDS) and other Internet security tools represent potentially valuable safeguards to identify and combat the problems facing online systems. However, despite the fact that a variety of commercial and open source solutions are available across a range of operating systems and network platforms, it is notable that the deployment of IDS is often markedly less than other well-known network security countermeasures and other tools may often be used in an ineffective manner. This thesis considers the challenges that users may face while using IDS, by conducting a web-based questionnaire to assess these challenges. The challenges that are used in the questionnaire were gathered from the well-established literature. The participants responses varies between being with or against selecting them as challenges but all the listed challenges approved that they are consider problems in the IDS field. The aim of the research is to propose a novel set of Human Computer Interaction-Security (HCI-S) usability criteria based on the findings of the web-based questionnaire. Moreover, these criteria were inspired from previous literature in the field of HCI. The novelty of the criteria is that they focus on the security aspects. The new criteria were promising when they were applied to Norton 360, a well known Internet security suite. Testing the alerts issued by security software was the initial step before testing other security software. Hence, a set of security software were selected and some alerts were triggered as a result of performing a penetration test conducted within a test-bed environment using the network scanner Nmap. The findings reveal that four of the HCI-S usability criteria were not fully addressed by all of these security software. Another aim of this thesis is to consider the development of a prototype to address the HCI-S usability criteria that seem to be overlooked in the existing security solutions. The thesis conducts a practical user trial and the findings are promising and attempt to find a proper solution to solve this problem. For instance, to take advantage of previous security decisions, it would be desirable for a system to consider the user‟s previous decisions on similar alerts, and modify alerts accordingly to account for the user‟s previous behaviour. Moreover, in order to give users a level of flexibility, it is important to enable them to make informed decisions, and to be able to recover from them if needed. It is important to address the proposed criteria that enable users to confirm / recover the impact of their decision, maintain an awareness of system status all the time, and to offer responses that match users‟ expectations. The outcome of the current study is a set of a proposed 16 HCI-S usability criteria that can be used to design and to assess security alerts issued by any Internet security suite. These criteria are not equally important and they vary between high, medium and low.
44
NGUYEN, HONG NHUNG. "INTRUSION DETECTION IN WIRELESS SENSOR NETWORKS". Master's thesis, University of Central Florida, 2006. http://digital.library.ucf.edu/cdm/ref/collection/ETD/id/3318.
Testo completoAbstract (sommario):
There are several applications that use sensor motes and researchers continue to explore additional applications. For this particular application of detecting the movement of humans through the sensor field, a set of Berkley mica2 motes on TinyOS operating system is used. Different sensors such as pressure, light, and so on can be used to identify the presence of an intruder in the field. In our case, the light sensor is chosen for the detection. When an intruder crosses the monitored environment, the system detects the changes of the light values, and any significant change meaning that a change greater than a pre-defined threshold. This indicates the presence of an intruder. An integrated web cam is used to take snapshot of the intruder and transmit the picture through the network to a remote station. The basic motivation of this thesis is that a sensor web system can be used to monitor and detect any intruder in a specific area from a remote location.M.S.
Department of Electrical and Computer Engineering
Engineering and Computer Science
Computer Engineering
45
Song, Jingping. "Feature selection for intrusion detection system". Thesis, Aberystwyth University, 2016. http://hdl.handle.net/2160/3143de58-208f-405e-ab18-abcecfc8f33b.
Testo completoAbstract (sommario):
Intrusion detection is an important task for network operators in today?s Internet. Traditional network intrusion detection systems rely on either specialized signatures of previously seen attacks, or on labeled traffic datasets that are expensive and difficult to reproduce for user-profiling to hunt out network attacks. Machine learning methods could be used in this area since they could get knowledge from signatures or as normal-operation profiles. However, there is usually a large volume of data in intrusion detection systems, for both features and instances. Feature selection can be used to optimize the classifiers used to identify attacks by removing redundant or irrelevant features while improving the quality. In this thesis, six feature selection algorithms are developed, and their application to intrusion detection is evaluated. They are: Cascading Fuzzy C Means Clustering and C4.5 Decision Tree Classification Algorithm, New Evidence Accumulation Ensemble with Hierarchical Clustering Algorithm, Modified Mutual Information-based Feature Selection Algorithm, Mutual Information-based Feature Grouping Algorithm, Feature Grouping by Agglomerative Hierarchical Clustering Algorithm, and Online Streaming Feature Selection Algorithm. All algorithms are evaluated on the KDD 99 dataset, the most widely used data set for the evaluation of anomaly detection methods, and are compared with other algorithms. The potential application of these algorithms beyond intrusion detection is also examined and discussed.
46
Das, Kumar J. (Kumar Jay) 1978. "Attack development for intrusion detector evaluation". Thesis, Massachusetts Institute of Technology, 2000. http://hdl.handle.net/1721.1/9080.
Testo completoAbstract (sommario):
Thesis (S.B. and M.Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2000.Includes bibliographical references (p. 96-97).
An important goal of the 1999 DARPA Intrusion Detection Evaluation was to promote the development of intrusion detection systems that can detect new attacks. This thesis describes UNIX attacks developed for the 1999 DARPA Evaluation. Some attacks were new in 1999 and others were stealthy versions of 1998 User-to-Root attacks designed to evade network-based intrusion detection systems. In addition, new and old attacks were fragmented at the packet level to evade network-based intrusion detection systems. Results demonstrated that new and stealthy attacks were not detected well. New attacks that were never seen before were not detected by any network-based systems. Stealthy attacks, modified to be difficult to detect by network intrusion detection systems, were detected less accurately than clear versions. The best network-based system detected 42% of clear attacks and only 11% of stealthy attacks at 10 false alarms per day. A few attacks and background sessions modified with packet modifications eluded network intrusion detection systems causing them to generate false negatives and false positives due to improper TCP/IP reassembly.
by Kumar J. Das.
S.B.and M.Eng.
47
Chandra, Ramesh Ph D. Massachusetts Institute of Technology. "Automated intrusion recovery for web applications". Thesis, Massachusetts Institute of Technology, 2013. http://hdl.handle.net/1721.1/84883.
Testo completoAbstract (sommario):
Thesis (Ph. D.)--Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2013.Cataloged from PDF version of thesis.
Includes bibliographical references (pages 93-97).
In this dissertation, we develop recovery techniques for web applications and demonstrate that automated recovery from intrusions and user mistakes is practical as well as effective. Web applications play a critical role in users' lives today, making them an attractive target for attackers. New vulnerabilities are routinely found in web application software, and even if the software is bug-free, administrators may make security mistakes such as misconfiguring permissions; these bugs and mistakes virtually guarantee that every application will eventually be compromised. To clean up after a successful attack, administrators need to find its entry point, track down its effects, and undo the attack's corruptions while preserving legitimate changes. Today this is all done manually, which results in days of wasted effort with no guarantee that all traces of the attack have been found or that no legitimate changes were lost. To address this problem, we propose that automated intrusion recovery should be an integral part of web application platforms. This work develops several ideas-retroactive patching, automated UI replay, dependency tracking, patch-based auditing, and distributed repair-that together recover from past attacks that exploited a vulnerability, by retroactively fixing the vulnerability and repairing the system state to make it appear as if the vulnerability never existed. Repair tracks down and reverts effects of the attack on other users within the same application and on other applications, while preserving legitimate changes. Using techniques resulting from these ideas, an administrator can easily recover from past attacks that exploited a bug using nothing more than a patch fixing the bug, with no manual effort on her part to find the attack or track its effects. The same techniques can also recover from attacks that exploit past configuration mistakes-the administrator only has to point out the past request that resulted in the mistake. We built three prototype systems, WARP, POIROT, and AIRE, to explore these ideas. Using these systems, we demonstrate that we can recover from challenging attacks in real distributed web applications with little or no changes to application source code; that recovery time is a fraction of the original execution time for attacks with a few affected requests; and that support for recovery adds modest runtime overhead during the application's normal operation.
by Ramesh Chandra.
Ph.D.
48
Hastings, Joseph R. 1980. "Incremental Bayesian segmentation for intrusion detection". Thesis, Massachusetts Institute of Technology, 2003. http://hdl.handle.net/1721.1/28399.
Testo completoAbstract (sommario):
Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, February 2004.Includes bibliographical references (leaves 131-133).
This thesis describes an attempt to monitor patterns of system calls generated by a Unix host in order to detect potential intrusion attacks. Sequences of system calls generated by privileged processes are analyzed using incremental Bayesian segmentation in order to detect anomalous activity. Theoretical analysis of various aspects of the algorithm and empirical analysis of performance on synthetic data sets are used to tune the algorithm for use as an Intrusion Detection System.
by Joseph R. Hastings.
M.Eng.
49
Moten, Daryl, e Farhad Moazzami. "Telemetry Network Intrusion Detection Test Bed". International Foundation for Telemetering, 2013. http://hdl.handle.net/10150/579527.
Testo completoAbstract (sommario):
ITC/USA 2013 Conference Proceedings / The Forty-Ninth Annual International Telemetering Conference and Technical Exhibition / October 21-24, 2013 / Bally's Hotel & Convention Center, Las Vegas, NVThe transition of telemetry from link-based to network-based architectures opens these systems to new security risks. Tools such as intrusion detection systems and vulnerability scanners will be required for emerging telemetry networks. Intrusion detection systems protect networks against attacks that occur once the network boundary has been breached. An intrusion detection model was developed in the Wireless Networking and Security lab at Morgan State University. The model depends on network traffic being filtered into traffic streams. The streams are then reduced to vectors. The current state of the network can be determined using Viterbi analysis of the stream vectors. Viterbi uses the output of the Hidden Markov Model to find the current state of the network. The state information describes the probability of the network being in predefined normal or attack states based on training data. This output can be sent to a network administrator depending on threshold levels. In this project, a penetration-testing tool called Metasploit was used to launch attacks against systems in an isolated test bed. The network traffic generated during an attack was analyzed for use in the MSU intrusion detection model.
50
Wang, Jie. "Advanced attack tree based intrusion detection". Thesis, Loughborough University, 2012. https://dspace.lboro.ac.uk/2134/9631.
Testo completoAbstract (sommario):
Computer network systems are constantly under attack or have to deal with attack attempts. The first step in any network's ability to fight against intrusive attacks is to be able to detect intrusions when they are occurring. Intrusion Detection Systems (IDS) are therefore vital in any kind of network, just as antivirus is a vital part of a computer system. With the increasing computer network intrusion sophistication and complexity, most of the victim systems are compromised by sophisticated multi-step attacks. In order to provide advanced intrusion detection capability against the multi-step attacks, it makes sense to adopt a rigorous and generalising view to tackling intrusion attacks. One direction towards achieving this goal is via modelling and consequently, modelling based detection. An IDS is required that has good quality of detection capability, not only to be able to detect higher-level attacks and describe the state of ongoing multi-step attacks, but also to be able to determine the achievement of high-level attack detection even if any of the modelled low-level attacks are missed by the detector, because no alert being generated may represent that the corresponding low-level attack is either not being conducted by the adversary or being conducted by the adversary but evades the detection. This thesis presents an attack tree based intrusion detection to detect multistep attacks. An advanced attack tree modelling technique, Attack Detection Tree, is proposed to model the multi-step attacks and facilitate intrusion detection. In addition, the notion of Quality of Detectability is proposed to describe the ongoing states of both intrusion and intrusion detection. Moreover, a detection uncertainty assessment mechanism is proposed to apply the measured evidence to deal with the uncertainty issues during the assessment process to determine the achievement of high-level attacks even if any modelled low-level incidents may be missing.