11 |
IDSAAS: INTRUSION DETECTION SYSTEM AS A SERVICE IN PUBLIC CLOUDSAlharkan, TURKI 11 January 2013 (has links)
In a public cloud computing environment, consumers cannot always just depend on the cloud provider’s security infrastructure. They may need to monitor and protect their virtual existence by implementing their own intrusion detection capabilities along with other security technologies within the cloud fabric. Also, cloud consumers may want to collect network traffic and log them for further analysis. This can help them in writing tailor-made attacking scenarios specifically designed based on the nature of the application they want to protect. Furthermore, consumers’ applications can be distributed among different regions of the cloud or in non-cloud locations. The need to protect all these assets from a centralized location is fundamental to many cloud consumers.
We provide a framework and implementation for an intrusion detection system that is suitable for the public cloud environment. The Intrusion Detection as a Service (IDSaaS) targets security of the infrastructure level for a public cloud (IaaS) by providing intrusion detection technology that is highly elastic, portable and fully controlled by the cloud consumer. These features allow cloud consumers to protect their cloud-based applications from security threats and unauthorized intruders. We developed a proof-of-concept prototype on Amazon EC2 cloud and performed different experiments to evaluate its performance. After examining the experimental results, we found that IDSaaS can provide the required protection in a reasonable and effective manner. / Thesis (Master, Computing) -- Queen's University, 2013-01-10 08:29:23.136
|
12 |
Anomaly-based correlation of IDS alarmsTjhai, Gina C. January 2011 (has links)
An Intrusion Detection System (IDS) is one of the major techniques for securing information systems and keeping pace with current and potential threats and vulnerabilities in computing systems. It is an indisputable fact that the art of detecting intrusions is still far from perfect, and IDSs tend to generate a large number of false IDS alarms. Hence human has to inevitably validate those alarms before any action can be taken. As IT infrastructure become larger and more complicated, the number of alarms that need to be reviewed can escalate rapidly, making this task very difficult to manage. The need for an automated correlation and reduction system is therefore very much evident. In addition, alarm correlation is valuable in providing the operators with a more condensed view of potential security issues within the network infrastructure. The thesis embraces a comprehensive evaluation of the problem of false alarms and a proposal for an automated alarm correlation system. A critical analysis of existing alarm correlation systems is presented along with a description of the need for an enhanced correlation system. The study concludes that whilst a large number of works had been carried out in improving correlation techniques, none of them were perfect. They either required an extensive level of domain knowledge from the human experts to effectively run the system or were unable to provide high level information of the false alerts for future tuning. The overall objective of the research has therefore been to establish an alarm correlation framework and system which enables the administrator to effectively group alerts from the same attack instance and subsequently reduce the volume of false alarms without the need of domain knowledge. The achievement of this aim has comprised the proposal of an attribute-based approach, which is used as a foundation to systematically develop an unsupervised-based two-stage correlation technique. From this formation, a novel SOM K-Means Alarm Reduction Tool (SMART) architecture has been modelled as the framework from which time and attribute-based aggregation technique is offered. The thesis describes the design and features of the proposed architecture, focusing upon the key components forming the underlying architecture, the alert attributes and the way they are processed and applied to correlate alerts. The architecture is strengthened by the development of a statistical tool, which offers a mean to perform results or alert analysis and comparison. The main concepts of the novel architecture are validated through the implementation of a prototype system. A series of experiments were conducted to assess the effectiveness of SMART in reducing false alarms. This aimed to prove the viability of implementing the system in a practical environment and that the study has provided appropriate contribution to knowledge in this field.
|
13 |
NIDS im CampusnetzSchier, Thomas 04 May 2004 (has links)
Workshop "Netz- und Service-Infrastrukturen"
Dieser Beitrag zum Workshop "Netz- und Service-Infrastrukturen" behandelt den
Aufbau eines Network Intrusion Detection System
im Campusnetz.
|
14 |
Telemetry Network Intrusion Detection Test BedMoten, Daryl, Moazzami, Farhad 10 1900 (has links)
ITC/USA 2013 Conference Proceedings / The Forty-Ninth Annual International Telemetering Conference and Technical Exhibition / October 21-24, 2013 / Bally's Hotel & Convention Center, Las Vegas, NV / The transition of telemetry from link-based to network-based architectures opens these systems to new security risks. Tools such as intrusion detection systems and vulnerability scanners will be required for emerging telemetry networks. Intrusion detection systems protect networks against attacks that occur once the network boundary has been breached. An intrusion detection model was developed in the Wireless Networking and Security lab at Morgan State University. The model depends on network traffic being filtered into traffic streams. The streams are then reduced to vectors. The current state of the network can be determined using Viterbi analysis of the stream vectors. Viterbi uses the output of the Hidden Markov Model to find the current state of the network. The state information describes the probability of the network being in predefined normal or attack states based on training data. This output can be sent to a network administrator depending on threshold levels. In this project, a penetration-testing tool called Metasploit was used to launch attacks against systems in an isolated test bed. The network traffic generated during an attack was analyzed for use in the MSU intrusion detection model.
|
15 |
Blackhole Attack Detection in Low-Power IoT Mesh Networks Using Machine Learning AlgorithmsKeipour, Hossein January 2022 (has links)
Low-Power Lossy Networks (LLNs) are a type of Internet of Things (IoT) meshnetwork that collaboratively interact and perform various tasks autonomously. TheRouting Protocol for Low-power and Lossy Network (RPL) is the most used rout-ing protocol for LLNs. Recently, we have been witnessing a tremendous increasein attacks on Internet infrastructures using IoT devices as a botnet (IoT botnet).This thesis focuses on two parts: designing an ML-based IDS for 6LoWPAN, andgenerating a new larger labeled RPL attack dataset by implementing various non-attack and attack IoT network scenarios in the Cooja simulator. The collected rawdata from simulations is preprocessed and labeled to train the Machine Learningmodel for Intrusion Detection System (IDS). We used Deep Neural Network (DNN),Random Forest Classifier (RFC), and Support Vector Machines with Radial-BasisFunction kernel (SVM-RBF) learning algorithms to detect attack in RPL based IoTmesh networks. We achieved a high accuracy (96.7%) and precision (95.7%) usingthe RFC model. The thesis also reviewed the possible placement strategy of IDSfrom cloud to edge.
|
16 |
Cyberthreats, Attacks and Intrusion Detection in Supervisory Control and Data Acquisition NetworksGao, Wei 14 December 2013 (has links)
Supervisory Control and Data Acquisition (SCADA) systems are computer-based process control systems that interconnect and monitor remote physical processes. There have been many real world documented incidents and cyber-attacks affecting SCADA systems, which clearly illustrate critical infrastructure vulnerabilities. These reported incidents demonstrate that cyber-attacks against SCADA systems might produce a variety of financial damage and harmful events to humans and their environment. This dissertation documents four contributions towards increased security for SCADA systems. First, a set of cyber-attacks was developed. Second, each attack was executed against two fully functional SCADA systems in a laboratory environment; a gas pipeline and a water storage tank. Third, signature based intrusion detection system rules were developed and tested which can be used to generate alerts when the aforementioned attacks are executed against a SCADA system. Fourth, a set of features was developed for a decision tree based anomaly based intrusion detection system. The features were tested using the datasets developed for this work. This dissertation documents cyber-attacks on both serial based and Ethernet based SCADA networks. Four categories of attacks against SCADA systems are discussed: reconnaissance, malicious response injection, malicious command injection and denial of service. In order to evaluate performance of data mining and machine learning algorithms for intrusion detection systems in SCADA systems, a network dataset to be used for benchmarking intrusion detection systemswas generated. This network dataset includes different classes of attacks that simulate different attack scenarios on process control systems. This dissertation describes four SCADA network intrusion detection datasets; a full and abbreviated dataset for both the gas pipeline and water storage tank systems. Each feature in the dataset is captured from network flow records. This dataset groups two different categories of features that can be used as input to an intrusion detection system. First, network traffic features describe the communication patterns in a SCADA system. This research developed both signature based IDS and anomaly based IDS for the gas pipeline and water storage tank serial based SCADA systems. The performance of both types of IDS were evaluates by measuring detection rate and the prevalence of false positives.
|
17 |
Analysis of detection systems in a Software-Defined NetworkFakolujo, Oluwapelumi, Qureshi, Amna 16 August 2024 (has links)
Yes / Software-Defined Networking (SDN), a novel and innovative networking technology, offers programmability and flexibility within networks and centralized control of those networks. The separation of data and control planes, as well as
the concentration of all control provisioning options within a SDN controller, are
two of the most significant ways in which SDN improves on traditional network
deployments. However, because different planes in an SDN network are separated,
the network contains several attack vectors that malicious users could exploit. Distributed Denial-of-Service (DDoS) attacks pose a unique threat to SDN because
they can disrupt connections between the controller and data plane devices. Therefore, developing and implementing intrusion detection systems (IDS) in SDN is
necessary. This paper investigates IDS in software-defined networks for effectively
detecting DDoS attacks using signature-based and machine learning (ML)-based
approaches. Mininet and OpenDayLight are used to simulate an SDN environment
in which normal and attack traffic is generated to assess intrusion detection techniques. The Snort IDS is employed as the signature-based IDS in this study, while
the ML algorithms, Random Forest (RF), J48, Naive Bayes (NB), and Support
Vector Machine (SVM) are used to implement the ML-based IDS. The IDS are
examined using SDN-generated traffic, with the InSDN-NB model surpassing all
other ML models and Snort IDS with 98.86% prediction accuracy and a train time
of 1.46s.
|
18 |
Increasing the Trustworthiness ofAI-based In-Vehicle IDS usingeXplainable AILundberg, Hampus January 2022 (has links)
An in-vehicle intrusion detection system (IV-IDS) is one of the protection mechanisms used to detect cyber attacks on electric or autonomous vehicles where anomaly-based IDS solution have better potential at detecting the attacks especially zero-day attacks. Generally, the IV-IDS generate false alarms (falsely detecting normal data as attacks) because of the difficulty to differentiate between normal and attack data. It can lead to undesirable situations, such as increased laxness towards the system, or uncertainties in the event-handling following a generated alarm. With the help of sophisticated Artificial Intelligence (AI) models, the IDS improves the chances of detecting attacks. However, the use of such a model comes at the cost of decreased interpretability, a trait that is argued to be of importance when ascertaining various other valuable desiderata, such as a model’s trust, causality, and robustness. Because of the lack of interpretability in sophisticated AI-based IV-IDSs, it is difficult for humans to trust such systems, let alone know what actions to take when an IDS flags an attack. By using tools found in the area of eXplainable AI (XAI), this thesis aims to explore what kind of explanations could be produced in accord with model predictions, to further increase the trustworthiness of AI-based IV-IDSs. Through a comparative survey, aspects related to trustworthiness and explainability are evaluated on a custom, pseudo-global, visualization-based explanation (”VisExp”), and a rule based explanation. The results show that VisExp increase the trustworthiness,and enhanced the explainability of the AI-based IV-IDS.
|
19 |
Evaluating the efficiency of Host-based Intrusion Detection Systems protecting web applicationsWillerton, Adam, Gustafsson, Rasmus January 2022 (has links)
Background. Web applications are a more significant part of our digital experience, and the number of users keeps continuously growing. Social media alone accounts for more than half of the world’s population. Therefore these applications have become a lucrative target for attackers, and we have seen several attacks against them. One such example saw attackers manage to compromise a twitter account [15], leading to false information being published, causing the New York stock exchange to drop 150 points, erasing 136 billion dollars in equity market value. There are methods to protect web applications, such as web application firewalls or content security policies. Still, another candidate for defending these applications is Host-based Intrusion Detection Systems (HIDS). This study aims to assess the efficiency of these HIDS when defending against web applications. Objectives. The main objective of the thesis is to create an efficiency evaluating model for a HIDS when protecting web applications. Additionally, we will test two open-source HIDS against web applications built to emulate a vulnerable environment and measure these HIDS efficiencies with the model mentioned above. Methods. To reach the objectives of our thesis, a literature review regarding what metrics to evaluate the efficiency of a HIDS was conducted. This allowed us to construct a model for which we evaluated the efficiency of our selected HIDS. In this model, we use 3 categories, each containing multiple metrics. Once completed, the environment hosting our vulnerable applications and their HIDS was set up, followed by the attacks of the applications. The data generated by the HIDS gave us the data required to make our efficiency evaluation which was performed through the lens of the previously mentioned model. Results. The result shows a low overall efficiency from the two HIDS when regarding the category attack detection. The most efficient of the two could be determined. Of the two evaluated, Wazuh and Samhain; we determined Wazuh to be the more efficient HIDS. We identified several components required to improve their attack detection. Conclusions. Through the use of our model, we concluded that the HIDS Wazuh had higher efficiency than the HIDS Samhain. However both HIDS had low performances regarding their ability to detect attacks. Some specific components need to be implemented within these systems before they can reliably be used for defending web applications.
|
20 |
An Ensemble Learning Based Multi-level Network Intrusion Detection System for Wi-Fi Dominant NetworksFrancisco D. Vaca (6790182) 03 June 2019 (has links)
<div>Today, networks contribute signicantly to everyone's life. The enormous usefulness of networks for various services and data storage motivates adversaries to launch attacks on them. Network Intrusion Detection Systems (NIDSs) are used as security measure inside the organizational networks to identify any intrusions and generate alerts for them. The idea of deploying an NIDS is quite known and has been studied and adopted in both academia and industry. However, most of the NIDS literature have emphasized to detect the attacks that originate externally in a wired network infrastructure. In addition, Wi-Fi and wired networks are treated the same for the NIDSs. The open infrastructure in Wi-Fi network makes it different from the wired network. Several internal attacks that could happen in a Wi-Fi network are not pos-</div><div>sible in a wired network. The NIDSs developed using traditional approaches may fail to identify these internal attacks.</div><div><br></div><div><div>The thesis work attempts to develop a Multi-Level Network Intrusion Detection System (ML-NIDS) for Wi-Fi dominant networks that can detect internal attacks specic to Wi-Fi networks as well as the generic network attacks that are independent of network infrastructure. In Wi-Fi dominant networks, Wi-Fi devices (stations) are prevalent at the edge of campus and enterprise networks and integrated with the fixed wired infrastructure at the access. The implementation is proposed for Wi-Fi dominant networks; nevertheless, it aims to work for the wired network as well. We develop the ML-NIDS using an ensemble learning method that combines several weak</div><div>learners to create a strong learner.</div></div><div><br></div>
|
Page generated in 0.1483 seconds