Spelling suggestions: "subject:"attack detection"" "subject:"attack 1detection""
11 |
Αναγνώριση επιθέσεων web σε web-serversΣτυλιανού, Γεώργιος 09 July 2013 (has links)
Οι επιθέσεις στο Διαδίκτυο και ειδικά οι επιθέσεις άρνησης εξυπηρέτησης (Denial of Service, DoS) αποτελούν ένα πολύ σοβαρό πρόβλημα για την ομαλή λειτουργία του Διαδικτύου. Αυτό το είδος επιθέσεων στοχεύει στην διατάραξη της καλής λειτουργίας ενός συστήματος, καταναλώνοντας τους πόρους του ή προκαλώντας υπερφόρτωση στο δίκτυο, καθιστώντας το ανίκανο να παρέχει στους πελάτες του τις υπηρεσίες για τις οποίες προορίζεται. Η αντιμετώπιση των επιθέσεων αυτών έχει απασχολήσει πολλούς ερευνητές τα τελευταία χρόνια και έχουν προταθεί πολλές διαφορετικές μέθοδοι πρόληψης, ανίχνευσης, και απόκρισης.
Στα πλαίσια της παρούσας διπλωματικής επιχειρείται αρχικά ο ορισμός και η ταξινόμηση των επιθέσεων DoS και DDoS, με ιδιαίτερη αναφορά στις επιθέσεις DoS στον Παγκόσμιο Ιστό. Στη συνέχεια αναλύονται διάφοροι τρόποι αναγνώρισης επιθέσεων, με κύριους άξονες την αναγνώριση υπογραφής και την ανίχνευση ανωμαλιών. Γίνεται εμβάθυνση στο πεδίο της ανίχνευσης ανωμαλιών και πραγματοποιείται η μελέτη ενός συστήματος που ανιχνεύει ανωμαλίες σε δεδομένα κίνησης δικτύου που περιέχουν επιθέσεις. / Attacks in the Internet, and especially Denial of Service attacks, are a very serious threat to the normal function of the Internet. This kind of attack aims to the disruption of the normal function of a system, by consuming its resources or overloading the network, making it incapable to provide services, that is designed for, to the clients. In recent years many researchers have tried to propose solutions to prevent, detect and respond effectively to attacks.
In this thesis, first a definition, and then a classification of DoS and DDoS attacks is proposed, with distinctive reference to attacks in the World Wide Web. Several ways of attack detection are analyzed, with signature detection and anomaly detection being the most significant. Afterwards, the field of anomaly detection is thoroughly analyzed, and a system that detects anomalies to a dataset of network traffic that contains attacks, is examined.
|
12 |
[en] AN ASSESSMENT OF PRESENTATION ATTACK DETECTION METHODS FOR FACE RECOGNITION SYSTEMS / [pt] AVALIAÇÃO DE MÉTODOS DE DETECÇÃO DE FRAUDE EM SISTEMAS DE RECONHECIMIENTO FACIALGUILLERMO ESTRADA DOMECH 07 November 2018 (has links)
[pt] As vulnerabilidades dos Sistemas de Reconhecimento Facial (FRS) aos Ataques de Apresentação (PA) foram recentemente reconhecidas pela comunidade biométrica, mas ainda existe a falta de técnicas faciais de Detecção de Ataque de Apresentação (PAD) baseadas em software que apresentam desempenho robusto em cenários de autenticação realistas. O objetivo principal desta dissertação é analisar, avaliar e comparar alguns dos métodos baseados em atributos do estado-da-arte para PAD facial em uma variedade de condições, considerando três dos bancos de dados de fraude facial publicamente disponíveis 3DMAD, REPLAY-MOBILE e OULU-NPU. No presente trabalho, os métodos de PAD baseados em descritores de texturas LBP-RGB, BSIF-RGB e IQM foram investigados. Ademais, um Autoencoder Convolucional (CAE), um descritor de atributos aprendidos, também foi implementado e avaliado. Também, abordagens de classificação de uma e duas classes foram implementadas e avaliadas. Os experimentos realizados neste trabalho foram concebidos para medir o desempenho de diferentes esquemas de PAD em duas condições: (i) intra-banco de dados e (ii) inter-banco de dados. Os resultados revelaram que a eficácia dos atributos aprendidos pelo CAE em esquemas de PAD baseados na abordagem de classificação de duas classes fornece, em geral, o melhor desempenho em protocolos de avaliação intra-banco de dados. Os resultados também indicam que os esquemas de PAD baseados na abordagem de classificação de uma classe não são inferiores em comparação às suas contrapartes de duas classes nas avaliações inter-banco de dados. / [en] The vulnerabilities of Face Recognition Systems (FRS) to Presentation Attacks (PA) have been recently recognized by the biometric community, but there is still a lack of generalized software-based facial Presentation Attack Detection (PAD) techniques that perform robustly in realistic authentication scenarios. The main objective of this dissertation is to analyze, evaluate and compare some of the most relevant, state-of-the-art feature-based methods for facial PAD in a variety of conditions, considering three of the facial spoofing databases publicly available 3DMAD, REPLAYMOBILE and OULU-NPU. In the current work, PAD methods based on LBP-RGB, BSIF-RGB and IQM hand-crafted texture descriptors were investigated.
Additionally, a Convolutional Autoencoder (CAE), a learned feature descriptor, was also implemented and evaluated. Furthermore, oneclass and two-class classification approaches were implemented and evaluated. The experiments conducted in this work were designed to measure the performance of different PAD schemes in two conditions, namely: (i) intradatabase and (ii) inter-database (or cross-database). The results revealed the effectiveness of the features learned by CAE in two-class classification PAD schemes provide, in general, the best performance in intra-database evaluation protocols. The results also indicate that PAD schemes based on one-class classification approach are not inferior as compared to their twoclass
counterpart in the inter-database evaluations.
|
13 |
Sécurité des applications Web : Analyse, modélisation et détection des attaques par apprentissage automatique / Web application security : analysis, modeling and attacks detection using machine learningMakiou, Abdelhamid 16 December 2016 (has links)
Les applications Web sont l’épine dorsale des systèmes d’information modernes. L’exposition sur Internet de ces applications engendre continuellement de nouvelles formes de menaces qui peuvent mettre en péril la sécurité de l’ensemble du système d’information. Pour parer à ces menaces, il existe des solutions robustes et riches en fonctionnalités. Ces solutions se basent sur des modèles de détection des attaques bien éprouvés, avec pour chaque modèle, des avantages et des limites. Nos travaux consistent à intégrer des fonctionnalités de plusieurs modèles dans une seule solution afin d’augmenter la capacité de détection. Pour atteindre cet objectif, nous définissons dans une première contribution, une classification des menaces adaptée au contexte des applications Web. Cette classification sert aussi à résoudre certains problèmes d’ordonnancement des opérations d’analyse lors de la phase de détection des attaques. Dans une seconde contribution, nous proposons une architecture de filtrage des attaques basée sur deux modèles d’analyse. Le premier est un module d’analyse comportementale, et le second utilise l’approche d’inspection par signature. Le principal défi à soulever avec cette architecture est d’adapter le modèle d’analyse comportementale au contexte des applications Web. Nous apportons des réponses à ce défi par l’utilisation d’une approche de modélisation des comportements malicieux. Ainsi, il est possible de construire pour chaque classe d’attaque son propre modèle de comportement anormal. Pour construire ces modèles, nous utilisons des classifieurs basés sur l’apprentissage automatique supervisé. Ces classifieurs utilisent des jeux de données d’apprentissage pour apprendre les comportements déviants de chaque classe d’attaques. Ainsi, un deuxième verrou en termes de disponibilité des données d’apprentissage a été levé. En effet, dans une dernière contribution, nous avons défini et conçu une plateforme de génération automatique des données d’entrainement. Les données générées par cette plateforme sont normalisées et catégorisées pour chaque classe d’attaques. Le modèle de génération des données d’apprentissage que nous avons développé est capable d’apprendre "de ses erreurs" d’une manière continue afin de produire des ensembles de données d’apprentissage de meilleure qualité. / Web applications are the backbone of modern information systems. The Internet exposure of these applications continually generates new forms of threats that can jeopardize the security of the entire information system. To counter these threats, there are robust and feature-rich solutions. These solutions are based on well-proven attack detection models, with advantages and limitations for each model. Our work consists in integrating functionalities of several models into a single solution in order to increase the detection capacity. To achieve this objective, we define in a first contribution, a classification of the threats adapted to the context of the Web applications. This classification also serves to solve some problems of scheduling analysis operations during the detection phase of the attacks. In a second contribution, we propose an architecture of Web application firewall based on two analysis models. The first is a behavioral analysis module, and the second uses the signature inspection approach. The main challenge to be addressed with this architecture is to adapt the behavioral analysis model to the context of Web applications. We are responding to this challenge by using a modeling approach of malicious behavior. Thus, it is possible to construct for each attack class its own model of abnormal behavior. To construct these models, we use classifiers based on supervised machine learning. These classifiers use learning datasets to learn the deviant behaviors of each class of attacks. Thus, a second lock in terms of the availability of the learning data has been lifted. Indeed, in a final contribution, we defined and designed a platform for automatic generation of training datasets. The data generated by this platform is standardized and categorized for each class of attacks. The learning data generation model we have developed is able to learn "from its own errors" continuously in order to produce higher quality machine learning datasets .
|
14 |
TRACE DATA-DRIVEN DEFENSE AGAINST CYBER AND CYBER-PHYSICAL ATTACKS.pdfAbdulellah Abdulaziz M Alsaheel (17040543) 11 October 2023 (has links)
<p dir="ltr">In the contemporary digital era, Advanced Persistent Threat (APT) attacks are evolving, becoming increasingly sophisticated, and now perilously targeting critical cyber-physical systems, notably Industrial Control Systems (ICS). The intersection of digital and physical realms in these systems enables APT attacks on ICSs to potentially inflict physical damage, disrupt critical infrastructure, and jeopardize human safety, thereby posing severe consequences for our interconnected world. Provenance tracing techniques are essential for investigating these attacks, yet existing APT attack forensics approaches grapple with scalability and maintainability issues. These approaches often hinge on system- or application-level logging, incurring high space and run-time overheads and potentially encountering difficulties in accessing source code. Their dependency on heuristics and manual rules necessitates perpetual updates by domain-knowledge experts to counteract newly developed attacks. Additionally, while there have been efforts to verify the safety of Programming Logic Controller (PLC) code as adversaries increasingly target industrial environments, these works either exclusively consider PLC program code without connecting to the underlying physical process or only address time-related physical safety issues neglecting other vital physical features.</p><p dir="ltr">This dissertation introduces two novel frameworks, ATLAS and ARCHPLC, to address the aforementioned challenges, offering a synergistic approach to fortifying cybersecurity in the face of evolving APT and ICS threats. ATLAS, an effective and efficient multi-host attack investigation framework, constructs end-to-end APT attack stories from audit logs by combining causality analysis, Natural Language Processing (NLP), and machine learning. Identifying key attack patterns, ATLAS proficiently analyzes and pinpoints attack events, minimizing alert fatigue for cyber analysts. During evaluations involving ten real-world APT attacks executed in a realistic virtual environment, ATLAS demonstrated an ability to recover attack steps and construct attack stories with an average precision of 91.06%, a recall of 97.29%, and an F1-score of 93.76%, providing a robust framework for understanding and mitigating cyber threats.</p><p dir="ltr">Concurrently, ARCHPLC, an advanced approach for enhancing ICS security, combines static analysis of PLC code and data mining from ICS data traces to derive accurate invariants, providing a comprehensive understanding of ICS behavior. ARCHPLC employs physical causality graph analysis techniques to identify cause-effect relationships among plant components (e.g., sensors and actuators), enabling efficient and quantitative discovery of physical causality invariants. Supporting patching and run-time monitoring modes, ARCHPLC inserts derived invariants into PLC code using program synthesis in patching mode and inserts invariants into a dedicated monitoring program for continuous safety checks in run-time monitoring mode. ARCHPLC adeptly detects and mitigates run-time anomalies, providing exceptional protection against cyber-physical attacks with minimal overhead. In evaluations against 11 cyber-physical attacks on a Fischertechnik manufacturing plant and a chemical plant simulator, ARCHPLC protected the plants without any false positives or negatives, with an average run-time overhead of 14.31% in patching mode and 0.4% in run-time monitoring mode.</p><p dir="ltr">In summary, this dissertation provides invaluable solutions that equip cybersecurity professionals to enhance APT attack investigation, enabling them to identify and comprehend complex attacks with heightened accuracy. Moreover, these solutions significantly bolster the safety and security of ICS infrastructure, effectively protecting critical systems and strengthening defenses against cyber-physical attacks, thereby contributing substantially to the field of cybersecurity.</p>
|
15 |
TOWARDS SECURE AND RELIABLE ROBOTIC VEHICLES WITH HOLISTIC MODELING AND PROGRAM ANALYSISHong Jun Choi (13045434) 08 August 2022 (has links)
<p>Cyber-Physical Systems (CPS) are integrated systems that consist of the computational and physical components with network communication to support operation in the physical world. My PhD dissertation focuses on the security and reliability of autonomous cyber-physical systems, such as self-driving cars, drones, and underwater robots, that are safety-critical systems based on the seamless integration of cyber and physical components. Autonomous CPS are becoming an integral part of our life. The market for autonomous driving systems is expected to be more than $65 billion by 2026. The security of such CPS is hence critical. Beyond traditional cyber-only computing systems, these complex and integrated CPS have unique characteristics. From the security perspective, they open unique research opportunities since they introduce additional attack vectors and post new challenges that existing cyber-oriented approaches cannot address well. <em>The goal of my research is to build secure and reliable autonomous CPS by bridging the gap between the cyber and physical domains.</em> To this end, my work focuses on fundamental research questions associated with cyber-physical attack and defense, vulnerability discovery and elimination, and post-attack investigation. My approach to solving the problems involves various techniques and interdis- ciplinary knowledge, including program analysis, search-based software engineering, control theory, robotics, and AI/machine learning.</p>
|
16 |
A Multi-Agent Defense Methodology with Machine Learning against Cyberattacks on Distribution SystemsAppiah-Kubi, Jennifer 17 August 2022 (has links)
The introduction of communication technology into the electric power grid has made the grid more reliable. Power system operators gain visibility over the power system and are able to resolve operational issues remotely via Supervisory Control And Data Acquisition (SCADA) technology. This reduces outage periods. Nonetheless, the remote-control capability has rendered the power grid vulnerable to cyberattacks. In December 2015, over 200,000 people in Ukraine became victims of the first publicly reported cyberattack on the power grid. Consequently, cyber-physical security research for the power system as a critical infrastructure is in critical need.
Research on cybersecurity for power grids has produced a diverse literature; the multi-faceted nature of the grid makes it vulnerable to different types of cyberattacks, such as direct power grid, supply chain and ransom attacks. The attacks may also target different levels of grid operation, such as the transmission system, distribution system, microgrids, and generation. As these levels are characterized by varying operational constraints, the literature may be categorized not only according to the type of attack it targets, but also according to the level of power system operation under consideration. It is noteworthy that cybersecurity research for the transmission system dominates the literature, although the distribution system is noted to have a larger attack surface.
For the distribution system, a notable attack type is the so-called direct switching attack, in which an attacker aims to disrupt power supply by compromising switching devices that connect equipment such as generators, and power grid lines. To maximize the damage, this attack tends to be coordinated as the attacker optimally selects the nodes and switches to attack. This decision-making process is often a bi- or tri-level optimization problem which models the interaction between the attacker and the power system defender. It is necessary to detect attacks and establish coordination/correlation among them. Determining coordination is a necessary step to predict the targets of an attack before attack completion, and aids in the mitigation strategy that ensues.
While the literature has addressed the direct switching attack on the distribution system in different ways, there are also shortcomings. These include: (i) techniques to establish coordination among attacks are centralized, making them prone to single-point failures; (ii) techniques to establish coordination among attacks leverage only power system models, ignoring the influence of communication network vulnerabilities and load criticality in the decisions of the attacker; (iii) attacker-defender optimization models assume specific knowledge of the attacker resources and constraints by the defender, a strong unrealistic assumption that reduces their usability; (iv) and, mitigation strategies tend to be static and one-sided, being implemented only at the physical level, or at the communication network level.
In light of this, this dissertation culminates in major contributions concerning real-time decentralized correlation of detected direct switching attacks and hybrid mitigation for electric power distribution systems. Concerning this, four novel contributions are presented: (i) a framework for decentralized correlation of attacks and mitigation; (ii) an attacker-defender optimization model that accounts for power system laws, load criticality, and cyber vulnerabilities in the decision-making process of the attacker; (iii) a real-time learning-based mechanism for determining correlation among detected attacks and predicting attack targets, and which does not assume knowledge of the attacker's resources and constraints by the power system defender; (iv) a hybrid mitigation strategy optimized in real-time based on information learned from detected attacks, and which combines both physical level and communication network level mitigation.
Since the execution of intrusion detection systems and mechanisms such as the ones proposed in this dissertation may deter attackers from directly attacking the power grid, attackers may perform a supply chain cyberattack to yield the same results. Although, supply chain cyberattacks have been acknowledged as potentially far-reaching, and compliance directives put forward for this, the detection of supply chain cyberattacks is in a nascent stage. Consequently, this dissertation also proposes a novel method for detecting supply chain cyberattacks. To the best of the knowledge of the author, this work is the first preliminary work on supply chain cyberattack detection. / Doctor of Philosophy / The electric power grid is the network that transports electricity from generation to consumers, such as homes and factories. The power grid today is highly remote-monitored and controlled. Should there be a fault on the grid, the human operator, often remotely located, may only need to resolve it by sending a control signal to telemetry points, called nodes, via a communication network. This significantly reduces outage periods and improves the reliability of the grid. Nonetheless, the high level connectivity also exposes the grid to cyberattacks. The cyber connectivity between the power grid and the human operator, like all communication networks, is vulnerable to cyberattacks that may allow attackers to gain control of the power grid. If and when successful, wide-spread and extended outages, equipment damage, etc. may ensue. Indeed, in December 2015, over 200,000 people in Ukraine became victims to the first publicly reported cyberattack on a power grid. As a critical infrastructure, cybersecurity for the power grid is, therefore, in critical need.
Research on cybersecurity for power grids has produced a diverse literature; the multi-faceted nature of the grid makes it vulnerable to different types of cyberattacks, such as direct power grid, supply chain and ransom attacks. Notable is the so-called direct switching attack, in which an attacker aims to compromise the power grid communication network in order to toggle switches that connect equipment such as generators, and power grid lines. The aim is to disrupt electricity service. To maximize the damage, this attack tends to be coordinated; the attacker optimally selects several grid elements to attack. Thus, it is necessary to both detect attacks and establish coordination among them. Determining coordination is a necessary step to predict the targets of an attack before attack completion. This aids the power grid owner to intercept and mitigate attacks. While the literature has addressed the direct switching attack in different ways, there are also shortcomings. Three outstanding ones are: (i) techniques to determine coordination among attacks and predict attack targets are centralized, making them prone to single-point failures; (ii) techniques to establish coordination among attacks leverage only power system physical laws, ignoring the influence of communication network vulnerabilities in the decisions of the attacker; (iii) and, studies on the interaction between the attacker and the defender (i.e., power grid owner) assume specific knowledge of the attacker resources and constraints by the defender, a strong unrealistic assumption that reduces their usability.
This research project addresses several of the shortcomings in the literature, particularly the aforementioned. The work focuses on the electric distribution system, which is the power grid that connects directly to consumers. Indeed, this choice is ideal, as the distribution system has a larger attack surface than other parts of the grid and is characterized by computing devices with more constrained computational capability. Thus, adaptability to simple computing devices is a priority. The contributions of this dissertation provide leverage to the power grid owner to intercept and mitigate attacks in a resilient manner. The original contributions of the work are: (i) a novel realistic model that shows the decision making process of the attacker and their interactions with the defender; (ii) a novel decentralized mechanism for predicting the targets of coordinated cyberattacks on the electric distribution grid in real-time and which is guided by the attack model, (iii) and a novel hybrid optimized mitigation strategy that provides security to the power grid at both the communication network level and the physical power grid level.
Since the power grid is constructed with smart equipment from various vendors, attackers may launch effective attacks by compromising the devices deployed in the power grid through a compromised supply chain. By nature, such an attack is evasive to traditional intrusion detection systems and algorithms such as the aforementioned. Therefore, this work also provides a new method to defend the grid against supply chain attacks, resulting in a mechanism for its detection in a critical power system communication device.
|
17 |
Detekce útoku pomocí analýzy systémových logů / Attack Detection by Analysis of the System's LogsHolub, Ondřej Unknown Date (has links)
The thesis deals with the attack detection possibilities and the nonstandard behaviour. It focuses on problems with the IDS detection systems, the subsequent classification and methods which are being used for the attack detection. One part of the thesis presents the existing IDS systems and their properties which are necessary for the successful attack detection. Other parts describe methods to obtain information from the operating systems Microsoft Windows and it also analyses the theoretical methods of data abnormalities. The practical part focuses on the design and implementation of the HIDS application. The final application and its detection abilities are tested at the end of the practical part with the help of some model situations. In the conclusion, the thesis sums up the gained information and shows a possible way of the future development.
|
18 |
Supervision des réseaux pair à pair structurés appliquée à la sécurité des contenus / Monitoring of structured P2P networks applied to the security of contentsCholez, Thibault 23 June 2011 (has links)
L'objectif de cette thèse est de concevoir et d'appliquer de nouvelles méthodes de supervision capables d'appréhender les problèmes de sécurité affectant les données au sein des réseaux P2P structurés (DHT). Ceux-ci sont de deux types. D'une part les réseaux P2P sont utilisés pour diffuser des contenus illégaux dont l'activité est difficile à superviser. D'autre part, l'indexation des contenus légitimes peut être corrompue (attaque Sybil).Nous proposons tout d'abord une méthode de supervision des contenus basée sur l'insertion de sondes et le contrôle du mécanisme d'indexation du réseau. Celle-ci permet d'attirer l'ensemble des requêtes des pairs pour un contenu donné, puis de vérifier leur intention en générant des appâts très attractifs. Nous décrivons ainsi les faiblesses du réseau permettant la mise en oeuvre de notre méthode en dépit des protections existantes. Nous présentons les fonctionnalités de notre architecture et en évaluons l'efficacité sur le réseau P2P KAD avant de présenter un déploiement réel ayant pour but l'étude des contenus pédophiles.Nous considérons ensuite la sécurité des données indexées dans une DHT. Nous supervisons le réseau KAD et montrons que celui-ci est victime d'une pollution particulièrement néfaste affectant 2/3 des fichiers mais aussi de nombreuses attaques ciblées affectant la sécurité des contenus stockés. Nous proposons un moyen de détecter efficacement cette dernière attaque en analysant la distribution des identifiants des pairs autour d'une référence ainsi qu'une contre-mesure permettant de protéger les pairs à un coût négligeable. Nous terminons par l'évaluation de la protection au sein de réseaux P2P réels. / The purpose of this thesis is to design and implement new monitoring solutions which are able to deal with the security issues affecting data stored in large structured P2P networks (DHT). There are two major types of issues. First, P2P networks are used to spread illegal contents whose activity is difficult to monitor accurately. Second, the indexation of regular contents can be corrupted (Sybil attack).We first designed a new approach to monitor contents based on the insertion of distributed probes in the network to take control of the indexation mechanism. The probes can attract all the related requests for a given content and assess the peers intent to access it by generating very attractive honeypots. We describe the weaknesses of the network allowing our solution to be effective despite recent protection mechanisms. We then present the services offered by our monitoring architecture and we evaluate its efficiency on KAD. We also present a real deployment whose purpose is to study pedophile contents on this network.Then, we focus on data integrity in distributed hash tables. We performed large scale monitoring campaigns on the KAD network. Our observations show that it suffers from a very harmful pollution of its indexation mechanism affecting 2/3 of the shared files and from a large number of localized attacks targeting contents. To mitigate these threats, we propose a new efficient way to detect attacks by analysing the distribution of the peers' ID found around an entry after a DHT lookup and a counter-measure which can protect the peers at a negligible cost. Finally, we evaluate our solution in real P2P networks.
|
19 |
Wireless Sensing in Vehicular Networks:Road State Inference and User AuthenticationTulay, Halit Bugra 27 September 2022 (has links)
No description available.
|
20 |
Performance Enhancement Of Intrusion Detection System Using Advances In Sensor FusionThomas, Ciza 04 1900 (has links)
The technique of sensor fusion addresses the issues relating to the optimality of decision-making in the multiple-sensor framework. The advances in sensor fusion enable to perform intrusion detection for both rare and new attacks. This thesis discusses this assertion in detail, and describes the theoretical and experimental work done to show its validity.
The attack-detector relationship is initially modeled and validated to understand the detection scenario. The different metrics available for the evaluation of intrusion detection systems are also introduced. The usefulness of the data set used for experimental evaluation has been demonstrated. The issues connected with intrusion detection systems are analyzed and the need for incorporating multiple detectors and their fusion is established in this work. Sensor fusion provides advantages with respect to reliability and completeness, in addition to intuitive and meaningful results. The goal for this work is to investigate how to combine data from diverse intrusion detection systems in order to improve the detection rate and reduce the false-alarm rate. The primary objective of the proposed thesis work is to develop a theoretical and practical basis for enhancing the performance of intrusion detection systems using advances in sensor fusion with easily available intrusion detection systems. This thesis introduces the mathematical basis for sensor fusion in order to provide enough support for the acceptability of sensor fusion in performance enhancement of intrusion detection systems. The thesis also shows the practical feasibility of performance enhancement using advances in sensor fusion and discusses various sensor fusion algorithms, its characteristics and related design and implementation is-sues. We show that it is possible to build performance enhancement to intrusion detection systems by setting proper threshold bounds and also by rule-based fusion. We introduce an architecture called the data-dependent decision fusion as a framework for building intrusion detection systems using sensor fusion based on data-dependency. Furthermore, we provide information about the types of data, the data skewness problems and the most effective algorithm in detecting different types of attacks. This thesis also proposes and incorporates a modified evidence theory for the fusion unit, which performs very well for the intrusion detection application. The future improvements in individual IDSs can also be easily incorporated in this technique in order to obtain better detection capabilities. Experimental evaluation shows that the proposed methods have the capability of detecting a significant percentage of rare and new attacks. The improved performance of the IDS using the algorithms that has been developed in this thesis, if deployed fully would contribute to an enormous reduction of the successful attacks over a period of time. This has been demonstrated in the thesis and is a right step towards making the cyber space safer.
|
Page generated in 0.1116 seconds