Spelling suggestions: "subject:"detection lemsystems"" "subject:"detection atemsystems""
21 |
Ant tree miner amyntas for intrusion detectionBotes, Frans Hendrik January 2018 (has links)
Thesis (MTech (Information Technology))--Cape Peninsula University of Technology, 2018. / With the constant evolution of information systems, companies have to acclimatise to the vast increase of data flowing through their networks. Business processes rely heavily on information technology and operate within a framework of little to no space for interruptions. Cyber attacks aimed at interrupting business operations, false intrusion detections and leaked information burden companies with large monetary and reputational costs. Intrusion detection systems analyse network traffic to identify suspicious patterns that intent to compromise the system. Classifiers (algorithms) are used to classify the data within different categories e.g. malicious or normal network traffic. Recent surveys within intrusion detection highlight the need for improved detection techniques and warrant further experimentation for improvement. This experimental research project focuses on implementing swarm intelligence techniques within the intrusion detection domain. The Ant Tree Miner algorithm induces decision trees by using ant colony optimisation techniques. The Ant Tree Miner poses high accuracy with efficient results. However, limited research has been performed on this classifier in other domains such as intrusion detection. The research provides the intrusion detection domain with a new algorithm that improves upon results of decision trees and ant colony optimisation techniques when applied to the domain. The research has led to valuable insights into the Ant Tree Miner classifier within a previously unknown domain and created an intrusion detection benchmark for future researchers.
|
22 |
Algorithms for Large-Scale Internet MeasurementsLeonard, Derek Anthony 2010 December 1900 (has links)
As the Internet has grown in size and importance to society, it has become
increasingly difficult to generate global metrics of interest that can be used to verify
proposed algorithms or monitor performance. This dissertation tackles the problem
by proposing several novel algorithms designed to perform Internet-wide measurements
using existing or inexpensive resources.
We initially address distance estimation in the Internet, which is used by many
distributed applications. We propose a new end-to-end measurement framework
called Turbo King (T-King) that uses the existing DNS infrastructure and, when
compared to its predecessor King, obtains delay samples without bias in the presence
of distant authoritative servers and forwarders, consumes half the bandwidth, and
reduces the impact on caches at remote servers by several orders of magnitude.
Motivated by recent interest in the literature and our need to find remote DNS
nameservers, we next address Internet-wide service discovery by developing IRLscanner,
whose main design objectives have been to maximize politeness at remote networks,
allow scanning rates that achieve coverage of the Internet in minutes/hours
(rather than weeks/months), and significantly reduce administrator complaints. Using
IRLscanner and 24-hour scan durations, we perform 20 Internet-wide experiments
using 6 different protocols (i.e., DNS, HTTP, SMTP, EPMAP, ICMP and UDP
ECHO). We analyze the feedback generated and suggest novel approaches for reducing
the amount of blowback during similar studies, which should enable researchers
to collect valuable experimental data in the future with significantly fewer hurdles.
We finally turn our attention to Intrusion Detection Systems (IDS), which are
often tasked with detecting scans and preventing them; however, it is currently unknown
how likely an IDS is to detect a given Internet-wide scan pattern and whether
there exist sufficiently fast stealth techniques that can remain virtually undetectable
at large-scale. To address these questions, we propose a novel model for the windowexpiration
rules of popular IDS tools (i.e., Snort and Bro), derive the probability that
existing scan patterns (i.e., uniform and sequential) are detected by each of these
tools, and prove the existence of stealth-optimal patterns.
|
23 |
Network Forensics and Log Files Analysis : A Novel Approach to Building a Digital Evidence Bag and Its Own Processing ToolQaisi, Ahmed Abdulrheem Jerribi January 2011 (has links)
Intrusion Detection Systems (IDS) tools are deployed within networks to monitor data that is transmitted to particular destinations such as MySQL,Oracle databases or log files. The data is normally dumped to these destinations without a forensic standard structure. When digital evidence is needed, forensic specialists are required to analyse a very large volume of data. Even though forensic tools can be utilised, most of this process has to be done manually, consuming time and resources. In this research, we aim to address this issue by combining several existing tools to archive the original IDS data into a new container (Digital Evidence Bag) that has a structure based upon standard forensic processes. The aim is to develop a method to improve the current IDS database function in a forensic manner. This database will be optimised for future, forensic, analysis.
Since evidence validity is always an issue, a secondary aim of this research is to develop a new monitoring scheme. This is to provide the necessary evidence to prove that an attacker had surveyed the network prior to the attack. To achieve this, we will set up a network that will be monitored by multiple IDSs. Open source tools will be used to carry input validation attacks into the network including SQL injection. We will design a new tool to obtain the original data in order to store it within the proposed DEB. This tool will collect the data from several databases of the different IDSs. We will assume that the IDS will not have been compromised.
|
24 |
Implementação de um IDS utilizando SNMP e lógica difusa / Implementation of an IDS using SNMP and fuzzy logicVirti, Émerson Salvadori January 2007 (has links)
Este trabalho busca o estudo da segurança em redes de computadores através da implementação de um sistema detector de intrusão embasado na captura de informações pela utilização do protocolo SNMP. Para alcançar-se a diminuição no número de falsos positivo e negativo, problema peculiar à maioria dos IDS, utiliza-se a lógica difusa para, com o auxilio dos administradores de segurança de cada rede, possibilitar a construção de um sistema detector de intrusão que melhor se adeque às características das redes monitoradas. Posteriormente, utilizando o monitoramento de uma rede de produção, avalia-se a melhora na segurança obtida com o uso do IDS implementado por esse trabalho que, atuando quase em tempo real, propicia sua adoção como mecanismo complementar à segurança de redes. / This work develops a study about Computer Network Security through the implementation of an Instruction Detection System (IDS) based on system information captured by the SNMP protocol. To reach a reduction in the number of false positive and false negative, a peculiar problem to the majority of the IDS, it is used fuzzy logic and the assistance of Network Security Administrators. Thus it is possible to build an Intrusion Detection System better adjusted to the network characteristics that must be monitored. At last, by monitoring a production network, it is evaluated the overall security improvement obtained by the IDS proposed in this work and considers its adoption as a complementary network security mechanism.
|
25 |
Implementação de um IDS utilizando SNMP e lógica difusa / Implementation of an IDS using SNMP and fuzzy logicVirti, Émerson Salvadori January 2007 (has links)
Este trabalho busca o estudo da segurança em redes de computadores através da implementação de um sistema detector de intrusão embasado na captura de informações pela utilização do protocolo SNMP. Para alcançar-se a diminuição no número de falsos positivo e negativo, problema peculiar à maioria dos IDS, utiliza-se a lógica difusa para, com o auxilio dos administradores de segurança de cada rede, possibilitar a construção de um sistema detector de intrusão que melhor se adeque às características das redes monitoradas. Posteriormente, utilizando o monitoramento de uma rede de produção, avalia-se a melhora na segurança obtida com o uso do IDS implementado por esse trabalho que, atuando quase em tempo real, propicia sua adoção como mecanismo complementar à segurança de redes. / This work develops a study about Computer Network Security through the implementation of an Instruction Detection System (IDS) based on system information captured by the SNMP protocol. To reach a reduction in the number of false positive and false negative, a peculiar problem to the majority of the IDS, it is used fuzzy logic and the assistance of Network Security Administrators. Thus it is possible to build an Intrusion Detection System better adjusted to the network characteristics that must be monitored. At last, by monitoring a production network, it is evaluated the overall security improvement obtained by the IDS proposed in this work and considers its adoption as a complementary network security mechanism.
|
26 |
Implementação de um IDS utilizando SNMP e lógica difusa / Implementation of an IDS using SNMP and fuzzy logicVirti, Émerson Salvadori January 2007 (has links)
Este trabalho busca o estudo da segurança em redes de computadores através da implementação de um sistema detector de intrusão embasado na captura de informações pela utilização do protocolo SNMP. Para alcançar-se a diminuição no número de falsos positivo e negativo, problema peculiar à maioria dos IDS, utiliza-se a lógica difusa para, com o auxilio dos administradores de segurança de cada rede, possibilitar a construção de um sistema detector de intrusão que melhor se adeque às características das redes monitoradas. Posteriormente, utilizando o monitoramento de uma rede de produção, avalia-se a melhora na segurança obtida com o uso do IDS implementado por esse trabalho que, atuando quase em tempo real, propicia sua adoção como mecanismo complementar à segurança de redes. / This work develops a study about Computer Network Security through the implementation of an Instruction Detection System (IDS) based on system information captured by the SNMP protocol. To reach a reduction in the number of false positive and false negative, a peculiar problem to the majority of the IDS, it is used fuzzy logic and the assistance of Network Security Administrators. Thus it is possible to build an Intrusion Detection System better adjusted to the network characteristics that must be monitored. At last, by monitoring a production network, it is evaluated the overall security improvement obtained by the IDS proposed in this work and considers its adoption as a complementary network security mechanism.
|
27 |
Modeling and simulation of intrusion detection system in mobile ad-hoc networksJarmal, Piotr January 2008 (has links)
The thesis investigates the process of modeling and simulation of the mobile ad-hoc networks. It provides a overview of the actual state of art together with a literature survey. Basic ideas of both security issues in mobile ad-hoc networks as well as intrusion detection systems are presented. Additionally some new ideas for improvements - like the AGM mobility model - are proposed, and tested during the simulation proces. As an addition a set of applications designer for automating the simulation processes were created.
|
28 |
An empirical comparison of the market-leading IDS'sHedemalm, Daniel January 2018 (has links)
In this day and age of the Internet, organizations need to address network threats, therefore more education material also needs to be established. An already established methodology for evaluating intrusion detection systems was chosen, and a selection of the market-leading intrusion detection systems are evaluated. The results show that all the systems were able to identify threats in 50% of the datasets, with different threat detection accuracies.
|
29 |
Amber : a aero-interaction honeypot with distributed intelligenceSchoeman, Adam January 2015 (has links)
For the greater part, security controls are based on the principle of Decision through Detection (DtD). The exception to this is a honeypot, which analyses interactions between a third party and itself, while occupying a piece of unused information space. As honeypots are not located on productive information resources, any interaction with it can be assumed to be non-productive. This allows the honeypot to make decisions based simply on the presence of data, rather than on the behaviour of the data. But due to limited resources in human capital, honeypots’ uptake in the South African market has been underwhelming. Amber attempts to change this by offering a zero-interaction security system, which will use the honeypot approach of decision through Presence (DtP) to generate a blacklist of third parties, which can be passed on to a network enforcer. Empirical testing has proved the usefulness of this alternative and low cost approach in defending networks. The functionality of the system was also extended by installing nodes in different geographical locations, and streaming their detections into the central Amber hive.
|
30 |
Detector Comparison for Simultaneous Determination of Organic Acids and Inorganic AnionsPannell, Daniel K. (Daniel Kirk) 08 1900 (has links)
The research reported here is a study of detector systems to determine those most suited for simultaneous organic acid, inorganic anion determination. Comparisons are made on the basis of detection limits and sensitivities for conductivity, UV/Vis, photoconductivity, and derivative conductivity detection systems. The investigation was made using a constant chromatographic system with the only variable component being the detector system. Eluant optimization conditions for each detector are reported along with tables reporting detection limits and sensitivities for each detector system. Various chromatograms are also shown to provide a visual comparison between detector results.
|
Page generated in 0.171 seconds