Global ETD Search

51	SELEÇÃO DE VARIÁVEIS DE REDE PARA DETECÇÃO DE INTRUSÃO / NETWORK FEATURE SELECTION FOR INTRUSION DETECTION Alves, Victor Machado 22 October 2012 (has links) Coordenação de Aperfeiçoamento de Pessoal de Nível Superior / Intrusion Detection Systems are considered important mechanisms to ensure protection for computer networks. However, the information used by these systems should be properly selected, because the accuracy and performance are sensitive to the quality and size of the analyzed data. The selection of variables for Intrusion Detection Systems (IDS) is a key point in the design of IDS. The process of selection of variables, or features, makes the choice of appropriate information by removing irrelevant data that affect the result of detection. However, existing approaches to assist IDS select the variables only once, not adapting behavioral changes. The variation of the network traffic is not so accompanied by these selectors. A strategy for reducing the false alarm rate based on abnormalities in IDS is evaluating whether a same time interval abrupt changes occur in more than one variable network. However, this strategy takes as hypothesis that the variables are related, requiring a prior procedure for variable selection. This paper proposes a dynamic method of selecting variables for network IDS, called SDCorr (Selection by Dynamic Correlation), which operates in the mode filter and as an evaluator uses the Pearson correlation test. The method dynamically adapts to changes in network traffic through the selection of new variables at each iteration with the detector. Therefore allow track changes in data and establish relationships between variables. As a result, it improves the accuracy and performance of the IDS by eliminating unnecessary variables and decreasing the size of the analyzed data. / Sistemas de Detecção de Intrusão são considerados mecanismos importantes para assegurar a proteção em redes de computadores. Entretanto as informações utilizadas por estes sistemas devem estar devidamente selecionadas, pois a precisão e desempenho são sensíveis à qualidade e dimensão dos dados analisados. A seleção de variáveis para Sistemas de Detecção de Intrusão (IDS - Intrusion Detection Systems) é assim um ponto chave no projeto de IDS. O processo de seleção de variáveis, ou de características, realiza a escolha das informações apropriadas através da remoção de dados irrelevantes que interferem no resultado da detecção. No entanto, abordagens existentes para auxiliar IDS selecionam as variáveis apenas uma vez, não se adaptando as mudanças comportamentais. As variações inerentes ao tráfego de rede não são assim acompanhadas dinamicamente por estes selecionadores. Uma estratégia para reduzir a taxa de falsos alarmes em IDS baseados em anomalias é avaliar se num mesmo intervalo de tempo ocorrem mudanças abruptas em mais de uma variável de rede. Porém, esta estratégia assume como hipótese que as variáveis analisadas são correlacionadas, exigindo um procedimento prévio de seleção de variáveis. Este trabalho propõe um método dinâmico de seleção de variáveis para IDS de rede, chamado SDCorr (Seleção Dinâmica por Correlação), que opera na modalidade de filtro e utiliza como avaliador o teste de correlação de Pearson. O método adapta-se dinamicamente as variações do tráfego de rede por meio da seleção de novas variáveis a cada iteração com o detector. Assim, possibilita acompanhar as mudanças nos dados e estabelecer relações entre variáveis. Como resultado, melhora-se a precisão e desempenho do IDS através da eliminação de variáveis desnecessárias e da redução da dimensão dos dados analisados. Segurança Sistemas de detecção de intrusão Seleção de variáveis Security Intrusion detection systems Feature selection
52	Um modelo dinâmico de clusterização de dados aplicado na detecção de intrusão Rogério Akiyoshi Furukawa 25 April 2003 (has links) Atualmente, a segurança computacional vem se tornando cada vez mais necessária devido ao grande crescimento das estatísticas que relatam os crimes computacionais. Uma das ferramentas utilizadas para aumentar o nível de segurança é conhecida como Sistemas de Detecção de Intrusão (SDI). A flexibilidade e usabilidade destes sistemas têm contribuído, consideravelmente, para o aumento da proteção dos ambientes computacionais. Como grande parte das intrusões seguem padrões bem definidos de comportamento em uma rede de computadores, as técnicas de classificação e clusterização de dados tendem a ser muito apropriadas para a obtenção de uma forma eficaz de resolver este tipo de problema. Neste trabalho será apresentado um modelo dinâmico de clusterização baseado em um mecanismo de movimentação dos dados. Apesar de ser uma técnica de clusterização de dados aplicável a qualquer tipo de dados, neste trabalho, este modelo será utilizado para a detecção de intrusão. A técnica apresentada neste trabalho obteve resultados de clusterização comparáveis com técnicas tradicionais. Além disso, a técnica proposta possui algumas vantagens sobre as técnicas tradicionais investigadas, como realização de clusterizações multi-escala e não necessidade de determinação do número inicial de clusters / Nowadays, the computational security is becoming more and more necessary due to the large growth of the statistics that describe computer crimes. One of the tools used to increase the safety level is named Intrusion Detection Systems (IDS). The flexibility and usability of these systems have contributed, considerably, to increase the protection of computational environments. As large part of the intrusions follows behavior patterns very well defined in a computers network, techniques for data classification and clustering tend to be very appropriate to obtain an effective solutions to this problem. In this work, a dynamic clustering model based on a data movement mechanism are presented. In spite of a clustering technique applicable to any data type, in this work, this model will be applied to the detection intrusion. The technique presented in this work obtained clustering results comparable to those obtained by traditional techniques. Besides the proposed technique presents some advantages on the traditional techniques investigated, like multi-resolution clustering and no need to previously know the number of clusters Análise dos componentes principais Clusterização de dados Sistemas de detecção de intrusão Data clustering Intrusion detection systems Principal analisys component
53	Separation of Transition Metal Ions by HPLC, Using UV-VIS Detection Lien, Wan-Fu 08 1900 (has links) HPLC has been used and can quickly determine several ions simultaneously. The method of determination described for transition metals [Cr(III), Fe(III), Ni(II), Co(II), Cu(II), Zn(II), Cd(II), Mn(II)] and [Ca(II), Pb(II)] using HPLC with UV-VIS detection is better than the PAR complexation method commonly used. The effects of both eluent pH and detector wavelength were investigated. Results from using different pHs and wavelengths, optional analytical conditions for the separation of [Ni(II), Co(II), Cu(II)], [Cr(III), Fe(III), Ca(II), Ni(II), Cu(II)], and [Ca(II), Zn(II), Pb(II)] in one injection, respectively, are described. The influence of adding different concentrations of Na_2EDTA solvent to the sample is shown. Detection limits, linear range, and the comparisons between this study and a post-column PAR method are given. high performance liquid chromatography untraviolet-visible detection systems ion separation Separation (Technology) Metal ions -- Spectra. Transition metals -- Spectra. High performance liquid chromatography. Ultraviolet spectrometry.
54	Detekce signálních elektronů v prostředí vysokého tlaku plynů environmentálního rastrovacího elektronového mikroskopu / Detection of Signal Electrons in High Pressure Conditions in Environmental Scanning Electron Microscopy Neděla, Vilém January 2008 (has links) The thesis deals with the study of properties of a new system for detection of true secondary and backscattered electrons in high pressure conditions of the specimen chamber of a newly built environmental scanning electron microscope AQUASEM II. Detection system contains three detectors. For the first time is introduced and analyzed the working principle of ionisation detector with electrostatic separator, which is in many experiments compared with ionisation detector of secondary electrons. Experimentally demonstrated are unique properties of this detection system, especially the ability of energy separation of detected signal electrons. For the various working conditions are also analyzed signal levels detected by the BSE YAG detector, which is designed as a part of the new detection system and which worked together with both ionisation detectors.
55	A framework for correlation and aggregation of security alerts in communication networks : a reasoning correlation and aggregation approach to detect multi-stage attack scenarios using elementary alerts generated by Network Intrusion Detection Systems (NIDS) for a global security perspective Alserhani, Faeiz January 2011 (has links) The tremendous increase in usage and complexity of modern communication and network systems connected to the Internet, places demands upon security management to protect organisations' sensitive data and resources from malicious intrusion. Malicious attacks by intruders and hackers exploit flaws and weakness points in deployed systems through several sophisticated techniques that cannot be prevented by traditional measures, such as user authentication, access controls and firewalls. Consequently, automated detection and timely response systems are urgently needed to detect abnormal activities by monitoring network traffic and system events. Network Intrusion Detection Systems (NIDS) and Network Intrusion Prevention Systems (NIPS) are technologies that inspect traffic and diagnose system behaviour to provide improved attack protection. The current implementation of intrusion detection systems (commercial and open-source) lacks the scalability to support the massive increase in network speed, the emergence of new protocols and services. Multi-giga networks have become a standard installation posing the NIDS to be susceptible to resource exhaustion attacks. The research focuses on two distinct problems for the NIDS: missing alerts due to packet loss as a result of NIDS performance limitations; and the huge volumes of generated alerts by the NIDS overwhelming the security analyst which makes event observation tedious. A methodology for analysing alerts using a proposed framework for alert correlation has been presented to provide the security operator with a global view of the security perspective. Missed alerts are recovered implicitly using a contextual technique to detect multi-stage attack scenarios. This is based on the assumption that the most serious intrusions consist of relevant steps that temporally ordered. The pre- and post- condition approach is used to identify the logical relations among low level alerts. The alerts are aggregated, verified using vulnerability modelling, and correlated to construct multi-stage attacks. A number of algorithms have been proposed in this research to support the functionality of our framework including: alert correlation, alert aggregation and graph reduction. These algorithms have been implemented in a tool called Multi-stage Attack Recognition System (MARS) consisting of a collection of integrated components. The system has been evaluated using a series of experiments and using different data sets i.e. publicly available datasets and data sets collected using real-life experiments. The results show that our approach can effectively detect multi-stage attacks. The false positive rates are reduced due to implementation of the vulnerability and target host information. 621.382
56	ABIDS-WSN: UM FRAMEWORK DE DETECÇÃO DE INTRUSÃO EM REDES DE SENSORES SEM FIO ORIENTADO POR AGENTES INTELIGENTES. / ABIDS-WSN: A Framework of Intrusion Detection in Wireless Sensor Networks Driven by Intelligent Agents. PIRES, Higo Fellipe Silva 26 January 2017 (has links) Submitted by Maria Aparecida (cidazen@gmail.com) on 2017-08-01T14:53:33Z No. of bitstreams: 1 Higo Felipe.pdf: 3289455 bytes, checksum: 294f49f96fd41d35ca0024df16006292 (MD5) / Made available in DSpace on 2017-08-01T14:53:33Z (GMT). No. of bitstreams: 1 Higo Felipe.pdf: 3289455 bytes, checksum: 294f49f96fd41d35ca0024df16006292 (MD5) Previous issue date: 2017-01-26 / CAPES / Lately, there has been a significant advance in several technologies directly or indirectly related to Ubiquitous Computing. Among them, the technology of Wireless Sensor Networks (WSNs) can be mentioned. Having its space in the current scenario, the use of wireless sensors extends into various branches of human activity: industrial monitoring, smart houses, medical and military applications. However, several shortcomings and limitations in wireless sensors can be noted: limited hardware, energy and computational capacity are points that are always treated by those who work with such devices. As for these devices, there is, besides the factors already mentioned, an important concern regarding their safety. As with other devices, for these threats to be at least mitigated, it is necessary to create layers of security. One of these layers may be formed by Intrusion Detection Systems (IDS). However, due to the aforementioned hardware restriction of the sensors, the development of IDSs - as well as any other application - for such devices should assume such characteristics. As for IDSs, there are some aspects that need to be taken into account, especially flexibility, efficiency and adaptability to new situations. A paradigm that facilitates the implementation of such capabilities is the Intelligent Agents. Therefore, this paper describes the proposition of a framework for intrusion detection in WSNs based on intelligent agents. / Ultimamente, houve um avanço significativo em várias tecnologias direta ou indiretamente correlatas à Computação Ubíqua. Entre elas, pode-se citar a tecnologia das Redes de Sensores sem Fio (WSN s). Tendo já o seu espaço no atual cenário, o uso dos sensores sem fio se estende em vários ramos da atividade humana: monitoramento industrial, smart houses, aplicações médicas e militares. Entretanto, várias deficiências e limitações em sensores sem fio podem ser notadas: recursos limitados de hardware, energia e capacidade computacional são pontos a sempre serem tratados por quem trabalha com tais dispositivos. Quanto a esses dispositivos há, além dos fatores já citados, uma preocupação importante referente á sua segurança. Assim como em outros dispositivos, para que essas ameaças sejam, ao menos, mitigadas é necessário criar camadas de segurança. Uma dessas camadas pode ser formada pelos Sistemas de Detecção de Intrusão (IDS). No entanto, devido à já mencionada restrição de hardware dos sensores, o desenvolvimento de IDSs bem como qualquer outra aplicação para esses dispositivos deve supor tais características. No que se refere, ainda, aos IDSs, há alguns aspectos que devem ser levados em conta, sobretudo flexibilidade, a eficiência e a capacidade de adaptação a novas situações. Um paradigma que facilita a implementação de tais capacidades são os Agentes Inteligentes. Sendo assim, este trabalho descreve a proposta de um framework para detecção de intrusões em WSNs baseado em agentes inteligentes. Engenharia de Software
57	A framework for system fingerprinting Radhakrishnan, Sakthi Vignesh 29 March 2013 (has links) The primary objective of the proposed research is to develop a framework for smart and robust fingerprinting of networked systems. Many fingerprinting techniques have been proposed in the past, however most of these techniques are designed for a specific purpose, such as Operating System (OS) fingerprinting, Access Point (AP) fingerprinting, etc. Such standalone techniques often have limitations which render them dysfunctional in certain scenarios or against certain counter measures. In order to overcome such limitations, we propose a fingerprinting framework that can combine multiple fingerprinting techniques in a smart manner, using a centralized decision making engine. We believe that any given scenario or a counter measure is less likely to circumvent a group of diverse fingerprinting techniques, which serves as the primary motivation behind the aforementioned method of attack. Another major portion of the thesis concentrates on the design and development of a device and device type fingerprinting sub-module (GTID) that has been integrated into the proposed framework. This sub-module used statistical analysis of packet inter arrival times (IATs) to identify the type of device that is generating the traffic. This work also analyzes the performance of the identification technique on a real campus network and propose modifications that use pattern recognition neural networks to improve the overall performance. Additionally, we impart capabilities to the fingerprinting technique to enable the identification of 'Unknown' devices (i.e., devices for which no signature is stored), and also show that it can be extended to perform both device and device type identification. Access control Device type fingerprinting Device fingerprinting System Fingerprinting GTID Security framework Computer networks Security measures
58	A Novel Method For The Detection Of P2p Traffic In The Network Backbone Inspired By Intrusion Detection Systems Soysal, Murat 01 June 2006 (has links) (PDF) The share of peer-to-peer (P2P) protocol in the total network traffic grows dayby- day in the Turkish Academic Network (UlakNet) similar to the other networks in the world. This growth is mostly because of the popularity of the shared content and the great enhancement in the P2P protocol since it first came out with Napster. The shared files are generally both large and copyrighted. Motivated by the problems of UlakNet with the P2P traffic, we propose a novel method for P2P traffic detection in the network backbone in this thesis. Observing the similarity between detecting traffic that belongs to a specific protocol and detecting an intrusion in a computer system, we adopt an Intrusion Detection System (IDS) technique to detect P2P traffic. Our method is a passive detection procedure that uses traffic flows gathered from border routers. Hence, it is scalable and does not have the problems of other approaches that rely on packet payload data or transport layer ports.
59	Applications Of Machine Learning To Anomaly Based Intrusion Detection Phani, B 07 1900 (has links) This thesis concerns anomaly detection as a mechanism for intrusion detection in a machine learning framework, using two kinds of audit data : system call traces and Unix shell command traces. Anomaly detection systems model the problem of intrusion detection as a problem of self-nonself discrimination problem. To be able to use machine learning algorithms for anomaly detection, precise deﬁnitions of two aspects namely, the learning model and the dissimilarity measure are required. The audit data considered in this thesis is intrinsically sequential. Thus the dissimilarity measure must be able to extract the temporal information in the data which in turn will be used for classiﬁcation purposes. In this thesis, we study the application of a set of dissimilarity measures broadly termed as sequence kernels that are exclusively suited for such applications. This is done in conjunction with Instance Based learning algorithms (IBL) for anomaly detection. We demonstrate the performance of the system under a wide range of parameter settings and show conditions under which best performance is obtained. Finally, some possible future extensions to the work reported in this report are considered and discussed. Intrusion Detection Cryptography Computer Access Control Machine Learning Sequence Kernel Anomaly Detection Data Mining System Call Traces Intrusion Detection Systems (IDS) Computer Science
60	An aggregative approach for scalable detection of DoS attacks Hamidi, Alireza 22 August 2008 (has links) If not the most, one of the serious threats to data networks, particularly pervasive commercial networks such as Voice-over-IP (VoIP) providers is Denial-of-Service (DoS) attack. Currently, majority of solutions for these attacks focus on observing detailed server state changes due to any or some of the incoming messages. This approach however requires significant amount of server’s memory and processing time. This results in detectors not being able to scale up to the network edge points that receive millions of connections (requests) per second. To solve this problem, it is desirable to design stateless detection mechanisms. One approach is to aggregate transactions into groups. This research focuses on stateless scalable DoS intrusion detection mechanisms to obviate keeping detailed state for connections while maintaining acceptable efficiency. To this end, we adopt a two-layer aggregation scheme termed Advanced Partial Completion Filters (APCF), an intrusion detection model that defends against DoS attacks without tracking state information of each individual connection. Analytical as well as simulation analysis is performed on the proposed APCF. A simulation test bed has been implemented in OMNET++ and through simulations it is observed that APCF gained notable detection rates in terms of false positive and true positive detections, as opposed to its predecessor PCF. Although further study is needed to relate APCF adjustments to a certain network situation, this research shows invaluable gain to mitigate intrusion detection from not so scalable state-full mechanisms to aggregate scalable approach. Voice over IP Intrusion detection systems Denial of Service Attacks Scalability Partial completion attacks

Search results