Global ETD Search

71	Användning av artificiella neurala nätverk (ANNs) för att upptäcka cyberattacker: En systematisk litteraturgenomgång av hur ANN kan användas för att identifiera cyberattacker Wongkam, Nathalie, Shameel, Ahmed Abdulkareem Shameel January 2023 (has links) Denna studie undersöker användningen av maskininlärning (ML), särskilt artificiella neurala nätverk (ANN), inom nätverksdetektering för att upptäcka och förebygga cyberattacker. Genom en systematisk litteraturgenomgång sammanställs och analyseras relevant forskning för att erbjuda insikter och vägledning för framtida studier. Forskningsfrågorna utforskar tillämpningen av maskininlärningsalgoritmer för att effektivt identifiera och förhindra nätverksattacker samt de utmaningar som uppstår vid användningen av ANN. Metoden innefattar en strukturerad sökning, urval och granskning av vetenskapliga artiklar. Resultaten visar att maskininlärningsalgoritmer kan effektivt användas för att bekämpa cyberattacker. Dock framkommer utmaningar kopplade till ANNs känslighet för störningar i nätverkstrafiken och det ökade behovet av stor datamängd och beräkningskraft. Studien ger vägledning för utveckling av tillförlitliga och kostnadseffektiva ANN-baserade lösningar inom nätverksdetektering. Genom att sammanställa och analysera befintlig forskning ger studien en djupare förståelse för tillämpningen av ML-algoritmer, särskilt ANN, inom cybersäkerhet. Detta bidrar till kunskapsutveckling och tillför en grund för framtida forskning inom området. Studiens betydelse ligger i att främja utvecklingen av effektiva lösningar för att upptäcka och förebygga nätverksattacker. / This research study investigates the application of machine learning (ML), specifically artificial neural networks (ANN), in network intrusion detection to identify and prevent cyber-attacks. The study employs a systematic literature review to compile and analyse relevant research, aiming to offer insights and guidance for future studies. The research questions explore the effectiveness of machine learning algorithms in detecting and mitigating network attacks, as well as the challenges associated with using ANN. The methodology involves conducting a structured search, selection, and review of scientific articles. The findings demonstrate the effective utilization of machine learning algorithms, particularly ANN, in combating cyber-attacks. The study also highlights challenges related to ANN's sensitivity to network traffic disturbances and the increased requirements for substantial data and computational power. The study provides valuable guidance for developing reliable and cost-effective solutions based on ANN for network intrusion detection. By synthesizing and analysing existing research, the study contributes to a deeper understanding of the practical application of machine learning algorithms, specifically ANN, in the realm of cybersecurity. This contributes to knowledge development and provides a foundation for future research in the field. The significance of the study lies in promoting the development of effective solutions for detecting and preventing network attacks. Machine learning Artificial neural networks Intrusion detection systems Network traffic System log Maskininlärning Artificiellt neurala nätverk Intrångsdetekteringssystem Nätverkstrafik Systemloggar Computer Sciences Datavetenskap (datalogi)
72	Improved performance high speed network intrusion detection systems (NIDS). A high speed NIDS architectures to address limitations of Packet Loss and Low Detection Rate by adoption of Dynamic Cluster Architecture and Traffic Anomaly Filtration (IADF). Akhlaq, Monis January 2011 (has links) Intrusion Detection Systems (IDS) are considered as a vital component in network security architecture. The system allows the administrator to detect unauthorized use of, or attack upon a computer, network or telecommunication infrastructure. There is no second thought on the necessity of these systems however; their performance remains a critical question. This research has focussed on designing a high performance Network Intrusion Detection Systems (NIDS) model. The work begins with the evaluation of Snort, an open source NIDS considered as a de-facto IDS standard. The motive behind the evaluation strategy is to analyze the performance of Snort and ascertain the causes of limited performance. Design and implementation of high performance techniques are considered as the final objective of this research. Snort has been evaluated on highly sophisticated test bench by employing evasive and avoidance strategies to simulate real-life normal and attack-like traffic. The test-methodology is based on the concept of stressing the system and degrading its performance in terms of its packet handling capacity. This has been achieved by normal traffic generation; fussing; traffic saturation; parallel dissimilar attacks; manipulation of background traffic, e.g. fragmentation, packet sequence disturbance and illegal packet insertion. The evaluation phase has lead us to two high performance designs, first distributed hardware architecture using cluster-based adoption and second cascaded phenomena of anomaly-based filtration and signature-based detection. The first high performance mechanism is based on Dynamic Cluster adoption using refined policy routing and Comparator Logic. The design is a two tier mechanism where front end of the cluster is the load-balancer which distributes traffic on pre-defined policy routing ensuring maximum utilization of cluster resources. The traffic load sharing mechanism reduces the packet drop by exchanging state information between load-balancer and cluster nodes and implementing switchovers between nodes in case the traffic exceeds pre-defined threshold limit. Finally, the recovery evaluation concept using Comparator Logic also enhance the overall efficiency by recovering lost data in switchovers, the retrieved data is than analyzed by the recovery NIDS to identify any leftover threats. Intelligent Anomaly Detection Filtration (IADF) using cascaded architecture of anomaly-based filtration and signature-based detection process is the second high performance design. The IADF design is used to preserve resources of NIDS by eliminating large portion of the traffic on well defined logics. In addition, the filtration concept augment the detection process by eliminating the part of malicious traffic which otherwise can go undetected by most of signature-based mechanisms. We have evaluated the mechanism to detect Denial of Service (DoS) and Probe attempts based by analyzing its performance on Defence Advanced Research Projects Agency (DARPA) dataset. The concept has also been supported by time-based normalized sampling mechanisms to incorporate normal traffic variations to reduce false alarms. Finally, we have observed that the IADF has augmented the overall detection process by reducing false alarms, increasing detection rate and incurring lesser data loss. / National University of Sciences & Technology (NUST), Pakistan Intrusion Detection Systems (IDS) Dynamic Cluster Architecture Low detection rate Packet loss Network security Telecommunication infrastructure Network performance Traffic Anomaly Filtration (IADF) Denial of Service (DoS) Increasing detection rate
73	A framework for correlation and aggregation of security alerts in communication networks. A reasoning correlation and aggregation approach to detect multi-stage attack scenarios using elementary alerts generated by Network Intrusion Detection Systems (NIDS) for a global security perspective. Alserhani, Faeiz January 2011 (has links) The tremendous increase in usage and complexity of modern communication and network systems connected to the Internet, places demands upon security management to protect organisations¿ sensitive data and resources from malicious intrusion. Malicious attacks by intruders and hackers exploit flaws and weakness points in deployed systems through several sophisticated techniques that cannot be prevented by traditional measures, such as user authentication, access controls and firewalls. Consequently, automated detection and timely response systems are urgently needed to detect abnormal activities by monitoring network traffic and system events. Network Intrusion Detection Systems (NIDS) and Network Intrusion Prevention Systems (NIPS) are technologies that inspect traffic and diagnose system behaviour to provide improved attack protection. The current implementation of intrusion detection systems (commercial and open-source) lacks the scalability to support the massive increase in network speed, the emergence of new protocols and services. Multi-giga networks have become a standard installation posing the NIDS to be susceptible to resource exhaustion attacks. The research focuses on two distinct problems for the NIDS: missing alerts due to packet loss as a result of NIDS performance limitations; and the huge volumes of generated alerts by the NIDS overwhelming the security analyst which makes event observation tedious. A methodology for analysing alerts using a proposed framework for alert correlation has been presented to provide the security operator with a global view of the security perspective. Missed alerts are recovered implicitly using a contextual technique to detect multi-stage attack scenarios. This is based on the assumption that the most serious intrusions consist of relevant steps that temporally ordered. The pre- and post- condition approach is used to identify the logical relations among low level alerts. The alerts are aggregated, verified using vulnerability modelling, and correlated to construct multi-stage attacks. A number of algorithms have been proposed in this research to support the functionality of our framework including: alert correlation, alert aggregation and graph reduction. These algorithms have been implemented in a tool called Multi-stage Attack Recognition System (MARS) consisting of a collection of integrated components. The system has been evaluated using a series of experiments and using different data sets i.e. publicly available datasets and data sets collected using real-life experiments. The results show that our approach can effectively detect multi-stage attacks. The false positive rates are reduced due to implementation of the vulnerability and target host information. Communication networks Security alerts Multi-stage attack scenarios Internet Security management
74	Segmentation and dynamic expansion of IDS rulesets Bannikere Eshwarappa, Theertharaja January 2024 (has links) This research explores an innovative approach to managing extensive rulesets in Host Intrusion Detection Systems (HIDS) through segmentation and dynamic expansion. Drawing upon the MITRE ATT&CK framework, the methodology categorizes rulesets into initial detection, choke point detection, and advanced detection, streamlines threat detection, and optimizes resource utilization. The segmentation allows for targeted detection of potential threats, while dynamic expansion enables the addition of advanced detection rules based on attacker actions. The study evaluates the effectiveness of this approach in reducing performance overhead and improving threat detection capabilities. Test cases validate the approach for detecting multi-stage attacks and optimizing system performance. Results indicate that while the segmentation and dynamic expansion technique offers structured threat detection, challenges such as missed detections and complexity in rule management exist. Future research directions include refining segmentation processes and enhancing rule categorization logic. Overall, this research contributes to the advancement of HIDS methodologies and underscores the importance of ongoing refinement and validation in cybersecurity strategies. Intrusion detection systems rule management MITRE ATT&CK framework segmentation dynamic expansion system performance Information Systems, Social aspects
75	Efficient Key Management, and Intrusion Detection Protocols for Enhancing Security in Mobile Ad Hoc Networks Maity, Soumyadev January 2014 (has links) (PDF) Security of communications is a major requirement for Mobile Adhoc NETworks(MANETs) since they use wireless channel for communications which can be easily tapped, and physical capture of MANET nodes is also quite easy. From the point of view of providing security in MANETs, there are basically two types of MANETs, viz., authoritarian MANETs, in which there exist one or more authorities who decide the members of the network, and self-organized MANETs, in which there is no such authority. Ensuring security of communications in the MANETs is a challenging task due to the resource constraints and infrastructure-less nature of these networks, and the limited physical security of MANET nodes. Attacks on security in a MANET can be launched by either the external attackers which are not legitimate members of the MANET or the internal attackers which are compromised members of the MANET and which can hold some valid security credentials or both. Key management and authentication protocols(KM-APs)play an important role in preventing the external attackers in a MANET. However, in order to prevent the internal attackers, an intrusion detection system(IDS) is essential. The routing protocols running in the network layer of a MANET are most vulnerable to the internal attackers, especially to the attackers which launch packet dropping attack during data packet forwarding in the MANET. For an authoritarian MANET, an arbitrated KM-AP protocol is perfectly suitable, where trusts among network members are coordinated by a trusted authority. Moreover, due to the resource constraints of a MANET, symmetric key management protocols are more efficient than the public key management protocols in authoritarian MANETs. The existing arbitrated symmetric key management protocols in MANETs, that do not use any authentication server inside the network are susceptible to identity impersonation attack during shared key establishments. On the other hand, the existing server coordinated arbitrated symmetric key management protocols in MANETs do not differentiate the role of a membership granting server(MGS) from the role of an authentication server, and so both are kept inside the network. However, keeping the MGS outside the network is more secure than keeping it inside the network for a MANET. Also, the use of a single authentication server inside the network cannot ensure robustness against authentication server compromise. In self-organized MANETs, public key management is more preferable over symmetric key management, since the distribution of public keys does not require a pre-established secure channel. The main problem for the existing self-organized public key management protocols in MANETs is associated with the use of large size certificate chains. Besides, the proactive certificate chaining based approaches require each member of a MANET to maintain an updated view of the trust graph of the entire network, which is highly resource consuming. Maintaining a hierarchy of trust relationships among members of a MANET is also problematic for the same reason. Evaluating the strength of different alternative trust chains and restricting the length of a trust chain used for public key verification is also important for enhancing the security of self-organized public key management protocols. The existing network layer IDS protocols in MANETs that try to defend against packet dropping attack use either a reputation based or an incentive based approach. The reputation based approaches are more effective against malicious principals than the incentive based approaches. The major problem associated with the existing reputation based IDS protocols is that they do not consider the protocol soundness issue in their design objectives. Besides, most of the existing protocols incorporate no mechanism to fight against colluding principals. Also, an IDS protocol in MANETs should incorporate some secure and efficient mechanism to authenticate the control packets used by it. In order to mitigate the above mentioned problems in MANETs, we have proposed new models and designed novel security protocols in this thesis that can enhance the security of communications in MANETs at lesser or comparable cost. First, in order to perform security analysis of KM-AP protocols, we have extended the well known strand space verification model to overcome some of its limitations. Second, we have proposed a model for the study of membership of principals in MANETs with a view to utilize the concept for analyzing the applicability and the performance of KM-AP protocols in different types of MANETs. Third and fourth, we have proposed two novel KM-AP protocols, SEAP and CLPKM, applicable in two different types of MANET scenarios. The SEAP protocol is an arbitrated symmetric key management protocol designed to work in an authoritarian MANET, whereas the CLPKM protocol is a self-organized public key management protocol designed for self-organized MANETs. Fifth, we have designed a novel reputation based network layer IDS protocol, named EVAACK protocol, for the detection of packet dropping misbehavior in MANETs. All of the three proposed protocols try to overcome the limitations of the existing approaches in their respective categories. We have provided rigorous mathematical proofs for the security properties of the proposed protocols. Performance of the proposed protocols have been compared with those of the other existing similar approaches using simulations in the QualNet simulator. In addition, we have also implemented the proposed SEAP and CLPKM protocols on a real MANET test bed to test their performances in real environments. The analytical, simulation and experimentation results confirm the effectiveness of the proposed schemes. Mobile Ad Hoc Networks (MANET) Mobile Ad Hoc Network Security Intrusion Detection Systems (IDSs) Extended Strand Space Model Intrusion Detection Protocols MANETs Strand Space Model Intrusion Detection Systems (IDSs) Communication Engineering
76	Improved performance high speed network intrusion detection systems (NIDS) : a high speed NIDS architectures to address limitations of packet loss and low detection rate by adoption of dynamic cluster architecture and traffic anomaly filtration (IADF) Akhlaq, Monis January 2011 (has links) Intrusion Detection Systems (IDS) are considered as a vital component in network security architecture. The system allows the administrator to detect unauthorized use of, or attack upon a computer, network or telecommunication infrastructure. There is no second thought on the necessity of these systems however; their performance remains a critical question. This research has focussed on designing a high performance Network Intrusion Detection Systems (NIDS) model. The work begins with the evaluation of Snort, an open source NIDS considered as a de-facto IDS standard. The motive behind the evaluation strategy is to analyze the performance of Snort and ascertain the causes of limited performance. Design and implementation of high performance techniques are considered as the final objective of this research. Snort has been evaluated on highly sophisticated test bench by employing evasive and avoidance strategies to simulate real-life normal and attack-like traffic. The test-methodology is based on the concept of stressing the system and degrading its performance in terms of its packet handling capacity. This has been achieved by normal traffic generation; fussing; traffic saturation; parallel dissimilar attacks; manipulation of background traffic, e.g. fragmentation, packet sequence disturbance and illegal packet insertion. The evaluation phase has lead us to two high performance designs, first distributed hardware architecture using cluster-based adoption and second cascaded phenomena of anomaly-based filtration and signature-based detection. The first high performance mechanism is based on Dynamic Cluster adoption using refined policy routing and Comparator Logic. The design is a two tier mechanism where front end of the cluster is the load-balancer which distributes traffic on pre-defined policy routing ensuring maximum utilization of cluster resources. The traffic load sharing mechanism reduces the packet drop by exchanging state information between load-balancer and cluster nodes and implementing switchovers between nodes in case the traffic exceeds pre-defined threshold limit. Finally, the recovery evaluation concept using Comparator Logic also enhance the overall efficiency by recovering lost data in switchovers, the retrieved data is than analyzed by the recovery NIDS to identify any leftover threats. Intelligent Anomaly Detection Filtration (IADF) using cascaded architecture of anomaly-based filtration and signature-based detection process is the second high performance design. The IADF design is used to preserve resources of NIDS by eliminating large portion of the traffic on well defined logics. In addition, the filtration concept augment the detection process by eliminating the part of malicious traffic which otherwise can go undetected by most of signature-based mechanisms. We have evaluated the mechanism to detect Denial of Service (DoS) and Probe attempts based by analyzing its performance on Defence Advanced Research Projects Agency (DARPA) dataset. The concept has also been supported by time-based normalized sampling mechanisms to incorporate normal traffic variations to reduce false alarms. Finally, we have observed that the IADF has augmented the overall detection process by reducing false alarms, increasing detection rate and incurring lesser data loss. 621.382
77	Detekce útoku pomocí analýzy systémových logů / Attack Detection by Analysis of the System's Logs Holub, Ondřej Unknown Date (has links) The thesis deals with the attack detection possibilities and the nonstandard behaviour. It focuses on problems with the IDS detection systems, the subsequent classification and methods which are being used for the attack detection. One part of the thesis presents the existing IDS systems and their properties which are necessary for the successful attack detection. Other parts describe methods to obtain information from the operating systems Microsoft Windows and it also analyses the theoretical methods of data abnormalities. The practical part focuses on the design and implementation of the HIDS application. The final application and its detection abilities are tested at the end of the practical part with the help of some model situations. In the conclusion, the thesis sums up the gained information and shows a possible way of the future development.
78	Anomaly-based network intrusion detection enhancement by prediction threshold adaptation of binary classification models Al Tobi, Amjad Mohamed January 2018 (has links) Network traffic exhibits a high level of variability over short periods of time. This variability impacts negatively on the performance (accuracy) of anomaly-based network Intrusion Detection Systems (IDS) that are built using predictive models in a batch-learning setup. This thesis investigates how adapting the discriminating threshold of model predictions, specifically to the evaluated traffic, improves the detection rates of these Intrusion Detection models. Specifically, this thesis studied the adaptability features of three well known Machine Learning algorithms: C5.0, Random Forest, and Support Vector Machine. The ability of these algorithms to adapt their prediction thresholds was assessed and analysed under different scenarios that simulated real world settings using the prospective sampling approach. A new dataset (STA2018) was generated for this thesis and used for the analysis. This thesis has demonstrated empirically the importance of threshold adaptation in improving the accuracy of detection models when training and evaluation (test) traffic have different statistical properties. Further investigation was undertaken to analyse the effects of feature selection and data balancing processes on a model's accuracy when evaluation traffic with different significant features were used. The effects of threshold adaptation on reducing the accuracy degradation of these models was statistically analysed. The results showed that, of the three compared algorithms, Random Forest was the most adaptable and had the highest detection rates. This thesis then extended the analysis to apply threshold adaptation on sampled traffic subsets, by using different sample sizes, sampling strategies and label error rates. This investigation showed the robustness of the Random Forest algorithm in identifying the best threshold. The Random Forest algorithm only needed a sample that was 0.05% of the original evaluation traffic to identify a discriminating threshold with an overall accuracy rate of nearly 90% of the optimal threshold. 004
79	Uma arquitetura híbrida com aprendizagem para o desenvolvimento de agentes de software / A Hybrid Architecture with Learning for the Development of Software Agents COSTA, Adriana Leite 14 August 2017 (has links) Submitted by Rosivalda Pereira (mrs.pereira@ufma.br) on 2017-09-22T18:42:19Z No. of bitstreams: 1 AdrianaCosta.pdf: 3838428 bytes, checksum: 2c98d9d837cb8ba187aa038e80b2d304 (MD5) / Made available in DSpace on 2017-09-22T18:42:19Z (GMT). No. of bitstreams: 1 AdrianaCosta.pdf: 3838428 bytes, checksum: 2c98d9d837cb8ba187aa038e80b2d304 (MD5) Previous issue date: 2017-08-14 / Coordenação de Aperfeiçoamento de Pessoal de Nível Superior / Fundação de Amparo à Pesquisa e ao Desenvolvimento Científico e Tecnológico do Maranhão / Software agents represent an evolution of traditional software entities, having the ability to control their own behavior and acting with autonomy. Typically, software agents act reactively, where actions and perceptions are predefined at design time, or in a deliberative way, where the corresponding action for a given perception is found at run time through reasoning. Deliberative agents do not need all knowledge to be predefined; on the contrary, from an initial knowledge they can infer new knowledge. However, to find an action appropriate to a particular perception, they take a long time, generating a high computational cost. As a solution to this problem, a hybrid architecture with learning for the development of hybrid software agents is presented in this work. Hybrid agents combine reactive and deliberative behavior taking advantage of the speed of reactive behavior and the reasoning capability of the deliberative one are a better option for structuring software agents. The main advantages of the proposed architecture are learning of the reactive behavior, faster and more efficient, through the interactions of the agent with its environment and its consequent adaptability to the environment. The agent adapts to the environment as it learns new reactive behavior from frequent deliberative behavior. The proposed architecture was evaluated through the development of case studies in the information security domain using case-based reasoning, ontologies for the representation of domain knowledge and supervised learning for automatic generation of reactive rules. Results obtained with the case studies performed confirmed a greater effectiveness and a shorter response time of the hybrid agent with learning regarding both the reactive or deliberative agent as well as a hybrid agent without learning in the intrusion detection in computer networks domain. From the specification and evaluation of the hybrid architecture with supervised learning in the Information Security domain, a reference architecture for the development of hybrid agents with learning was generalized. In future works, we intend to evaluate this reference architecture in other domains, with other types of reasoning and learning techniques to evaluate its impact on the productivity and quality of the development of hybrid software agents. / Os agentes de software representam uma evolução do software tradicional, tendo a capacidade de controlar seu próprio comportamento e agir com autonomia. Tipicamente, os agentes de software agem de forma reativa, onde as percepções e ações são predefinidas no momento da sua concepção, ou de forma deliberativa, onde a ação correspondente para uma determinada percepção é encontrada em tempo de execução através de um processo de raciocínio. Os agentes deliberativos não necessitam que todo o conhecimento seja predefinido, ao contrário, a partir de um conhecimento inicial eles conseguem inferir novo conhecimento. Todavia, em muitos casos, para encontrar uma ação apropriada a uma determinada percepção eles levam muito tempo, gerando um alto custo computacional. Como solução a esse problema, apresentamos neste trabalho uma arquitetura híbrida com aprendizagem para o desenvolvimento de agentes de software híbridos. Os agentes híbridos, que combinam comportamento reativo e deliberativo, são uma opção melhor para estruturar os agentes de software. As principais vantagens da arquitetura tese é o aprendizado do comportamento reativo, mais rápido e eficiente, através de interações do agente com o seu ambiente e a sua consequente adaptabilidade ao ambiente. O agente se adapta ao ambiente na medida em que aprende novo comportamento reativo a partir de comportamento deliberativo frequente. A arquitetura tese foi avaliada através do desenvolvimento de estudos de casos no domínio da segurança da informação utilizando o raciocínio baseado em casos, ontologias para a representação do conhecimento do domínio de estudo e aprendizagem supervisionada para geração automática de regras reativas. Os resultados obtidos com os estudos de casos realizados confirmaram uma efetividade maior e um menor tempo de resposta do agente híbrido com aprendizagem em relação tanto ao comportamento isolado de um agente reativo ou deliberativo bem como de um agente híbrido sem aprendizagem no domínio da detecção de intrusões em redes de computadores. A partir da especificação e avaliação da arquitetura híbrida com aprendizagem supervisionada no domínio da Segurança da Informação, foi generalizada uma arquitetura de referência para o desenvolvimento de agentes híbridos com aprendizagem. Em trabalhos futuros, pretende-se avaliar esta arquitetura de referência em outros domínios, com outros tipos de raciocínio e técnicas de aprendizagem para avaliar o seu impacto na produtividade e qualidade do desenvolvimento de agentes de software híbridos. Arquiteturas de Agentes de Software Raciocínio Baseado em Casos Sistemas para Detecção de Intrusões Ontologias Hybrid Learning Software Agents Software Agent Architectures Intrusion Detection Systems Ontologies Engenharia de Software
80	Performance Enhancement Of Intrusion Detection System Using Advances In Sensor Fusion Thomas, Ciza 04 1900 (has links) The technique of sensor fusion addresses the issues relating to the optimality of decision-making in the multiple-sensor framework. The advances in sensor fusion enable to perform intrusion detection for both rare and new attacks. This thesis discusses this assertion in detail, and describes the theoretical and experimental work done to show its validity. The attack-detector relationship is initially modeled and validated to understand the detection scenario. The different metrics available for the evaluation of intrusion detection systems are also introduced. The usefulness of the data set used for experimental evaluation has been demonstrated. The issues connected with intrusion detection systems are analyzed and the need for incorporating multiple detectors and their fusion is established in this work. Sensor fusion provides advantages with respect to reliability and completeness, in addition to intuitive and meaningful results. The goal for this work is to investigate how to combine data from diverse intrusion detection systems in order to improve the detection rate and reduce the false-alarm rate. The primary objective of the proposed thesis work is to develop a theoretical and practical basis for enhancing the performance of intrusion detection systems using advances in sensor fusion with easily available intrusion detection systems. This thesis introduces the mathematical basis for sensor fusion in order to provide enough support for the acceptability of sensor fusion in performance enhancement of intrusion detection systems. The thesis also shows the practical feasibility of performance enhancement using advances in sensor fusion and discusses various sensor fusion algorithms, its characteristics and related design and implementation is-sues. We show that it is possible to build performance enhancement to intrusion detection systems by setting proper threshold bounds and also by rule-based fusion. We introduce an architecture called the data-dependent decision fusion as a framework for building intrusion detection systems using sensor fusion based on data-dependency. Furthermore, we provide information about the types of data, the data skewness problems and the most effective algorithm in detecting different types of attacks. This thesis also proposes and incorporates a modified evidence theory for the fusion unit, which performs very well for the intrusion detection application. The future improvements in individual IDSs can also be easily incorporated in this technique in order to obtain better detection capabilities. Experimental evaluation shows that the proposed methods have the capability of detecting a significant percentage of rare and new attacks. The improved performance of the IDS using the algorithms that has been developed in this thesis, if deployed fully would contribute to an enormous reduction of the successful attacks over a period of time. This has been demonstrated in the thesis and is a right step towards making the cyber space safer. Sensor Networks Intrusion Detection Systems Detector Networks Detectors (Computer Science) Sensor Fusion Data-Dependent Decision Fusion Sensor Fusion Algorithms Demspter-Shafer Evidence Theory Chebyshev Inequality Neural Network Attack-Detection Data-dependent Decision Fusion Computer Science

Search results