Web-Based Intrusion Detection System

Ademi, Muhamet

January 2013

Web applications are growing rapidly and as the amount of web sites globallyincreases so do security threats. Complex applications often interact with thirdparty services and databases to fetch information and often interactions requireuser input. Intruders are targeting web applications specifically and they are ahuge security threat to organizations and a way to combat this is to haveintrusion detection systems. Most common web attack methods are wellresearched and documented however due to time constraints developers oftenwrite applications fast and may not implement the best security practices. Thisreport describes one way to implement a intrusion detection system thatspecifically detects web based attacks.

intrusion detection system

ids

web application security

web application

network security

web security

Engineering and Technology

Teknik och teknologier

Network Traffic Analysis and Anomaly Detection : A Comparative Case Study

Babu, Rona

January 2022

Computer security is to protect the data inside the computer, relay the information, expose the information, or reduce the level of security to some extent. The communication contents are the main target of any malicious intent to interrupt one or more of the three aspects of the information security triad (confidentiality, integrity, and availability). This thesis aims to provide a comprehensive idea of network traffic analysis, various anomaly or intrusion detection systems, the tools used for it, and finally, a comparison of two Network Traffic Analysis (NTA) tools available in the market: Splunk and Security Onion and comparing their finding to analyse their feasibility and efficiency on Anomaly detection. Splunk and Security Onion were found to be different in the method of monitoring, User Interface (UI), and the observations noted. Further scope for future works is also suggested from the conclusions made.

Computer security

Network Traffic Analysis (NTA)

SIEM

Splunk

Security Onion

Engineering and Technology

Teknik och teknologier

Corporate Network : Security Aspects

Nikolov, Nikolay

January 2010

Every corporation using IT technologies needs a good and carefully secured network design. The IT security is a key factor of a normal functional of the whole corporation and all its sections. There different methods and concepts for providing different level of IT security. Some of them are very important and should be implemented in every corporate network. There are a lot of services providing inside and outside the corporation network. Increasing the number of services like web services, mail services, file services and other, the number of eventual security issues is rising. The security methods of each of provided services are different and it is required a professional with deep knowledge about this service functionality if it is needed to be good applied. Operation system and application hardering are methods which are not so hard for applying, like configuring proxy server or firewalls, but they could increase the security drastic. In a combination with simple configured security devices, the results could be very impressive. Choosing the right methodology and framework of designing a secured network is important part of entire process. With the right methodology designing could be easier and more effective.

design examples

e-mail services

web services

dns services

dhcp services

ldap services

routers

firewalls

hardering

security technologies

RADIUS

OTP

PKI

IDS

ACLs

cryptography

Applications Of Machine Learning To Anomaly Based Intrusion Detection

Phani, B

07 1900

This thesis concerns anomaly detection as a mechanism for intrusion detection in a machine learning framework, using two kinds of audit data : system call traces and Unix shell command traces. Anomaly detection systems model the problem of intrusion detection as a problem of self-nonself discrimination problem. To be able to use machine learning algorithms for anomaly detection, precise definitions of two aspects namely, the learning model and the dissimilarity measure are required. The audit data considered in this thesis is intrinsically sequential. Thus the dissimilarity measure must be able to extract the temporal information in the data which in turn will be used for classification purposes. In this thesis, we study the application of a set of dissimilarity measures broadly termed as sequence kernels that are exclusively suited for such applications. This is done in conjunction with Instance Based learning algorithms (IBL) for anomaly detection. We demonstrate the performance of the system under a wide range of parameter settings and show conditions under which best performance is obtained. Finally, some possible future extensions to the work reported in this report are considered and discussed.

Intrusion Detection

Cryptography

Computer Access Control

Machine Learning

Sequence Kernel

Anomaly Detection

Data Mining

System Call Traces

Intrusion Detection Systems (IDS)

Computer Science

Erschließungssysteme in der Schweiz und in der ETH-Bibliothek

Pika, Jiri

02 February 2011

Die schweizerische Bibliothekslandschaft, ihre Vernetzung und Gewichtung ihrer inhaltlichen Erschließung können anhand der Organisations-und Struktur-Analyse der 1. Bibliotheksverbünde 2. Spezialbibliotheken 3. Universitäts-und Technischen Universitätsbibliotheken parametrisiert werden Quellen: •Internet-Zugang zu allen schweizerischen Hochschulbibliotheken http://www.ub.unibas.ch/lib/schweiz.htm •Schweizer Virtueller Katalog http://www.chvk.ch/

Erschließungssysteme

Informationsverbund Deutschschweiz

RERO

Westschweizer Bibliotheksverbund

SGBN

Sankt Galler Bibliotheksnetz

SBT

Switzerland

library

classification

indexing

ddc:020

Schweiz

Bibliotheksverbund

Klassifikation

IDS

NEBIS

Využití metody IDS (Inteligenční a vývojové škály pro děti) a techniky apercepce v hodnocení sociálních a emočních kompetencí dětí / Application of the IDS (Intelligence and development scales for children) and aperception technique in the evaluation of social and emotional competence of children

Štarková, Monika

January 2018

This thesis deals with the evaluation of social and emotional competencies in 7 - 10 years old children and with comparison of different techniques of their measurement. The aim of the study is to evaluate these competencies by using Intelligence and Development Scale for Children (IDS) and to compare them with the social and emotional level of the same sample proven in the selected apperception technique (the Child's World of Michal's projective interview evaluated with SCORS technique). It is therefore a question of comparison of performance-based intelligence test and apperception technique. The focus of this study is to identify whether there is a relationship between the social-emotional scales of IDS and the selected scales of SCORS. This comparison is grounded in the assumption that both methods evaluate similar psychological constructs and therefore their results should correspond. The theoretical section deals with the development of emotional and social competencies in children and their specifics in a younger school age, then the introducing of apperception techniques and intelligence development scales with emphasis on the methods chosen for the present study. The empirical section provides analysis of data obtained from both diagnostic methods. Item analysis and reliability estimates...

Emocionalita dětí, v jejichž rodinách probíhalo domácí násilí / Emotionality of children who experienced domestic violence in their families

Benešová, Klára

January 2017

This thesis studies a specific population of children exposed to domestic violence. The theoretical part is focused on the impacts of domestic violence on emotionality and emotional development of children. It also deals with the problematic aspects of children's emotionality that are believed to be disturbed by this traumatizing experience. These particular areas were chosen based on present studies focused on the children exposed to domestic violence. The empirical part of the study was developed in cooperation with the Locika centre. It studies chosen aspects of children's emotionality in a quantitative and qualitative way. Particularly, it investigates the ability to distinguish emotions and the ability of emotion regulation within the overall cognitive development.

Porovnání testů S-B IV. a IDS na základě zjišťování verbálních schopností u dětí předškolního věku / Comparison of S-B IV. Test and IDS Test Based on the Measuring Verbal Skills in Preschool Age

Horáková, Simona

January 2017

The goal of the diploma thesis is to map the relationship between two intelligence tests for children based on comparison of selected verbal subtests used on pre-school children. The thesis deals with the verification of the so-called Flynn effect in relation to the different age of S-B IV. test and IDS test. The theoretical section describes the intelligence as a concept, individual approaches to its research and diagnostics, including specifics of working with children in this age group. Different tests of intelligence designed for children are presented with more attention paid to the tests used in the research. The theoretical part also deals with the development period of pre-school children, speech and issues with an obsolescence of the tests. In the empirical section of the thesis, the data from 30 children that have undergone the tests are processed using correlation and regression analyses. Conclusions based on the statistical analyses are developed further in an empirical section while the study revealed the following surprising findings. A significant relationship between the S-B IV. test and IDS test has not been found and there was no confirmation of the Flynn effect hypothesis. The discussion section focuses on the reflection of the research conclusions including the limitations of...

Vylepšení Adversariální Klasifikace v Behaviorální Analýze Síťové Komunikace Určené pro Detekci Cílených Útoků / Improvement of Adversarial Classification in Behavioral Analysis of Network Traffic Intended for Targeted Attack Detection

Sedlo, Ondřej

January 2020

V této práci se zabýváme vylepšením systémů pro odhalení síťových průniků. Konkrétně se zaměřujeme na behaviorální analýzu, která využívá data extrahovaná z jednotlivých síťových spojení. Tyto informace využívá popsaný framework k obfuskaci cílených síťových útoků, které zneužívají zranitelností v sadě soudobých zranitelných služeb. Z Národní databáze zranitelností od NIST vybíráme zranitelné služby, přičemž se omezujeme jen na roky 2018 a 2019. Ve výsledku vytváříme nový dataset, který sestává z přímých a obfuskovaných útoků, provedených proti vybraným zranitelným službám, a také z jejich protějšků ve formě legitimního provozu. Nový dataset vyhodnocujeme za použití několika klasifikačních technik, a demonstrujeme, jak důležité je trénovat tyto klasifikátory na obfuskovaných útocích, aby se zabránilo jejich průniku bez povšimnutí. Nakonec provádíme křížové vyhodnocení datasetů pomocí nejmodernějšího datasetu ASNM-NPBO a našeho datasetu. Výsledky ukazují důležitost opětovného trénování klasifikátorů na nových zranitelnostech při zachování dobrých schopností detekovat útoky na staré zranitelnosti.

Obfuskace síťového provozu pro zabránění jeho detekce pomocí IDS / Network Traffic Obfuscation for IDS Detection Avoidance

Ovšonka, Daniel

January 2013

This thesis deals with the principles of network traffic obfuscation, in order to avoid its detection by the Intrusion Detection System installed in the network. At the beginning of the work, reader is familiarized with the fundamental principle of the basic types of IDS and introduced into the matter of obfuscation techniques, that serve as stepping stone in order to create our own library, whose design is described in the last part of the work. The outcome of the work is represented by a library, that provides all the implemented techniques for further use. The library can be well utilized in penetration testing of the new systems or used by the attacker.