• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 17
  • 2
  • 2
  • 2
  • 2
  • 1
  • Tagged with
  • 34
  • 34
  • 34
  • 20
  • 12
  • 11
  • 9
  • 8
  • 8
  • 7
  • 7
  • 6
  • 5
  • 5
  • 5
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
1

Performance metrics for network intrusion systems

Tucker, Christopher John January 2013 (has links)
Intrusion systems have been the subject of considerable research during the past 33 years, since the original work of Anderson. Much has been published attempting to improve their performance using advanced data processing techniques including neural nets, statistical pattern recognition and genetic algorithms. Whilst some significant improvements have been achieved they are often the result of assumptions that are difficult to justify and comparing performance between different research groups is difficult. The thesis develops a new approach to defining performance focussed on comparing intrusion systems and technologies. A new taxonomy is proposed in which the type of output and the data scale over which an intrusion system operates is used for classification. The inconsistencies and inadequacies of existing definitions of detection are examined and five new intrusion levels are proposed from analogy with other detection-based technologies. These levels are known as detection, recognition, identification, confirmation and prosecution, each representing an increase in the information output from, and functionality of, the intrusion system. These levels are contrasted over four physical data scales, from application/host through to enterprise networks, introducing and developing the concept of a footprint as a pictorial representation of the scope of an intrusion system. An intrusion is now defined as “an activity that leads to the violation of the security policy of a computer system”. Five different intrusion technologies are illustrated using the footprint with current challenges also shown to stimulate further research. Integrity in the presence of mixed trust data streams at the highest intrusion level is identified as particularly challenging. Two metrics new to intrusion systems are defined to quantify performance and further aid comparison. Sensitivity is introduced to define basic detectability of an attack in terms of a single parameter, rather than the usual four currently in use. Selectivity is used to describe the ability of an intrusion system to discriminate between attack types. These metrics are quantified experimentally for network intrusion using the DARPA 1999 dataset and SNORT. Only nine of the 58 attack types present were detected with sensitivities in excess of 12dB indicating that detection performance of the attack types present in this dataset remains a challenge. The measured selectivity was also poor indicting that only three of the attack types could be confidently distinguished. The highest value of selectivity was 3.52, significantly lower than the theoretical limit of 5.83 for the evaluated system. Options for improving selectivity and sensitivity through additional measurements are examined.
2

An Artificial Immune System Approach to Preserving Security in Computer Networks

Ranang, Martin Thorsen January 2002 (has links)
<p>It is believed that many of the mechanisms present in the biological immune system are well suited for adoption to the field of computer intrusion detection, in the form of artificial immune systems. In this report mechanisms in the biological immune system are introduced, their parallels in artificial immune systems are presented, and how they may be applied to intrusion detection in a computer environment is discussed. An artificial immune system is designed, implemented and applied to detect intrusive behavior in real network data in a simulated network environment. The effect of costimulation and clonal proliferation combined with somatic hypermutation to perform affinity maturation of detectors in the artificial immune system is explored through experiments. An exact expression for the probability of a match between two randomly chosen strings using the r-contiguous matching rule is developed. The use of affinity maturation makes it possible to perform anomaly detection by using smaller sets of detectors with a high level of specificity while maintaining a high level of cover and diversity, which increases the number of true positives, while keeping a low level of false negatives.</p>
3

An Artificial Immune System Approach to Preserving Security in Computer Networks

Ranang, Martin Thorsen January 2002 (has links)
It is believed that many of the mechanisms present in the biological immune system are well suited for adoption to the field of computer intrusion detection, in the form of artificial immune systems. In this report mechanisms in the biological immune system are introduced, their parallels in artificial immune systems are presented, and how they may be applied to intrusion detection in a computer environment is discussed. An artificial immune system is designed, implemented and applied to detect intrusive behavior in real network data in a simulated network environment. The effect of costimulation and clonal proliferation combined with somatic hypermutation to perform affinity maturation of detectors in the artificial immune system is explored through experiments. An exact expression for the probability of a match between two randomly chosen strings using the r-contiguous matching rule is developed. The use of affinity maturation makes it possible to perform anomaly detection by using smaller sets of detectors with a high level of specificity while maintaining a high level of cover and diversity, which increases the number of true positives, while keeping a low level of false negatives.
4

NIDS im Campusnetz

Schier, Thomas 04 May 2004 (has links)
Workshop "Netz- und Service-Infrastrukturen" Dieser Beitrag zum Workshop "Netz- und Service-Infrastrukturen" behandelt den Aufbau eines Network Intrusion Detection System im Campusnetz.
5

Peer to peer botnet detection based on flow intervals and fast flux network capture

Zhao, David 16 October 2012 (has links)
Botnets are becoming the predominant threat on the Internet today and is the primary vector for carrying out attacks against organizations and individuals. Botnets have been used in a variety of cybercrime, from click-fraud to DDOS attacks to the generation of spam. In this thesis we propose an approach to detect botnet activity using two different strategies both based on machine learning techniques. In one, we examine the network flow based metrics of potential botnet traffic and show that we are able to detect botnets with only data from a small time interval of operation. For our second technique, we use a similar strategy to identify botnets based on their potential fast flux behavior. For both techniques, we show experimentally that the presence of botnets may be detected with a high accuracy and identify their potential limitations. / Graduate
6

An Ensemble Learning Based Multi-level Network Intrusion Detection System for Wi-Fi Dominant Networks

Francisco D. Vaca (6790182) 03 June 2019 (has links)
<div>Today, networks contribute signicantly to everyone's life. The enormous usefulness of networks for various services and data storage motivates adversaries to launch attacks on them. Network Intrusion Detection Systems (NIDSs) are used as security measure inside the organizational networks to identify any intrusions and generate alerts for them. The idea of deploying an NIDS is quite known and has been studied and adopted in both academia and industry. However, most of the NIDS literature have emphasized to detect the attacks that originate externally in a wired network infrastructure. In addition, Wi-Fi and wired networks are treated the same for the NIDSs. The open infrastructure in Wi-Fi network makes it different from the wired network. Several internal attacks that could happen in a Wi-Fi network are not pos-</div><div>sible in a wired network. The NIDSs developed using traditional approaches may fail to identify these internal attacks.</div><div><br></div><div><div>The thesis work attempts to develop a Multi-Level Network Intrusion Detection System (ML-NIDS) for Wi-Fi dominant networks that can detect internal attacks specic to Wi-Fi networks as well as the generic network attacks that are independent of network infrastructure. In Wi-Fi dominant networks, Wi-Fi devices (stations) are prevalent at the edge of campus and enterprise networks and integrated with the fixed wired infrastructure at the access. The implementation is proposed for Wi-Fi dominant networks; nevertheless, it aims to work for the wired network as well. We develop the ML-NIDS using an ensemble learning method that combines several weak</div><div>learners to create a strong learner.</div></div><div><br></div>
7

Comparison of systems to detect rogue access points

Lennartsson, Alexander, Melander, Hilda January 2019 (has links)
A hacker might use a rogue access point to gain access to a network, this poses athreat to the individuals connected to it. The hacker might have the potential to leakcorporate data or steal private information. The detection of rogue access points istherefore of importance to prevent any damage to both businesses and individuals.Comparing different software that detects rogue access points increases the chanceof someone finding a solution that suits their network. The different type of softwarethat are compared are intrusion detection systems, wireless scanners and a Ciscowireless lan controller. The parameters that are being compared are; cost, compat-ibility, detection capability and implementation difficulty. In order to obtain resultssome of the parameters require testing. As there are three types of software, threeexperiment environments should be conducted. Our research indicates that alreadyexisting network equipment or the size of the network affects the results from theexperiments.
8

Evaluating Machine Learning Intrusion Detection System classifiers : Using a transparent experiment approach

Augustsson, Christian, Egeberg Jacobson, Pontus, Scherqvist, Erik January 2019 (has links)
There have been many studies performing experiments that showcase the potential of machine learning solutions for intrusion detection, but their experimental approaches are non-transparent and vague, making it difficult to replicate their trained methods and results. In this thesis we exemplify a healthier experimental methodology. A survey was performed to investigate evaluation metrics. Three experiments implementing and benchmarking machine learning classifiers, using different optimization techniques, were performed to set up a frame of reference for future work, as well as signify the importance of using descriptive metrics and disclosing implementation. We found a set of metrics that more accurately describes the models, and we found guidelines that we would like future researchers to fulfill in order to make their work more comprehensible. For future work we would like to see more discussion regarding metrics, and a new dataset that is more generalizable.
9

Network Intrusion and Detection : An evaluation of SNORT

Fleming, Theodor, Wilander, Hjalmar January 2018 (has links)
Network security has become a vital part for computer networks to ensure that they operate as expected. With many of today's services relying on networks it is of great importance that the usage of networks are not being compromised. One way to increase the security of a computer network is to implement a Network Intrusion Detection System (NIDS). This system monitors the traffic sent to, from and within the network. This study investigates how a NIDS called SNORT with different configurations handles common network attacks. The knowledge of how SNORT managed the attacks is used to evaluate and indicate the vulnerability of different SNORT configurations. Different approaches on both how to bypass SNORT and how to detect attacks are described both theoretically, and practically with experiments. This study concludes that a carefully prepared configuration is the factor for SNORT to perform well in network intrusion detection.
10

Memory Efficient Regular Expression Pattern Matching Architecture For Network Intrusion Detection Systems

Kumar, Pawan 08 1900 (has links) (PDF)
The rampant growth of the Internet has been coupled with an equivalent growth in cyber crime over the Internet. With our increased reliance on the Internet for commerce, social networking, information acquisition, and information exchange, intruders have found financial, political, and military motives for their actions. Network Intrusion Detection Systems (NIDSs) intercept the traffic at an organization’s periphery and try to detect intrusion attempts. Signature-based NIDSs compare the packet to a signature database consisting of known attacks and malicious packet fingerprints. The signatures use regular expressions to model these intrusion activities. This thesis presents a memory efficient pattern matching system for the class of regular expressions appearing frequently in the NIDS signatures. Proposed Cascaded Automata Architecture is based on two stage automata. The first stage recognizes the sub-strings and character classes present in the regular expression. The second stage consumes symbol generated by the first stage upon receiving input traffic symbols. The basic idea is to utilize the research done on string matching problem for regular expression pattern matching. We formally model the class of regular expressions mostly found in NIDS signatures. The challenges involved in using string matching algorithms for regular expression matching has been presented. We introduce length-bound transitions, counter-based states, and associated counter arrays in the second stage automata to address these challenges. The system uses length information along with counter arrays to keep track of overlapped sub-strings and character class based transition. We present efficient implementation techniques for counter arrays. The evaluation of the architecture on practical expressions from Snort rule set showed compression in number of states between 50% to 85%. Because of its smaller memory footprint, our solution is suitable for both software based implementations on network chips as well as FPGA based designs.

Page generated in 0.0812 seconds