Global ETD Search

41	Hybrid Layered Intrusion Detection System Sainani, Varsha 01 January 2009 (has links) The increasing number of network security related incidents has made it necessary for the organizations to actively protect their sensitive data with network intrusion detection systems (IDSs). Detecting intrusion in a distributed network from outside network segment as well as from inside is a difficult problem. IDSs are expected to analyze a large volume of data while not placing a significant added load on the monitoring systems and networks. This requires good data mining strategies which take less time and give accurate results. In this study, a novel hybrid layered multiagent-based intrusion detection system is created, particularly with the support of a multi-class supervised classification technique. In agent-based IDS, there is no central control and therefore no central point of failure. Agents can detect and take predefined actions against malicious activities, which can be detected with the help of data mining techniques. The proposed IDS shows superior performance compared to central sniffing IDS techniques, and saves network resources compared to other distributed IDSs with mobile agents that activate too many sniffers causing bottlenecks in the network. This is one of the major motivations to use a distributed model based on a multiagent platform along with a supervised classification technique. Applying multiagent technology to the management of network security is a challenging task since it requires the management on different time instances and has many interactions. To facilitate information exchange between different agents in the proposed hybrid layered multiagent architecture, a low cost and low response time agent communication protocol is developed to tackle the issues typically associated with a distributed multiagent system, such as poor system performance, excessive processing power requirement, and long delays. The bandwidth and response time performance of the proposed end-to-end system is investigated through the simulation of the proposed agent communication protocol on our private LAN testbed called Hierarchical Agent Network for Intrusion Detection Systems (HAN-IDS). The simulation results show that this system is efficient and extensible since it consumes negligible bandwidth with low cost and low response time on the network.
42	On Optimizing Traffic Distribution for Clusters of Network Intrusion Detection and Prevention Systems Le, Anh January 2008 (has links) To address the overload conditions caused by the increasing network traffic volume, recent literature in the network intrusion detection and prevention field has proposed the use of clusters of network intrusion detection and prevention systems (NIDPSs). We observe that simple traffic distribution schemes are usually used for NIDPS clusters. These schemes have two major drawbacks: (1) the loss of correlation information caused by the traffic distribution because correlated flows are not sent to the same NIDPS and (2) the unbalanced loads of the NIDPSs. The first drawback severely affects the ability to detect intrusions that require analysis of correlated flows. The second drawback greatly increases the chance of overloading an NIDPS even when loads of the others are low. In this thesis, we address these two drawbacks. In particular, we propose two novel traffic distribution systems: the Correlation-Based Load Balancer and the Correlation-Based Load Manager as two different solutions to the NIDPS traffic distribution problem. On the one hand, the Load Balancer and the Load Manager both consider the current loads of the NIDPSs while distributing traffic to provide fine-grained load balancing and dynamic load distribution, respectively. On the other hand, both systems take into account traffic correlation in their distributions, thereby significantly reducing the loss of correlation information during their distribution of traffic. We have implemented prototypes of both systems and evaluated them using extensive simulations and real traffic traces. Overall, the evaluation results show that both systems have low overhead in terms of the delays introduced to the packets. More importantly, compared to the naive hash-based distribution, the Load Balancer significantly improves the anomaly-based detection accuracy of DDoS attacks and port scans -- the two major attacks that require the analysis of correlated flows -- meanwhile, the Load Manager successfully maintains the anomaly-based detection accuracy of these two major attacks of the NIDPSs. Load Balancing Load Management Intrusion Detection System Intrusion Prevention System Computer Science
43	On Optimizing Traffic Distribution for Clusters of Network Intrusion Detection and Prevention Systems Le, Anh January 2008 (has links) To address the overload conditions caused by the increasing network traffic volume, recent literature in the network intrusion detection and prevention field has proposed the use of clusters of network intrusion detection and prevention systems (NIDPSs). We observe that simple traffic distribution schemes are usually used for NIDPS clusters. These schemes have two major drawbacks: (1) the loss of correlation information caused by the traffic distribution because correlated flows are not sent to the same NIDPS and (2) the unbalanced loads of the NIDPSs. The first drawback severely affects the ability to detect intrusions that require analysis of correlated flows. The second drawback greatly increases the chance of overloading an NIDPS even when loads of the others are low. In this thesis, we address these two drawbacks. In particular, we propose two novel traffic distribution systems: the Correlation-Based Load Balancer and the Correlation-Based Load Manager as two different solutions to the NIDPS traffic distribution problem. On the one hand, the Load Balancer and the Load Manager both consider the current loads of the NIDPSs while distributing traffic to provide fine-grained load balancing and dynamic load distribution, respectively. On the other hand, both systems take into account traffic correlation in their distributions, thereby significantly reducing the loss of correlation information during their distribution of traffic. We have implemented prototypes of both systems and evaluated them using extensive simulations and real traffic traces. Overall, the evaluation results show that both systems have low overhead in terms of the delays introduced to the packets. More importantly, compared to the naive hash-based distribution, the Load Balancer significantly improves the anomaly-based detection accuracy of DDoS attacks and port scans -- the two major attacks that require the analysis of correlated flows -- meanwhile, the Load Manager successfully maintains the anomaly-based detection accuracy of these two major attacks of the NIDPSs. Load Balancing Load Management Intrusion Detection System Intrusion Prevention System Computer Science
44	Fault Detection And Service Restoration In Medium Voltage Distribution System A Thesis Submitted To The Graduate School Of Natural And Applied Sciences Of Middle East Technical University By Mufit Altin In Partial Fulfillment Of The Requirements Altin, Mufit 01 April 2009 (has links) (PDF) This thesis proposes an algorithm and develops a program for fault detection and system restoration in medium voltage distribution systems. In Turkey, TUBITAK-UZAY developed distribution automation system including fault detection and service restoration functions for Bogazici Electricity Distribution Company. By the time, expanding of distribution system with nonstandardized infrastructure (for example more than one circuit breaker in the feeder, mesh and closed loop feeder structure), developed automation system have not properly worked under these unplanned situations. Taking into consideration of previously utilized TUBITAK Distribution Automation System (TUDOSIS), fault isolation algorithm is improved to cope with practical problems as non-standardized infrastructure and selectivity issue in protection system, and the proposed isolation algorithm is simulated. Further system restoration solution for mesh distribution systems is analyzed for distribution system in Turkey and expert system based algorithm is proposed.
45	Telemetry Network Intrusion Detection System Maharjan, Nadim, Moazzemi, Paria 10 1900 (has links) ITC/USA 2012 Conference Proceedings / The Forty-Eighth Annual International Telemetering Conference and Technical Exhibition / October 22-25, 2012 / Town and Country Resort & Convention Center, San Diego, California / Telemetry systems are migrating from links to networks. Security solutions that simply encrypt radio links no longer protect the network of Test Articles or the networks that support them. The use of network telemetry is dramatically expanding and new risks and vulnerabilities are challenging issues for telemetry networks. Most of these vulnerabilities are silent in nature and cannot be detected with simple tools such as traffic monitoring. The Intrusion Detection System (IDS) is a security mechanism suited to telemetry networks that can help detect abnormal behavior in the network. Our previous research in Network Intrusion Detection Systems focused on "Password" attacks and "Syn" attacks. This paper presents a generalized method that can detect both "Password" attack and "Syn" attack. In this paper, a K-means Clustering algorithm is used for vector quantization of network traffic. This reduces the scope of the problem by reducing the entropy of the network data. In addition, a Hidden-Markov Model (HMM) is then employed to help to further characterize and analyze the behavior of the network into states that can be labeled as normal, attack, or anomaly. Our experiments show that IDS can discover and expose telemetry network vulnerabilities using Vector Quantization and the Hidden Markov Model providing a more secure telemetry environment. Our paper shows how these can be generalized into a Network Intrusion system that can be deployed on telemetry networks. Intrusion Detection System Vector Quantization K-means Clustering Hidden Markov Model Security iNET
46	Effects of affective states on driver situation awareness and adaptive mitigation interfaces: focused on anger Jeon, Myounghoon 03 July 2012 (has links) Research has suggested that affective states have critical effects on various cognitive processes and performance. Evidence from driving studies has also emphasized the importance of driver situation awareness (Endsley, 1995b) for driving performance and safety. However, to date, no research has investigated the relationship between affective effects and driver situation awareness. Two studies examined the relationship between a driver's affective states and situation awareness. In Experiment 1, 30 undergraduates drove in a simulator after either anger or neutral affect induction. Results suggested that an induced angry state can degrade driver situation awareness and driving performance more than the neutral state. Interestingly, the angry state did not influence participants' perceived workload. Experiment 2 explored the possibilities of using an "attention deployment" emotion regulation strategy as an intervention for mitigating angry effects on driving, via an adaptive speech-based system. 60 undergraduates drove the same scenario as in Experiment 1 after affect induction with different intervention conditions: anger with no sound; anger with the ER system: directive/ command style emotion regulation messages; anger with the SA system: suggestive/ notification style situation awareness prompts; or neutral with no sound. Results showed that both speech-based systems can not only enhance driver situation awareness and driving performance, but also reduce the anger level and perceived workload. Participants rated the ER system as more effective, but they rated the SA system as less annoying and less authoritative than the ER system. Based on the results of Experiment 2, regression models were constructed between a driver's affective states and driving performance, being mediated by situation awareness (full mediation for speeding and partial mediation for collision). These results allow researchers to construct a more detailed driver behavior model by showing how an affective state can influence driver situation awareness and performance. The practical implications of this research include the use of situation awareness prompts as a possible strategy for mitigating affective effects, for the design of an affect detection and mitigation system for drivers. Road rage Affect regulation Emotion detection system In-vehicle technology Automobile drivers Psychology Situational awareness Anger
47	Evaluation of Intrusion Detection Systems under Denial of Service Attack in virtual Environment nagadevara, venkatesh January 2017 (has links) Context. The intrusion detection systems are being widely used for detecting the malicious traffic in many industries and they use a variety of technologies. Each IDs had different architecture and are deployed for detecting malicious activity. Intrusion detection system has a different set of rules which can defined based on requirement. Therefore, choosing intrusion detection system for and the appropriate environment is not an easy task. Objectives. The goal of this research is to evaluate three most used open source intrusion detection systems in terms of performance. And we give details about different types of attacks that can be detected using intrusion detection system. The tools that we select are Snort, Suricata, OSSEC. Methods. The experiment is conducted using TCP, SCAN, ICMP, FTP attack. Each experiment was run in different traffic rates under normal and malicious traffics all rule are active. All these tests are conducted in a virtual environment. Results. We can calculate the performance of IDS by using CPU usage, memory usage, packet loss and a number of alerts generated. These results are calculated for both normal and malicious traffic. Conclusions. We conclude that results vary in different IDS for different traffic rates. Specially snort showed better performance in alerts identification and OSSEC in the performance of IDS. These results indicated that alerts are low when the traffic rates high are which indicates this is due to the packet loss. Overall OSSEC provides better performance. And Snort provides better performance and accuracy for alert detection. snort suricata ossec intrusion detection system Computer Engineering Datorteknik Computer Sciences Datavetenskap (datalogi)
48	An implementation of a DNS-based malware detection system Fors, Markus, Grahn, Christian January 2010 (has links) Today’s wide usage of the Internet makes malicious software (malware) and botnets a big problem. While anti-virus software is commonplace today, malware is constantly evolving to remain undetected. Passively monitoring DNS traffic on a network can present a platform for detecting malware on multiple computers at a low cost and low complexity. To explore this avenue for detecting malware we decided it was necessary to design an extensible system where the framework was separate from the actual detection methods. We wanted to divide the system into three parts, one for logging, one for handling modules for detection and one for taking action against suspect traffic. The system we implemented in C collects DNS traffic and processes it with modules that are compiled separately and can be plugged in or out during runtime. Two proof of concept modules have been implemented. One based on a blacklist and one based on geolocation of requested servers. The system is complete to the point of being ready for field testing and implementation of more advanced detection modules. DNS malware implementation IDS Botnet DMDS detection system spyware. Computer Sciences Datavetenskap (datalogi)
49	A Context Aware Anomaly Behavior Analysis Methodology for Building Automation Systems Pan, Zhiwen, Pan, Zhiwen January 2017 (has links) Advances in mobile and pervasive computing, electronics technology, and the exponential growth in Internet of Things (IoT) applications and services has led to Building Automation System (BAS) that enhanced the buildings we live by delivering more energy-saving, intelligent, comfortable, and better utilization. Through the use of integrated protocols, a BAS can interconnects a wide range of building assets so that the control and management of asset operations and their services can be performed in one protocol. Moreover, through the use of distributed computing and IP based communication, a BAS can implement remote monitor and control in adaptive and real-time manner. However, the use of IoT and distributed computing techniques in BAS are leading to challenges to secure and protect information and services due to the significant increase in the attack surface and the inherent vulnerabilities of BAS integrated protocols. Since there is no intrusion detection and prevention available for BAS network, proposing a reliable security mechanism which can monitor the behavior of BAS assets becomes a major design issue. Anomaly Based Intrusion Detection is a security mechanism that uses baseline model to describe the normal behaviors of a system, so that malicious behaviors occurred in a system can be detected by comparing the observed behavior to the baseline model. With its ability of detecting novel and new attacks, Anomaly based Behavior Analysis (ABA) has been actively pursued by researchers for designing Intrusion Detection Systems. Since the information acquired from a BAS system can be from a variety of sources (e.g. sensors, network protocols, temporal and spatial information), the traditional ABA methodology which merely focuses on analyzing the behavior of communication protocols will not be effective in protecting BAS networks. In this dissertation we aim at developing a general methodology named Context Aware Anomaly based Behavior Analysis (CAABA) which combines Context Awareness technique with Anomaly based Behavior Analysis in order to detect any type of anomaly behaviors occurred in Building Automation Systems. Context Awareness is a technique which is widely used in pervasive computing and it aims at gathering information about a system's environment so it can accurately characterize the current operational context of the BAS network and its services. The CAABA methodology can be used to protect a variety of BAS networks in a sustainable and reliable way. To handle the heterogeneous BAS information, we developed a novel Context Aware Data Structure to represent the information acquired from the sensors and resources during execution of the BAS system which can explicitly describe the system's behavior. By performing Anomaly based Behavior Analysis over the set of context arrays using either data mining algorithm or statistical functions, the BAS baseline models are generated. To validate our methodology, we have applied it to two different building application scenarios: a smart building system which is usually implemented in industrial and commercial office buildings and a smart home system which is implemented in residential buildings, where we have achieved good detection results with low detection errors. Building Automation Systems Context Awareness Cyber Security Internet of Things Intrusion Detection System Smart Buildings
50	Generation of cyber attack data using generative techniques Nidhi Nandkishor Sakhala (6636128) 15 May 2019 (has links) <div><div><div><p>The presence of attacks in day-to-day traffic flow in connected networks is considerably less compared to genuine traffic flow. Yet, the consequences of these attacks are disastrous. It is very important to identify if the network is being attacked and block these attempts to protect the network system. Failure to block these attacks can lead to loss of confidential information and reputation and can also lead to financial loss. One of the strategies to identify these attacks is to use machine learning algorithms that learn to identify attacks by looking at previous examples. But since the number of attacks is small, it is difficult to train these machine learning algorithms. This study aims to use generative techniques to create new attack samples that can be used to train the machine learning based intrusion detection systems to identify more attacks. Two metrics are used to verify that the training has improved and a binary classifier is used to perform a two-sample test for verifying the generated attacks.</p></div></div></div> Computer System Security Intrusion Detection System Generative Adversarial Networks WGAN

Search results