Student Number : 9607275H -
MSc dissertation -
School of Electrical and Information Engineering -
Faculty of Engineering and the Built Environment / Internet worms are capable of quickly propagating by exploiting vulnerabilities of
hosts that have access to the Internet. Once a computer has been infected, the worms
have access to sensitive information on the computer, and are able to corrupt or
retransmit this information. This dissertation describes a method of predicting Internet
instability due to the presence of a worm on the Internet, using data currently
available from global Internet routers. The work is based on previous research which
has indicated a link between the increase in the number of Border Gateway Protocol
(BGP) routing messages and global Internet instability.
The type of system used to provide the prediction is known as an autoencoder. This
is a specialised type of neural network, which is able to provide a degree of novelty
for inputs. The autoencoder is trained to recognise “normal” data, and therefore
provides a high novelty output for inputs dissimilar to the normal data. The BGP
Update routing messages sent between routers were used as the only inputs to the
autoencoder. These intra-router messages provide route availability information, and
inform neighbouring routers of any route changes. The outputs from the network
were shown to help provide an early warning mechanism for the presence of a worm.
An alternative method for detecting instability is a rule-based system, which
generates alarms if the number of certain BGP routing messages exceeds a prespecified
threshold. This project compared the autoencoder to a simple rule-based
system. The results showed that the autoencoder provided a better prediction and was
less complex for a network administrator to configure.
Although the correlation between the number of BGP Updates and global Internet
instability has been shown previously, this work presents the first known application
of a neural network to predict the instability using this correlation. A system based on
this strategy has the potential to reduce the damage done by a worm’s propagation and
payload, by providing an automated means of detection that is faster than that of a
human.
Identifer | oai:union.ndltd.org:netd.ac.za/oai:union.ndltd.org:wits/oai:wiredspace.wits.ac.za:10539/1817 |
Date | 16 November 2006 |
Creators | Marais, Elbert |
Source Sets | South African National ETD Portal |
Language | English |
Detected Language | English |
Type | Thesis |
Format | 3030383 bytes, application/pdf, application/pdf |
Page generated in 0.0017 seconds