Approved for public release; distribution in unlimited. / The idea of deploying a distributed network intrusion system using Therminator is explored in this thesis. There are many advantages in having a distributed system compared to a standalone network intrusion system. The underlying principle of Therminator is modeling network traffic on conversation exchange models. Using Zippo, a new implementation of Therminator, the experimental setup consisted of multiple sensors reporting individual findings to a central server for aggregated analysis. Different scenarios of network attacks and intrusions were planned to investigate the effectiveness of the distributed system. The network attacks were taken from the M.I.T Lincoln Lab 1999 Data Sets. The distributed system was subjected to different combinations of network attacks in various parts of the network. The results were then analyzed to understand the behavior of the distributed system in response to the different attacks. In general, the distributed system detected all attacks under each scenario. Some surprising observations also indicated attack responses occurring in unanticipated scenarios. These results are subject to further investigation. / Defence Science & Technology Agency Singapore
| Identifer | oai:union.ndltd.org:nps.edu/oai:calhoun.nps.edu:10945/1281 |
| Date | 12 1900 |
| Creators | Cheng, Kah Wai |
| Contributors | McEachen, John C., Wen, Su, Naval Postgraduate School (U.S.)., Computer Science |
| Publisher | Monterey, California. Naval Postgraduate School |
| Source Sets | Naval Postgraduate School |
| Detected Language | English |
| Type | Thesis |
| Format | xvi, 89 p. : ill. (some col.) ;, application/pdf |
| Rights | Copyright is reserved by the copyright owner. |
Page generated in 0.0089 seconds