The growing dependence of modem society on telecommunication and information networks has become inevitable. The increase in the number of networks interconnected over the Internet has led to an increase in security threats. The existing mobile and fixed network systems and telecommunication protocols are not appropriately designed to deal with current developed distributed attacks. I started my research work by exploring the deployment of intelligent Agents that could detect network anomalies and issue automated response actions. An Intelligent Agent (IA) [Knapik et at, 1998] is an entity that carries out some set of operations on behalf of a user or other software with some degree of independence or autonomy. The investigation of the Agents paradigm led to a deep understanding of the underlying problem; therefore, machine learning has turned my attention to Bayesian learning and Fuzzy logic approaches. A modelled network intrusion detector has been proposed. This model sets Agents with learning capabilities for detecting current as well as similar future distributed network attacks. In order to detect those anomalies as early as possible, the Bayesian network approach has been proposed. This approach is considered to be a promising method in determining suspicious network anomaly events that consequently relates them to subsequent dependent illegitimate activities. This research suggests innovative ways to develop Intelligent Agents that incorporate Bayesian learning to address network security risks associated with the current Networks Intrusion Detection Systems (NIDSs) designs and implementations. Because NIDSs have traditionally focused on detecting attacks, and while detection serves a vital purpose, it does not provide the ultimate solution. As aresult, an effective response mechanism to those detected attacks is required to minimise their effect and hence enhance NIDSs capabilities. Therefore, other Agents with Fuzzy intelligence capabilities have been proposed to initiate successful automated response actions. Fuzzy Agents have been proposed to handle this task with the ability to respond quickly and dynamically control the availability of allocated network resources. The evaluation methodology used to assess the performance of the developed models has been concentrated on detecting as well as predicting unauthorised activities in networks. By means of evaluation and validation, as well as empirical evidence, we are able to determine the effectiveness of the developed models and assumptions. The performance of developed detection model algorithms for unsupervised learning tasks has been evaluated using well known standard methods such as Confusion matrix. The achieved results indicate that the developed model led to a substantial reduction of the false alarms, with significant increase in the detection rates. This research work is operating within the context of two domains the first drawn from the network security community and the other from the machine learning community. It investigates the deployment of both Bayesian Learning as a probabilistic approach and Fuzzy Intelligence as a possibilistic approach to networks security. This is to detect as well as predict future evolving network anomalies, and to effectively respond to those developed attacks and minimise their effects. Consequently, it may provide innovative solutions that can be implemented in a cost-effective manner.
| Identifer | oai:union.ndltd.org:bl.uk/oai:ethos.bl.uk:420812 |
| Date | January 2005 |
| Creators | Abouzakhar, Nasser Salem |
| Publisher | University of Sheffield |
| Source Sets | Ethos UK |
| Detected Language | English |
| Type | Electronic Thesis or Dissertation |
| Source | http://etheses.whiterose.ac.uk/3575/ |
Page generated in 0.0154 seconds