subject:(Intrusion Detection)

University of Guelph

1. Nyakundi, Eric. USING SUPPORT VECTOR MACHINES IN ANOMALY INTRUSION DETECTION .

Degree: 2015, University of Guelph

URL: https://atrium.lib.uoguelph.ca/xmlui/handle/10214/8880

► Recent increase in hacks and computer network attacks around the world, including Sony Pictures (2014), Home Depot (2014), and Target (2014) gives a compelling need… (more)

Subjects/Keywords: Support Vector Machines; Intrusion detection systems; Anomaly intrusion detection; Network intrusion detection

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Nyakundi, E. (2015). USING SUPPORT VECTOR MACHINES IN ANOMALY INTRUSION DETECTION . (Thesis). University of Guelph. Retrieved from https://atrium.lib.uoguelph.ca/xmlui/handle/10214/8880

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Nyakundi, Eric. “USING SUPPORT VECTOR MACHINES IN ANOMALY INTRUSION DETECTION .” 2015. Thesis, University of Guelph. Accessed January 17, 2020. https://atrium.lib.uoguelph.ca/xmlui/handle/10214/8880.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Nyakundi, Eric. “USING SUPPORT VECTOR MACHINES IN ANOMALY INTRUSION DETECTION .” 2015. Web. 17 Jan 2020.

Vancouver:

Nyakundi E. USING SUPPORT VECTOR MACHINES IN ANOMALY INTRUSION DETECTION . [Internet] [Thesis]. University of Guelph; 2015. [cited 2020 Jan 17]. Available from: https://atrium.lib.uoguelph.ca/xmlui/handle/10214/8880.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Nyakundi E. USING SUPPORT VECTOR MACHINES IN ANOMALY INTRUSION DETECTION . [Thesis]. University of Guelph; 2015. Available from: https://atrium.lib.uoguelph.ca/xmlui/handle/10214/8880

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

University of Georgia

2. Dass, Mayukh. LIDS: a Learning Intrusion Detection System.

Degree: MS, Artificial Intelligence, 2003, University of Georgia

URL: http://purl.galileo.usg.edu/uga_etd/dass_mayukh_200308_ms

► The detection of attacks against computer networks is becoming a harder problem to solve in the field of network security. The dexterity of the attackers,… (more)

Subjects/Keywords: Intrusion Detection

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Dass, M. (2003). LIDS: a Learning Intrusion Detection System. (Masters Thesis). University of Georgia. Retrieved from http://purl.galileo.usg.edu/uga_etd/dass_mayukh_200308_ms

Chicago Manual of Style (16^th Edition):

Dass, Mayukh. “LIDS: a Learning Intrusion Detection System.” 2003. Masters Thesis, University of Georgia. Accessed January 17, 2020. http://purl.galileo.usg.edu/uga_etd/dass_mayukh_200308_ms.

MLA Handbook (7^th Edition):

Dass, Mayukh. “LIDS: a Learning Intrusion Detection System.” 2003. Web. 17 Jan 2020.

Vancouver:

Dass M. LIDS: a Learning Intrusion Detection System. [Internet] [Masters thesis]. University of Georgia; 2003. [cited 2020 Jan 17]. Available from: http://purl.galileo.usg.edu/uga_etd/dass_mayukh_200308_ms.

Council of Science Editors:

Dass M. LIDS: a Learning Intrusion Detection System. [Masters Thesis]. University of Georgia; 2003. Available from: http://purl.galileo.usg.edu/uga_etd/dass_mayukh_200308_ms

3. Ferreira, Eduardo Alves. Detecção autônoma de intrusões utilizando aprendizado de máquina.

Degree: Mestrado, Ciências de Computação e Matemática Computacional, 2011, University of São Paulo

URL: http://www.teses.usp.br/teses/disponiveis/55/55134/tde-28072011-160306/ ;

►

A evolução da tecnologia da informação popularizou o uso de sistemas computacionais para a automação de tarefas operacionais. As tarefas de implantação e manutenção desses… (more)

▼

A evolução da tecnologia da informação popularizou o uso de sistemas computacionais para a automação de tarefas operacionais. As tarefas de implantação e manutenção desses sistemas computacionais, por outro lado, não acompanharam essa tendência de forma ágil, tendo sido, por anos, efetuadas de forma manual, implicando alto custo, baixa produtividade e pouca qualidade de serviço. A fim de preencher essa lacuna foi proposta uma iniciativa denominada Computação Autônoma, a qual visa prover capacidade de autogerenciamento a sistemas computacionais. Dentre os aspectos necessários para a construção de um sistema autônomo está a detecção de intrusão, responsável por monitorar o funcionamento e fluxos de dados de sistemas em busca de indícios de operações maliciosas. Dado esse contexto, este trabalho apresenta um sistema autônomo de detecção de intrusões em aplicações Web, baseado em técnicas de aprendizado de máquina com complexidade computacional próxima de linear. Esse sistema utiliza técnicas de agrupamento de dados e de detecção de novidades para caracterizar o comportamento normal de uma aplicação, buscando posteriormente por anomalias no funcionamento das aplicações. Observou-se que a técnica é capaz de detectar ataques com maior autonomia e menor dependência sobre contextos específicos em relação a trabalhos anteriores

The use of computers to automatically perform operational tasks is commonplace, thanks to the information technology evolution. The maintenance of computer systems, on the other hand, is commonly performed manually, resulting in high costs, low productivity and low quality of service. The Autonomous Computing initiative aims to approach this limitation, through selfmanagement of computer systems. In order to assemble a fully autonomous system, an intrusion detection application is needed to monitor the behavior and data flows on applications. Considering this context, an autonomous Web intrusion detection system is proposed, based on machine-learning techniques with near-linear computational complexity. This system is based on clustering and novelty detection techniques, characterizing an application behavior, to later pinpoint anomalies in live applications. By conducting experiments, we observed that this new approach is capable of detecting anomalies with less dependency on specific contexts than previous solutions

Advisors/Committee Members: Mello, Rodrigo Fernandes de.

Subjects/Keywords: Detecção de intrusão; Intrusion detection

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Ferreira, E. A. (2011). Detecção autônoma de intrusões utilizando aprendizado de máquina. (Masters Thesis). University of São Paulo. Retrieved from http://www.teses.usp.br/teses/disponiveis/55/55134/tde-28072011-160306/ ;

Chicago Manual of Style (16^th Edition):

Ferreira, Eduardo Alves. “Detecção autônoma de intrusões utilizando aprendizado de máquina.” 2011. Masters Thesis, University of São Paulo. Accessed January 17, 2020. http://www.teses.usp.br/teses/disponiveis/55/55134/tde-28072011-160306/ ;.

MLA Handbook (7^th Edition):

Ferreira, Eduardo Alves. “Detecção autônoma de intrusões utilizando aprendizado de máquina.” 2011. Web. 17 Jan 2020.

Vancouver:

Ferreira EA. Detecção autônoma de intrusões utilizando aprendizado de máquina. [Internet] [Masters thesis]. University of São Paulo; 2011. [cited 2020 Jan 17]. Available from: http://www.teses.usp.br/teses/disponiveis/55/55134/tde-28072011-160306/ ;.

Council of Science Editors:

Ferreira EA. Detecção autônoma de intrusões utilizando aprendizado de máquina. [Masters Thesis]. University of São Paulo; 2011. Available from: http://www.teses.usp.br/teses/disponiveis/55/55134/tde-28072011-160306/ ;

4. Victor, Ganta Jacob. Intrusion Detection Systems False Positives;.

Degree: Compute Science Engineering, 2013, Jawaharlal Nehru Technological University, Hyderabad

URL: http://shodhganga.inflibnet.ac.in/handle/10603/19733

►

Computers and internet have become a part of human life, to address security challenges tools like Anti-viruses, Firewalls, Intrusion Detection Systems (IDS) etc. are deployed.… (more)

Subjects/Keywords: Detection; False; Intrusion; Positives; Systems

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Victor, G. J. (2013). Intrusion Detection Systems False Positives;. (Thesis). Jawaharlal Nehru Technological University, Hyderabad. Retrieved from http://shodhganga.inflibnet.ac.in/handle/10603/19733

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Victor, Ganta Jacob. “Intrusion Detection Systems False Positives;.” 2013. Thesis, Jawaharlal Nehru Technological University, Hyderabad. Accessed January 17, 2020. http://shodhganga.inflibnet.ac.in/handle/10603/19733.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Victor, Ganta Jacob. “Intrusion Detection Systems False Positives;.” 2013. Web. 17 Jan 2020.

Vancouver:

Victor GJ. Intrusion Detection Systems False Positives;. [Internet] [Thesis]. Jawaharlal Nehru Technological University, Hyderabad; 2013. [cited 2020 Jan 17]. Available from: http://shodhganga.inflibnet.ac.in/handle/10603/19733.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Victor GJ. Intrusion Detection Systems False Positives;. [Thesis]. Jawaharlal Nehru Technological University, Hyderabad; 2013. Available from: http://shodhganga.inflibnet.ac.in/handle/10603/19733

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Penn State University

5. Jha, Manjari. Probabilistic Techniques for Metagenomic Clustering and Intrusion Detection.

Degree: 2018, Penn State University

URL: https://etda.libraries.psu.edu/catalog/15543mom5590

► This thesis focuses on developing probabilistic models for the analysis of diverse datasets using unsupervised clustering techniques. Primarily, we focus on two main fields: the… (more)

▼ This thesis focuses on developing probabilistic models for the analysis of diverse datasets using unsupervised clustering techniques. Primarily, we focus on two main fields: the clustering of DNA reads derived from a metagenomic sample, and the separation of attacks from normal connections in a collection of network connection records.Metagenomics involves the analysis of genomes of microorganisms sampled directly from their environment. Next Generation Sequencing allows a high-throughput sampling of small segments from genomes in the metagenome to generate reads. To study the properties and relationships of the microorganisms present, clustering can be performed based on the inherent composition of the sampled reads for unknown species. We propose a two-dimensional lattice based probabilistic model for clustering metagenomic datasets. The occurrence of a species in the metagenome is estimated using a lattice of probabilistic distributions over small sized genomic sequences. The two dimensions denote distributions for different word sizes and the distribution of groups of words respectively. The lattice structure allows for additional support for a node from its neighbors when the probabilistic support for the species using the parameters of the current node is deemed insufficient. We test our algorithm on simulated metagenomic data containing bacterial species with known ground truth and observe more than 85% precision. We also evaluate our algorithm on an in vitro-simulated bacterial metagenome and on human patient data, using ground truth from BLAST, and show a better clustering than other algorithms even for short reads and varied abundance.Secondly, we work on developing a model for identifying intrusions in a computer network, inspired by the mechanisms for defense used in the immune system. The immune system is built to defend an organism against both known and new attacks, and functions as an adaptive distributed defense system. Artificial Immune Systems abstract the structure of immune systems to incorporate memory, fault detection and adaptive learning. We propose an immune system based real time intrusion detection system using unsupervised clustering. The model consists of three layers: a probabilistic model based T-cell algorithm which identifies possible attacks, a B-cell model which uses the inputs from T-cells together with feature information to confirm true attacks, and a damage signal generating Antigen Presenting Cell layer. The algorithm is tested on the KDD 99 data, where it achieves a low false alarm rate while maintaining a high detection rate. This is true even in case of novel attacks, which is a significant improvement over other algorithms. Advisors/Committee Members: Raj Acharya, Dissertation Advisor.

Subjects/Keywords: metagenomics; intrusion detection; clustering; unsupervised

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Jha, M. (2018). Probabilistic Techniques for Metagenomic Clustering and Intrusion Detection. (Thesis). Penn State University. Retrieved from https://etda.libraries.psu.edu/catalog/15543mom5590

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Jha, Manjari. “Probabilistic Techniques for Metagenomic Clustering and Intrusion Detection.” 2018. Thesis, Penn State University. Accessed January 17, 2020. https://etda.libraries.psu.edu/catalog/15543mom5590.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Jha, Manjari. “Probabilistic Techniques for Metagenomic Clustering and Intrusion Detection.” 2018. Web. 17 Jan 2020.

Vancouver:

Jha M. Probabilistic Techniques for Metagenomic Clustering and Intrusion Detection. [Internet] [Thesis]. Penn State University; 2018. [cited 2020 Jan 17]. Available from: https://etda.libraries.psu.edu/catalog/15543mom5590.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Jha M. Probabilistic Techniques for Metagenomic Clustering and Intrusion Detection. [Thesis]. Penn State University; 2018. Available from: https://etda.libraries.psu.edu/catalog/15543mom5590

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

North-West University

6. Ohaeri, Ifeoma Ugochi. Intrusion detection and response model to enhance security in cognitive radio networks / Ifeoma Ugochi Ohaeri .

Degree: 2012, North-West University

URL: http://hdl.handle.net/10394/15665

► With the rapid proliferation of new technologies and services in the wireless domain, spectrum scarcity has become a major concern. Cognitive radios (CRs) arise as… (more)

Subjects/Keywords: Intrusion detection systems; Computer security

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Ohaeri, I. U. (2012). Intrusion detection and response model to enhance security in cognitive radio networks / Ifeoma Ugochi Ohaeri . (Thesis). North-West University. Retrieved from http://hdl.handle.net/10394/15665

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Ohaeri, Ifeoma Ugochi. “Intrusion detection and response model to enhance security in cognitive radio networks / Ifeoma Ugochi Ohaeri .” 2012. Thesis, North-West University. Accessed January 17, 2020. http://hdl.handle.net/10394/15665.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Ohaeri, Ifeoma Ugochi. “Intrusion detection and response model to enhance security in cognitive radio networks / Ifeoma Ugochi Ohaeri .” 2012. Web. 17 Jan 2020.

Vancouver:

Ohaeri IU. Intrusion detection and response model to enhance security in cognitive radio networks / Ifeoma Ugochi Ohaeri . [Internet] [Thesis]. North-West University; 2012. [cited 2020 Jan 17]. Available from: http://hdl.handle.net/10394/15665.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Ohaeri IU. Intrusion detection and response model to enhance security in cognitive radio networks / Ifeoma Ugochi Ohaeri . [Thesis]. North-West University; 2012. Available from: http://hdl.handle.net/10394/15665

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Oklahoma State University

7. Koskei, Jordan Kiprop. Attacker Intention Discovery Layer for Intrusion Detection Systems Using Hidden Markov Models.

Degree: Computer Science Department, 2011, Oklahoma State University

URL: http://hdl.handle.net/11244/8184

► Currently deployed intrusion detection systems (IDS) have no capacity to discover attacker high level intentions. Understanding an intruder's intention greatly enhances network security as it… (more)

Subjects/Keywords: intrusion detection; network security

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Koskei, J. K. (2011). Attacker Intention Discovery Layer for Intrusion Detection Systems Using Hidden Markov Models. (Thesis). Oklahoma State University. Retrieved from http://hdl.handle.net/11244/8184

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Koskei, Jordan Kiprop. “Attacker Intention Discovery Layer for Intrusion Detection Systems Using Hidden Markov Models.” 2011. Thesis, Oklahoma State University. Accessed January 17, 2020. http://hdl.handle.net/11244/8184.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Koskei, Jordan Kiprop. “Attacker Intention Discovery Layer for Intrusion Detection Systems Using Hidden Markov Models.” 2011. Web. 17 Jan 2020.

Vancouver:

Koskei JK. Attacker Intention Discovery Layer for Intrusion Detection Systems Using Hidden Markov Models. [Internet] [Thesis]. Oklahoma State University; 2011. [cited 2020 Jan 17]. Available from: http://hdl.handle.net/11244/8184.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Koskei JK. Attacker Intention Discovery Layer for Intrusion Detection Systems Using Hidden Markov Models. [Thesis]. Oklahoma State University; 2011. Available from: http://hdl.handle.net/11244/8184

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Victoria University of Wellington

8. Seifert, Christian. Cost-effective Detection of Drive-by-Download Attacks with Hybrid Client Honeypots.

Degree: 2010, Victoria University of Wellington

URL: http://hdl.handle.net/10063/1385

► With the increasing connectivity of and reliance on computers and networks, important aspects of computer systems are under a constant threat. In particular, drive-by-download attacks… (more)

▼ With the increasing connectivity of and reliance on computers and networks, important aspects of computer systems are under a constant threat. In particular, drive-by-download attacks have emerged as a new threat to the integrity of computer systems. Drive-by-download attacks are clientside attacks that originate fromweb servers that are visited byweb browsers. As a vulnerable web browser retrieves a malicious web page, the malicious web server can push malware to a user's machine that can be executed without their notice or consent. The detection of malicious web pages that exist on the Internet is prohibitively expensive. It is estimated that approximately 150 million malicious web pages that launch drive-by-download attacks exist today. Socalled high-interaction client honeypots are devices that are able to detect these malicious web pages, but they are slow and known to miss attacks. Detection ofmaliciousweb pages in these quantitieswith client honeypots would cost millions of US dollars. Therefore, we have designed a more scalable system called a hybrid client honeypot. It consists of lightweight client honeypots, the so-called low-interaction client honeypots, and traditional high-interaction client honeypots. The lightweight low-interaction client honeypots inspect web pages at high speed and forward only likely malicious web pages to the high-interaction client honeypot for a final classification. For the comparison of client honeypots and evaluation of the hybrid client honeypot system, we have chosen a cost-based evaluation method: the true positive cost curve (TPCC). It allows us to evaluate client honeypots against their primary purpose of identification of malicious web pages. We show that costs of identifying malicious web pages with the developed hybrid client honeypot systems are reduced by a factor of nine compared to traditional high-interaction client honeypots. The five main contributions of our work are: High-Interaction Client Honeypot The first main contribution of our work is the design and implementation of a high-interaction client honeypot Capture-HPC. It is an open-source, publicly available client honeypot research platform, which allows researchers and security professionals to conduct research on malicious web pages and client honeypots. Based on our client honeypot implementation and analysis of existing client honeypots, we developed a component model of client honeypots. This model allows researchers to agree on the object of study, allows for focus of specific areas within the object of study, and provides a framework for communication of research around client honeypots. True Positive Cost Curve As mentioned above, we have chosen a cost-based evaluationmethod to compare and evaluate client honeypots against their primary purpose of identification ofmaliciousweb pages: the true positive cost curve. It takes into account the unique characteristics of client honeypots, speed, detection accuracy, and resource cost and provides a simple, cost-based mechanism to evaluate and compare… Advisors/Committee Members: Komisarczuk, Peter, Welch, Ian.

Subjects/Keywords: Intrusion detection; Honeypots; Security

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Seifert, C. (2010). Cost-effective Detection of Drive-by-Download Attacks with Hybrid Client Honeypots. (Doctoral Dissertation). Victoria University of Wellington. Retrieved from http://hdl.handle.net/10063/1385

Chicago Manual of Style (16^th Edition):

Seifert, Christian. “Cost-effective Detection of Drive-by-Download Attacks with Hybrid Client Honeypots.” 2010. Doctoral Dissertation, Victoria University of Wellington. Accessed January 17, 2020. http://hdl.handle.net/10063/1385.

MLA Handbook (7^th Edition):

Seifert, Christian. “Cost-effective Detection of Drive-by-Download Attacks with Hybrid Client Honeypots.” 2010. Web. 17 Jan 2020.

Vancouver:

Seifert C. Cost-effective Detection of Drive-by-Download Attacks with Hybrid Client Honeypots. [Internet] [Doctoral dissertation]. Victoria University of Wellington; 2010. [cited 2020 Jan 17]. Available from: http://hdl.handle.net/10063/1385.

Council of Science Editors:

Seifert C. Cost-effective Detection of Drive-by-Download Attacks with Hybrid Client Honeypots. [Doctoral Dissertation]. Victoria University of Wellington; 2010. Available from: http://hdl.handle.net/10063/1385

University of Waterloo

9. Ali, Karim. Algorizmi: A Configurable Virtual Testbed to Generate Datasets for Offline Evaluation of Intrusion Detection Systems.

Degree: 2010, University of Waterloo

URL: http://hdl.handle.net/10012/4921

► Intrusion detection systems (IDSes) are an important security measure that network administrators adopt to defend computer networks against malicious attacks and intrusions. The field of… (more)

▼ Intrusion detection systems (IDSes) are an important security measure that network administrators adopt to defend computer networks against malicious attacks and intrusions. The field of IDS research includes many challenges. However, one open problem remains orthogonal to the others: IDS evaluation. In other words, researchers have not yet succeeded to agree on a general systematic methodology and/or a set of metrics to fairly evaluate different IDS algorithms. This leads to another problem: the lack of an appropriate IDS evaluation dataset that satisfies the common research needs. One major contribution in this area is the DARPA dataset offered by the Massachusetts Institute of Technology Lincoln Lab (MIT/LL), which has been extensively used to evaluate a number of IDS algorithms proposed in the literature. Despite this, the DARPA dataset received a lot of criticism concerning the way it was designed, especially concerning its obsoleteness and inability to incorporate new sorts of network attacks. In this thesis, we survey previous research projects that attempted to provide a system for IDS offline evaluation. From the survey, we identify a set of design requirements for such a system based on the research community needs. We, then, propose Algorizmi as an open-source configurable virtual testbed for generating datasets for offline IDS evaluation. We provide an architectural overview of Algorizmi and its software and hardware components. Algorizmi provides its users with tools that allow them to create their own experimental testbed using the concepts of virtualization and cloud computing. Algorizmi users can configure the virtual machine instances running in their experiments, select what background traffic those instances will generate and what attacks will be launched against them. At any point in time, an Algorizmi user can generate a dataset (network traffic trace) for any of her experiments so that she can use this dataset afterwards to evaluate an IDS the same way the DARPA dataset is used. Our analysis shows that Algorizmi satisfies more requirements than previous research projects that target the same research problem of generating datasets for IDS offline evaluation. Finally, we prove the utility of Algorizmi by building a sample network of machines, generate both background and attack traffic within that network. We then download a snapshot of the dataset for that experiment and run it against Snort IDS. Snort successfully detected the attacks we launched against the sample network. Additionally, we evaluate the performance of Algorizmi while processing some of the common usages of a typical user based on 5 metrics: CPU time, CPU usage, memory usage, network traffic sent/received and the execution time.

Subjects/Keywords: intrusion detection systems; security; networks

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Ali, K. (2010). Algorizmi: A Configurable Virtual Testbed to Generate Datasets for Offline Evaluation of Intrusion Detection Systems. (Thesis). University of Waterloo. Retrieved from http://hdl.handle.net/10012/4921

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Ali, Karim. “Algorizmi: A Configurable Virtual Testbed to Generate Datasets for Offline Evaluation of Intrusion Detection Systems.” 2010. Thesis, University of Waterloo. Accessed January 17, 2020. http://hdl.handle.net/10012/4921.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Ali, Karim. “Algorizmi: A Configurable Virtual Testbed to Generate Datasets for Offline Evaluation of Intrusion Detection Systems.” 2010. Web. 17 Jan 2020.

Vancouver:

Ali K. Algorizmi: A Configurable Virtual Testbed to Generate Datasets for Offline Evaluation of Intrusion Detection Systems. [Internet] [Thesis]. University of Waterloo; 2010. [cited 2020 Jan 17]. Available from: http://hdl.handle.net/10012/4921.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Ali K. Algorizmi: A Configurable Virtual Testbed to Generate Datasets for Offline Evaluation of Intrusion Detection Systems. [Thesis]. University of Waterloo; 2010. Available from: http://hdl.handle.net/10012/4921

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

10. Han, Lu. Indicators of Compromise of Vehicular Systems .

Degree: Chalmers tekniska högskola / Institutionen för data och informationsvetenskap, 2019, Chalmers University of Technology

URL: http://hdl.handle.net/20.500.12380/300607

► Modern vehicles are no longer mere mechanical devices; they are equipped with plenty of sensors and Electronic Control Units (ECUs) for their primary functions such… (more)

▼ Modern vehicles are no longer mere mechanical devices; they are equipped with plenty of sensors and Electronic Control Units (ECUs) for their primary functions such as powertrain and brake systems. Some legislation mandates the use of ECUs in the modern vehicles because the pure mechanical solutions such as legacy carburetors or hydraulic brake systems can neither comply with the safety and emission regulations nor achieve the consumers’ demands. The number of ECUs in most modern vehicles goes beyond one hundred. To achieve higher consumer satisfaction, vehicle manufacturers also implement plenty of built-in advanced entertainment and navigation systems which in most cases require an Internet connection. By connecting to the Internet, to other vehicles, and to infrastructures, as well as having hundred of millions of lines of code, vehicles have emerged as drivable computers. Similar to ordinary computers, modern vehicles are also exposed to different types of cyber-attacks which can cause safety issues for the driver, the passengers, and other properties. Nonetheless, there has been much research within this area; especially on Intrusion Detection Systems (IDS). However, there are still some issues with the IDSs, and the most significant one is the high rate of false alarms considering the massive number of vehicles deployed in the market. In this thesis project, we introduced many Indicators of Compromise (IOC) in vehicular systems. Indicators of Compromise are simple artifacts whose presence in a system is a sign of intrusion or infection by malicious software. The IOCs trigger if the legitimate behavior of the system is violated; thus can mitigate the number of false positives if implemented and deployed on the system. Also, we have defined a set of criteria and methodologies in order to conduct a qualitative evaluation of the IOCs in order to determine their quality. Additionally, we have identified where in the overall architecture of a vehicle an indicator would fit. We have also proposed a centralized IDS with logic for the central node to combine the IOCs that one of them might not achieve the desired degree of confidence for raising an alarm. As part of the research, we have studied previous work in the field as well as interviewed industry experts. From this point

Subjects/Keywords: IDS; Intrusion; Detection; ECU; IOC

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Han, L. (2019). Indicators of Compromise of Vehicular Systems . (Thesis). Chalmers University of Technology. Retrieved from http://hdl.handle.net/20.500.12380/300607

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Han, Lu. “Indicators of Compromise of Vehicular Systems .” 2019. Thesis, Chalmers University of Technology. Accessed January 17, 2020. http://hdl.handle.net/20.500.12380/300607.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Han, Lu. “Indicators of Compromise of Vehicular Systems .” 2019. Web. 17 Jan 2020.

Vancouver:

Han L. Indicators of Compromise of Vehicular Systems . [Internet] [Thesis]. Chalmers University of Technology; 2019. [cited 2020 Jan 17]. Available from: http://hdl.handle.net/20.500.12380/300607.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Han L. Indicators of Compromise of Vehicular Systems . [Thesis]. Chalmers University of Technology; 2019. Available from: http://hdl.handle.net/20.500.12380/300607

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

University of Western Ontario

11. Miriya Thanthrige, Udaya Sampath Karunathilaka Perera. Hidden Markov Model Based Intrusion Alert Prediction.

Degree: 2016, University of Western Ontario

URL: https://ir.lib.uwo.ca/etd/4044

► Intrusion detection is only a starting step in securing IT infrastructure. Prediction of intrusions is the next step to provide an active defense against incoming… (more)

Subjects/Keywords: Feature Reduction; HMM; Intrusion Alerts; Intrusion Detection; Intrusion Prediction; Other Electrical and Computer Engineering

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Miriya Thanthrige, U. S. K. P. (2016). Hidden Markov Model Based Intrusion Alert Prediction. (Thesis). University of Western Ontario. Retrieved from https://ir.lib.uwo.ca/etd/4044

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Miriya Thanthrige, Udaya Sampath Karunathilaka Perera. “Hidden Markov Model Based Intrusion Alert Prediction.” 2016. Thesis, University of Western Ontario. Accessed January 17, 2020. https://ir.lib.uwo.ca/etd/4044.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Miriya Thanthrige, Udaya Sampath Karunathilaka Perera. “Hidden Markov Model Based Intrusion Alert Prediction.” 2016. Web. 17 Jan 2020.

Vancouver:

Miriya Thanthrige USKP. Hidden Markov Model Based Intrusion Alert Prediction. [Internet] [Thesis]. University of Western Ontario; 2016. [cited 2020 Jan 17]. Available from: https://ir.lib.uwo.ca/etd/4044.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Miriya Thanthrige USKP. Hidden Markov Model Based Intrusion Alert Prediction. [Thesis]. University of Western Ontario; 2016. Available from: https://ir.lib.uwo.ca/etd/4044

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

North Carolina State University

12. Yadav, Meeta. Hardware Architecture of a Behavior Modeling Coprocessor for Network Intrusion Detection System.

Degree: PhD, Computer Engineering, 2009, North Carolina State University

URL: http://www.lib.ncsu.edu/resolver/1840.16/5601

► YADAV, MEETA. Hardware Architecture of a Behavior Modeling Coprocessor for Network Intrusion Detection. (Under the direction of Professor Paul D. Franzon). Intrusion detection systems protect… (more)

▼ YADAV, MEETA. Hardware Architecture of a Behavior Modeling Coprocessor for Network Intrusion Detection. (Under the direction of Professor Paul D. Franzon). Intrusion detection systems protect a network against exploitation and manipulation by monitoring the incoming and outgoing traffic and classifying it as normal or malicious. The task of classifying network traffic is difficult and is made more complex by growing performance pressures of increasing traffic rates, the need to detect stealthy attacks by performing sophisticated analysis, the requirement of in-line processing and the inability of software based systems to keep up with the line-speeds. Most current intrusion detection systems make trade-offs between one or more performance requirements. For instance, software based systems are scalable and can perform more complex algorithmic analysis on the network traffic but are incapable of keeping up with the line speeds. Hardware based systems can process packets in real-time but are not scalable or configurable, and they are limited to rule based packet filtering. These growing performance pressures on network security devices have redefined the issues to be addressed in the design of a security system, underlining the need for a scalable and configurable hardware system that has the ability to effectively detect intrusions by performing sophisticated analysis at line-speeds while keeping up with the increasing traffic rate and attack sophistication. The focus of this dissertation is to design a hardware based intrusion detection system that is scalable, configurable, and capable of analyzing traffic to detect various categories of attacks at linespeeds. Specifically, we address four important issues with the design of hardware based systems: - A behavior based technique was implemented in hardware to detect attacks embedded in the different protocol layers, across layers and in the payload of the packet. The technique monitors the traffic deeply, recovers-higher layer semantics, understands the flow of commands, requests, responses and detect attacks embedded across packets and across connections. The technique checks the network traffic for behavioral compliance using configurable, parametric data structures called theories that can model simple as well as complex behavior. Theories translate themselves into hardware using configurable functional units called assertion blocks. - Theories and assertion blocks are parametric and configurable in nature and can be configured to translate any behavior description to hardware. The ability of individual theories and assertion blocks to be configured lends the configurability aspect to the entire system. To enable the system to scale with an increase in behavior modules a configurable fabric of assertion blocks has been developed. The configurable assertion block fabric contains pre-synthesized assertion modules that are triggered by theories to perform the operation specified by the theories. - A Multi-Level Fractional Hash Algorithm was developed to… Advisors/Committee Members: Paul D. Franzon, Committee Chair (advisor), Michael A Rappa, Committee Member (advisor), Yannis Viniotis, Committee Member (advisor), Gregory T. Byrd, Committee Member (advisor).

Subjects/Keywords: Network Intrusion Prevention; Hardware Architecture; Security; Network Intrusion Detection

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Yadav, M. (2009). Hardware Architecture of a Behavior Modeling Coprocessor for Network Intrusion Detection System. (Doctoral Dissertation). North Carolina State University. Retrieved from http://www.lib.ncsu.edu/resolver/1840.16/5601

Chicago Manual of Style (16^th Edition):

Yadav, Meeta. “Hardware Architecture of a Behavior Modeling Coprocessor for Network Intrusion Detection System.” 2009. Doctoral Dissertation, North Carolina State University. Accessed January 17, 2020. http://www.lib.ncsu.edu/resolver/1840.16/5601.

MLA Handbook (7^th Edition):

Yadav, Meeta. “Hardware Architecture of a Behavior Modeling Coprocessor for Network Intrusion Detection System.” 2009. Web. 17 Jan 2020.

Vancouver:

Yadav M. Hardware Architecture of a Behavior Modeling Coprocessor for Network Intrusion Detection System. [Internet] [Doctoral dissertation]. North Carolina State University; 2009. [cited 2020 Jan 17]. Available from: http://www.lib.ncsu.edu/resolver/1840.16/5601.

Council of Science Editors:

Yadav M. Hardware Architecture of a Behavior Modeling Coprocessor for Network Intrusion Detection System. [Doctoral Dissertation]. North Carolina State University; 2009. Available from: http://www.lib.ncsu.edu/resolver/1840.16/5601

University of New Mexico

13. Fugate, Sunny. Methods for speculatively bootstrapping better intrusion detection system performance.

Degree: Department of Computer Science, 2012, University of New Mexico

URL: http://hdl.handle.net/1928/22040

► During the last three decades, the designers of computer IDSs have been continuously challenged with performance bottlenecks and scalability issues. The number of threats is… (more)

▼ During the last three decades, the designers of computer IDSs have been continuously challenged with performance bottlenecks and scalability issues. The number of threats is enormous. The performance of ID systems depends primarily on the quantity of input data and complexity of detected patterns. During noisy attacks, system load tends to increase proportional to increasing data rates, making ID systems vulnerable to flooding and denial-of-service attacks. Unfortunately, the number, type, and sophistication of threats is quickly increasing, outpacing our ability to detect them. The more we try to detect, the more computing and economic resources must be reserved solely for the task of detection, whittling away at what remains for performing useful computations. This dissertation describes methods for assessing the current scaling performance of signature-based IDSs and presents models for speculatively bootstrapping better IDS performance. Using measurements of the coverage and scaling performance of a modern signature-based IDS in the context of an anticipatory model, arguments are presented that maintaining compact, low-coverage signature-sets does not provide optimal protection for modern heterogeneous computing environments. The primary contribution is an analysis of how mechanisms of anticipatory bias can be used to achieve performance improvements. To support the theoretical models, two principal approaches have been implemented. The first uses a combination of anticipation and feedback in an attempt to decrease per-signature costs by (counter-intuitively) increasing system coverage. The approach uses learned sequence statistics to make predictions of future events. Each prediction above a chosen threshold is used to decrease per-stream detection cost by shunting traffic to smaller detectors (at the risk of increased error rates). The new approach promises decreasing per-signature costs as new detection signatures are added. The design and performance of a prototype anticipatory IDS, 'Packet Wrangler', demonstrates the feasibility of the basic approach. The second approach applies primarily to improving the performance of IDSs when under stress. When overburdened, an IDS will drop input data (often arbitrarily). A probabilistic signature activation approach is described which improves error rates by decreasing the total amount of input data lost by probabilistically dropping signature activations based on learned event statistics and system load. A theoretical analysis is presented which shows that a policy which drops signatures instead of packets can outperform the default policy of dropping packets in terms of total error rates. A rudimentary prototype based on the Snort IDS, 'Probabilistic Flowbits', is described. Experimental results are then given which show substantially decreased error rates while simultaneously decreasing system overhead. In conclusion, a case is made for expanding IDS coverage and implementation fast-feedback and anticipatory optimizations. It can be… Advisors/Committee Members: Luger, George, Crandall, Jedidiah, Hayes, Thomas, LorRaine, Duffy, Caudell, Thomas.

Subjects/Keywords: intrusion detection; performance optimization; speculative optimization

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Fugate, S. (2012). Methods for speculatively bootstrapping better intrusion detection system performance. (Doctoral Dissertation). University of New Mexico. Retrieved from http://hdl.handle.net/1928/22040

Chicago Manual of Style (16^th Edition):

Fugate, Sunny. “Methods for speculatively bootstrapping better intrusion detection system performance.” 2012. Doctoral Dissertation, University of New Mexico. Accessed January 17, 2020. http://hdl.handle.net/1928/22040.

MLA Handbook (7^th Edition):

Fugate, Sunny. “Methods for speculatively bootstrapping better intrusion detection system performance.” 2012. Web. 17 Jan 2020.

Vancouver:

Fugate S. Methods for speculatively bootstrapping better intrusion detection system performance. [Internet] [Doctoral dissertation]. University of New Mexico; 2012. [cited 2020 Jan 17]. Available from: http://hdl.handle.net/1928/22040.

Council of Science Editors:

Fugate S. Methods for speculatively bootstrapping better intrusion detection system performance. [Doctoral Dissertation]. University of New Mexico; 2012. Available from: http://hdl.handle.net/1928/22040

14. Badger, Eric C. Scalable data analytics pipeline for real-time attack detection: design, validation, and deployment in a honeypot environment.

Degree: MS, Electrical & Computer Engineering, 2015, University of Illinois – Urbana-Champaign

URL: http://hdl.handle.net/2142/89057

► This work explores a scalable data analytics pipeline for real-time attack detection through the use of customized honeypots at the National Center for Supercomputing Applications… (more)

Subjects/Keywords: Intrusion Detection

…Detection System ICSI International Computer Science Institute IDS Intrusion Detection System… …Network-based Intrusion Detection System (NIDS). Unlike OSSEC, Bro is running directly… …Comma-separated Values DDoS Distributed Denial of Service HIDS Host-based Intrusion… …Registry NCSA National Center for Supercomputing Applications NIDS Network-based Intrusion… …Detection System NSF National Science Foundation OS Operating System OSSEC Open Source…

11 more images…

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Badger, E. C. (2015). Scalable data analytics pipeline for real-time attack detection: design, validation, and deployment in a honeypot environment. (Thesis). University of Illinois – Urbana-Champaign. Retrieved from http://hdl.handle.net/2142/89057

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Badger, Eric C. “Scalable data analytics pipeline for real-time attack detection: design, validation, and deployment in a honeypot environment.” 2015. Thesis, University of Illinois – Urbana-Champaign. Accessed January 17, 2020. http://hdl.handle.net/2142/89057.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Badger, Eric C. “Scalable data analytics pipeline for real-time attack detection: design, validation, and deployment in a honeypot environment.” 2015. Web. 17 Jan 2020.

Vancouver:

Badger EC. Scalable data analytics pipeline for real-time attack detection: design, validation, and deployment in a honeypot environment. [Internet] [Thesis]. University of Illinois – Urbana-Champaign; 2015. [cited 2020 Jan 17]. Available from: http://hdl.handle.net/2142/89057.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Badger EC. Scalable data analytics pipeline for real-time attack detection: design, validation, and deployment in a honeypot environment. [Thesis]. University of Illinois – Urbana-Champaign; 2015. Available from: http://hdl.handle.net/2142/89057

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Penn State University

15. Sridhar, Srikumar. Testbed Design For Evaluation Of Active Cyber Defense Systems.

Degree: 2018, Penn State University

URL: https://etda.libraries.psu.edu/catalog/15730sus511

► As with any system, often times, an attacker only needs to know a single vulnerability to compromise the entire system. To ensure a system is… (more)

▼ As with any system, often times, an attacker only needs to know a single vulnerability to compromise the entire system. To ensure a system is free of vulnerability is extremely difficult, if not impossible, especially for large systems with over millions of lines of code. Hence, we focus on a cyber security methodology called Moving Target Defense (MTD). The philosophy of MTD is that instead of attempting to build flawless systems to prevent attacks, one may continually change the attack surface (certain system dimensions) over time in order to increase complexity and cost for attackers to probe the system and launch the attack.The approach taken for implementing MTD in this thesis involves a naive checkpoint and restore methodology. If either an application has come under attack or the application hasnt been switched for a while (a user-defined period), the container that it was running in will be killed and a new instance would be spawned(application switching). This would help prevent a single software vulnerability from compromising the whole system. The new instance of the application will begin its execution from the latest checkpoint available to it. We demonstrate this approach using checkpoint and restore in user space with docker containers.Additionally, we present the design of a complete, open-source, testbed for systems that utilize docker containers. Tools such as OSSEC (Open Source Host Based Intrusion Detection System Security), Snort (Network intrusion prevention and network intrusion detection system), Bro (Network intrusion detection system), Sysdig Falco (Runtime container monitoring tool) etc., are utilized to detect intrusions or anomalous behavior in a containerized environment. Multiple intrusion detection tools are enforced in the system while various exploits are carried out. We perform application switching along with IP mutation once an intrusion has been detected and evaluate the downtime associated with this process. We find that the process of checkpointing and restoring docker containers on the same host takes roughly 2.5 seconds. Advisors/Committee Members: Sencun Zhu, Thesis Advisor.

Subjects/Keywords: Moving Target Defense; Container Migration; Intrusion Detection

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Sridhar, S. (2018). Testbed Design For Evaluation Of Active Cyber Defense Systems. (Thesis). Penn State University. Retrieved from https://etda.libraries.psu.edu/catalog/15730sus511

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Sridhar, Srikumar. “Testbed Design For Evaluation Of Active Cyber Defense Systems.” 2018. Thesis, Penn State University. Accessed January 17, 2020. https://etda.libraries.psu.edu/catalog/15730sus511.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Sridhar, Srikumar. “Testbed Design For Evaluation Of Active Cyber Defense Systems.” 2018. Web. 17 Jan 2020.

Vancouver:

Sridhar S. Testbed Design For Evaluation Of Active Cyber Defense Systems. [Internet] [Thesis]. Penn State University; 2018. [cited 2020 Jan 17]. Available from: https://etda.libraries.psu.edu/catalog/15730sus511.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Sridhar S. Testbed Design For Evaluation Of Active Cyber Defense Systems. [Thesis]. Penn State University; 2018. Available from: https://etda.libraries.psu.edu/catalog/15730sus511

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

University of Technology, Sydney

16. Tran, TP. Innovative machine learning techniques for security detection problems.

Degree: 2009, University of Technology, Sydney

URL: http://hdl.handle.net/10453/30237

► Most of the currently available network security techniques cannot cope with the dynamic and increasingly complex nature of the attacks on distributed computer systems. Therefore,… (more)

▼ Most of the currently available network security techniques cannot cope with the dynamic and increasingly complex nature of the attacks on distributed computer systems. Therefore, an automated and adaptive defensive tool is imperative for computer networks. Alongside the existing techniques for preventing intrusions such as encryption and firewalls, Intrusion Detection System (IDS) technology has established itself as an emerging field that is able to detect unauthorized access and abuse of computer systems from both internal users and external offenders. Most of the novel approaches in this field have adopted Artificial Intelligence (AI) technologies such as Artificial Neural Networks (ANN) to improve detection performance. The true power and advantage of ANN lie in its ability to represent both linear and non-linear underlying functions and learn these functions directly from the data being modeled. However, ANN is computationally expensive due to its demanding processing power and this leads to the overfitting problem, i.e. the network is unable to extrapolate accurately once the input is outside of the training data range. These limitations challenge security systems with low detection rate, high false alarm rate and excessive computation cost. In this research, a novel Machine Learning (ML) algorithm is developed to alleviate those difficulties of conventional detection techniques used in available IDS. By implementing Adaptive Boosting and Semi-parametric radial-basis-function neural networks, this model aims at minimizing learning bias (how well the model fits the available sample data) and generalization variance (how stable the model is for unseen instances) at an affordable cost of computation. The proposed method is applied to a set of Security Detection Problems which aim to detect security breaches within computer networks. In particular, we consider two benchmarking problems: intrusion detection and anti-spam filtering. It is empirically shown that our technique outperforms other state-of-the-art predictive algorithms in both of the problems, with significantly increased detection accuracy, minimal false alarms and relatively low computation.

Subjects/Keywords: Intrusion detection system.; Machine learning.; Computer security.

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Tran, T. (2009). Innovative machine learning techniques for security detection problems. (Thesis). University of Technology, Sydney. Retrieved from http://hdl.handle.net/10453/30237

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Tran, TP. “Innovative machine learning techniques for security detection problems.” 2009. Thesis, University of Technology, Sydney. Accessed January 17, 2020. http://hdl.handle.net/10453/30237.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Tran, TP. “Innovative machine learning techniques for security detection problems.” 2009. Web. 17 Jan 2020.

Vancouver:

Tran T. Innovative machine learning techniques for security detection problems. [Internet] [Thesis]. University of Technology, Sydney; 2009. [cited 2020 Jan 17]. Available from: http://hdl.handle.net/10453/30237.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Tran T. Innovative machine learning techniques for security detection problems. [Thesis]. University of Technology, Sydney; 2009. Available from: http://hdl.handle.net/10453/30237

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

NSYSU

17. Yu Yang, Peng. Detecting Botnet-based Joint Attacks by Hidden Markov Model.

Degree: Master, Information Management, 2012, NSYSU

URL: http://etd.lib.nsysu.edu.tw/ETD-db/ETD-search/view_etd?URN=etd-0906112-214543

► We present a new detection model include monitoring network perimeter and hosts logs to counter the new method of attacking involve different hosts source during… (more)

Subjects/Keywords: Intrusion Detection System; Botnet; Hidden Markov Chain

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Yu Yang, P. (2012). Detecting Botnet-based Joint Attacks by Hidden Markov Model. (Thesis). NSYSU. Retrieved from http://etd.lib.nsysu.edu.tw/ETD-db/ETD-search/view_etd?URN=etd-0906112-214543

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Yu Yang, Peng. “Detecting Botnet-based Joint Attacks by Hidden Markov Model.” 2012. Thesis, NSYSU. Accessed January 17, 2020. http://etd.lib.nsysu.edu.tw/ETD-db/ETD-search/view_etd?URN=etd-0906112-214543.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Yu Yang, Peng. “Detecting Botnet-based Joint Attacks by Hidden Markov Model.” 2012. Web. 17 Jan 2020.

Vancouver:

Yu Yang P. Detecting Botnet-based Joint Attacks by Hidden Markov Model. [Internet] [Thesis]. NSYSU; 2012. [cited 2020 Jan 17]. Available from: http://etd.lib.nsysu.edu.tw/ETD-db/ETD-search/view_etd?URN=etd-0906112-214543.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Yu Yang P. Detecting Botnet-based Joint Attacks by Hidden Markov Model. [Thesis]. NSYSU; 2012. Available from: http://etd.lib.nsysu.edu.tw/ETD-db/ETD-search/view_etd?URN=etd-0906112-214543

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Penn State University

18. Chen, Po-Chun. Experience-Based Cyber Security Analytics.

Degree: PhD, Computer Science and Engineering, 2010, Penn State University

URL: https://etda.libraries.psu.edu/catalog/11363

► As the demand for computational resources and connectivity increases and contemporary computer network systems become more complex, the management of cyber security is progressively becoming… (more)

Subjects/Keywords: Cyber Situation Awareness; Intrusion Detection; Situation Recognition

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Chen, P. (2010). Experience-Based Cyber Security Analytics. (Doctoral Dissertation). Penn State University. Retrieved from https://etda.libraries.psu.edu/catalog/11363

Chicago Manual of Style (16^th Edition):

Chen, Po-Chun. “Experience-Based Cyber Security Analytics.” 2010. Doctoral Dissertation, Penn State University. Accessed January 17, 2020. https://etda.libraries.psu.edu/catalog/11363.

MLA Handbook (7^th Edition):

Chen, Po-Chun. “Experience-Based Cyber Security Analytics.” 2010. Web. 17 Jan 2020.

Vancouver:

Chen P. Experience-Based Cyber Security Analytics. [Internet] [Doctoral dissertation]. Penn State University; 2010. [cited 2020 Jan 17]. Available from: https://etda.libraries.psu.edu/catalog/11363.

Council of Science Editors:

Chen P. Experience-Based Cyber Security Analytics. [Doctoral Dissertation]. Penn State University; 2010. Available from: https://etda.libraries.psu.edu/catalog/11363

19. Wang, Zhuo. Using Neural Networks in Intrusion Detection System for Cloud Computing .

Degree: 2014, California State University – San Marcos

URL: http://hdl.handle.net/10211.3/131348

► Information security is an issue of global concern nowadays. The complexity, accessibility, and extensiveness of the Internet have led to tremendous increase of security risk… (more)

▼ Information security is an issue of global concern nowadays. The complexity, accessibility, and extensiveness of the Internet have led to tremendous increase of security risk of information systems. The situation hasn't been improved and the harm and loss an intruder or a malicious attack can cause to an information system are known by more and more people, especially when the term "cloud computing" appeared in people's sights. Because of the grid distribution of cloud computing users, and their lack of knowledge on managing the cloud services, these users and their systems are always regarded as easy targets for intruders looking for possible vulnerabilities. In this case, an intrusion detection system (IDS) which collects user behaviors in the network and detects malicious activities can protect our systems from the attacks. Neural networks are widely applied in designing IDSs, because of their adaptation and qualifications in dealing with large scale of data, in our case, the dramatically large quantities of user behaviors through the Internet. Recently, in the area of artificial neural networks, the concept of combining multiple networks has been proposed as a fresh direction for the design and development of highly reliable IDS. An intrusion detection system built based on Multilayer perceptron (MLP) neural network and k-means neural network is presented in this thesis; the system combines both supervised learning and unsupervised learning methods and outperforms the intrusion detecting accuracy rate from systems based on either of them. The key idea of this system is to discover useful patterns or features that describe user behavior on a system, and this set of relevant features is used to build classifiers that can distinguish anomalies and known intrusions with normal user behaviors. Using a set of benchmark data from a KDD (Knowledge Discovery and Data Mining) competition supported by DARPA (Defense Advanced Research Projects Agency), the efficiency and accuracy this proposed system can achieve is demonstrated and the comparison between the performances of proposed system and other IDSs using only MLP, K-means and other neural networks or techniques like SOM (Self-organized Maps) and Radial Basis Function (RBF) are presented. Keywords: Cloud Computing, Intrusion Detection System (IDS), Artificial Neural Network (ANN), Supervised Learning, Unsupervised Learning, Multilayer Perceptron (MLP), K-means Algorithm Advisors/Committee Members: Wu, Shaun-inn (advisor).

Subjects/Keywords: Neural Networks; Intrusion Detection System; Cloud Computing

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Wang, Z. (2014). Using Neural Networks in Intrusion Detection System for Cloud Computing . (Thesis). California State University – San Marcos. Retrieved from http://hdl.handle.net/10211.3/131348

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Wang, Zhuo. “Using Neural Networks in Intrusion Detection System for Cloud Computing .” 2014. Thesis, California State University – San Marcos. Accessed January 17, 2020. http://hdl.handle.net/10211.3/131348.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Wang, Zhuo. “Using Neural Networks in Intrusion Detection System for Cloud Computing .” 2014. Web. 17 Jan 2020.

Vancouver:

Wang Z. Using Neural Networks in Intrusion Detection System for Cloud Computing . [Internet] [Thesis]. California State University – San Marcos; 2014. [cited 2020 Jan 17]. Available from: http://hdl.handle.net/10211.3/131348.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Wang Z. Using Neural Networks in Intrusion Detection System for Cloud Computing . [Thesis]. California State University – San Marcos; 2014. Available from: http://hdl.handle.net/10211.3/131348

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

University of Victoria

20. Bin Aftab, Muhammad Usama. A Hybrid Framework for Intrusion Detection in Wireless Mesh Networks.

Degree: Department of Electrical and Computer Engineering, 2015, University of Victoria

URL: http://hdl.handle.net/1828/6984

► Network security is an important domain in the field of computer engineering. Sensitive information flowing across computer networks is vulnerable to potential threats, therefore it… (more)

Subjects/Keywords: wireless; mesh networks; intrusion detection; network security

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Bin Aftab, M. U. (2015). A Hybrid Framework for Intrusion Detection in Wireless Mesh Networks. (Masters Thesis). University of Victoria. Retrieved from http://hdl.handle.net/1828/6984

Chicago Manual of Style (16^th Edition):

Bin Aftab, Muhammad Usama. “A Hybrid Framework for Intrusion Detection in Wireless Mesh Networks.” 2015. Masters Thesis, University of Victoria. Accessed January 17, 2020. http://hdl.handle.net/1828/6984.

MLA Handbook (7^th Edition):

Bin Aftab, Muhammad Usama. “A Hybrid Framework for Intrusion Detection in Wireless Mesh Networks.” 2015. Web. 17 Jan 2020.

Vancouver:

Bin Aftab MU. A Hybrid Framework for Intrusion Detection in Wireless Mesh Networks. [Internet] [Masters thesis]. University of Victoria; 2015. [cited 2020 Jan 17]. Available from: http://hdl.handle.net/1828/6984.

Council of Science Editors:

Bin Aftab MU. A Hybrid Framework for Intrusion Detection in Wireless Mesh Networks. [Masters Thesis]. University of Victoria; 2015. Available from: http://hdl.handle.net/1828/6984

University of Victoria

21. Wang, Hongrui. Online intrusion detection design and implementation for SCADA networks.

Degree: Department of Electrical and Computer Engineering, 2017, University of Victoria

URL: http://hdl.handle.net/1828/7984

► The standardization and interconnection of supervisory control and data acquisition (SCADA) systems has exposed the systems to cyber attacks. To improve the security of the… (more)

▼ The standardization and interconnection of supervisory control and data acquisition (SCADA) systems has exposed the systems to cyber attacks. To improve the security of the SCADA systems, intrusion detection system (IDS) design is an effective method. However, traditional IDS design in the industrial networks mainly exploits the prede fined rules, which needs to be complemented and developed to adapt to the big data scenario. Therefore, this thesis aims to design an anomaly-based novel hierarchical online intrusion detection system (HOIDS) for SCADA networks based on machine learning algorithms theoretically and implement the theoretical idea of the anomaly-based intrusion detection on a testbed. The theoretical design of HOIDS by utilizing the server-client topology while keeping clients distributed for global protection, high detection rate is achieved with minimum network impact. We implement accurate models of normal-abnormal binary detection and multi-attack identification based on logistic regression and quasi-Newton optimization algorithm using the Broyden-Fletcher-Goldfarb-Shanno approach. The detection system is capable of accelerating detection by information gain based feature selection or principle component analysis based dimension reduction. By evaluating our system using the KDD99 dataset and the industrial control system datasets, we demonstrate that our design is highly scalable, e fficient and cost effective for securing SCADA infrastructures. Besides the theoretical IDS design, a testbed is modi ed and implemented for SCADA network security research. It simulates the working environment of SCADA systems with the functions of data collection and analysis for intrusion detection. The testbed is implemented to be more flexible and extensible compared to the existing related work on the testbeds. In the testbed, Bro network analyzer is introduced to support the research of anomaly-based intrusion detection. The procedures of both signature-based intrusion detection and anomaly-based intrusion detection using Bro analyzer are also presented. Besides, a generic Linux-based host is used as the container of different network functions and a human machine interface (HMI) together with the supervising network is set up to simulate the control center. The testbed does not implement a large number of traffic generation methods, but still provides useful examples of generating normal and abnormal traffic. Besides, the testbed can be modi ed or expanded in the future work about SCADA network security. Advisors/Committee Members: Dong, Xiaodai (supervisor), Lu, Tao (supervisor).

Subjects/Keywords: Intrusion detection; SCADA networks; Machine learning

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Wang, H. (2017). Online intrusion detection design and implementation for SCADA networks. (Masters Thesis). University of Victoria. Retrieved from http://hdl.handle.net/1828/7984

Chicago Manual of Style (16^th Edition):

Wang, Hongrui. “Online intrusion detection design and implementation for SCADA networks.” 2017. Masters Thesis, University of Victoria. Accessed January 17, 2020. http://hdl.handle.net/1828/7984.

MLA Handbook (7^th Edition):

Wang, Hongrui. “Online intrusion detection design and implementation for SCADA networks.” 2017. Web. 17 Jan 2020.

Vancouver:

Wang H. Online intrusion detection design and implementation for SCADA networks. [Internet] [Masters thesis]. University of Victoria; 2017. [cited 2020 Jan 17]. Available from: http://hdl.handle.net/1828/7984.

Council of Science Editors:

Wang H. Online intrusion detection design and implementation for SCADA networks. [Masters Thesis]. University of Victoria; 2017. Available from: http://hdl.handle.net/1828/7984

Virginia Tech

22. Dunning, John Paul. Bluetooth Threat Taxonomy.

Degree: MS, Computer Science, 2010, Virginia Tech

URL: http://hdl.handle.net/10919/76883

► Since its release in 1999, Bluetooth has become a commonly used technology available on billions of devices through the world. Bluetooth is a wireless technology… (more)

Subjects/Keywords: Intrusion Detection; Taxonomy; Security; Bluetooth; Exploit

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Dunning, J. P. (2010). Bluetooth Threat Taxonomy. (Masters Thesis). Virginia Tech. Retrieved from http://hdl.handle.net/10919/76883

Chicago Manual of Style (16^th Edition):

Dunning, John Paul. “Bluetooth Threat Taxonomy.” 2010. Masters Thesis, Virginia Tech. Accessed January 17, 2020. http://hdl.handle.net/10919/76883.

MLA Handbook (7^th Edition):

Dunning, John Paul. “Bluetooth Threat Taxonomy.” 2010. Web. 17 Jan 2020.

Vancouver:

Dunning JP. Bluetooth Threat Taxonomy. [Internet] [Masters thesis]. Virginia Tech; 2010. [cited 2020 Jan 17]. Available from: http://hdl.handle.net/10919/76883.

Council of Science Editors:

Dunning JP. Bluetooth Threat Taxonomy. [Masters Thesis]. Virginia Tech; 2010. Available from: http://hdl.handle.net/10919/76883

23. Sakthivelmurugan, Sakthiyuvaraja. An empirical approach to modeling uncertainty in intrusion analysis.

Degree: MS, Department of Computing and Information Sciences, 2009, Kansas State University

URL: http://hdl.handle.net/2097/2337

► A well-known problem in current intrusion detection tools is that they create too many low-level alerts and system administrators find it hard to cope up… (more)

▼ A well-known problem in current intrusion detection tools is that they create too many low-level alerts and system administrators find it hard to cope up with the huge volume. Also, when they have to combine multiple sources of information to confirm an attack, there is a dramatic increase in the complexity. Attackers use sophisticated techniques to evade the detection and current system monitoring tools can only observe the symptoms or effects of malicious activities. When mingled with similar effects from normal or non-malicious behavior they lead intrusion analysis to conclusions of varying confidence and high false positive/negative rates. In this thesis work we present an empirical approach to the problem of modeling uncertainty where inferred security implications of low-level observations are captured in a simple logical language augmented with uncertainty tags. We have designed an automated reasoning process that enables us to combine multiple sources of system monitoring data and extract highly-confident attack traces from the numerous possible interpretations of low-level observations. We have developed our model empirically: the starting point was a true intrusion that happened on a campus network we studied to capture the essence of the human reasoning process that led to conclusions about the attack. We then used a Datalog-like language to encode the model and a Prolog system to carry out the reasoning process. Our model and reasoning system reached the same conclusions as the human administrator on the question of which machines were certainly compromised. We then automatically generated the reasoning model needed for handling Snort alerts from the natural-language descriptions in the Snort rule repository, and developed a Snort add-on to analyze Snort alerts. Keeping the reasoning model unchanged, we applied our reasoning system to two third-party data sets and one production network. Our results showed that the reasoning model is effective on these data sets as well. We believe such an empirical approach has the potential of codifying the seemingly ad-hoc human reasoning of uncertain events, and can yield useful tools for automated intrusion analysis. Advisors/Committee Members: Xinming (Simon) Ou.

Subjects/Keywords: Intrusion Detection; Uncertainty; Logic; Computer Science (0984)

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Sakthivelmurugan, S. (2009). An empirical approach to modeling uncertainty in intrusion analysis. (Masters Thesis). Kansas State University. Retrieved from http://hdl.handle.net/2097/2337

Chicago Manual of Style (16^th Edition):

Sakthivelmurugan, Sakthiyuvaraja. “An empirical approach to modeling uncertainty in intrusion analysis.” 2009. Masters Thesis, Kansas State University. Accessed January 17, 2020. http://hdl.handle.net/2097/2337.

MLA Handbook (7^th Edition):

Sakthivelmurugan, Sakthiyuvaraja. “An empirical approach to modeling uncertainty in intrusion analysis.” 2009. Web. 17 Jan 2020.

Vancouver:

Sakthivelmurugan S. An empirical approach to modeling uncertainty in intrusion analysis. [Internet] [Masters thesis]. Kansas State University; 2009. [cited 2020 Jan 17]. Available from: http://hdl.handle.net/2097/2337.

Council of Science Editors:

Sakthivelmurugan S. An empirical approach to modeling uncertainty in intrusion analysis. [Masters Thesis]. Kansas State University; 2009. Available from: http://hdl.handle.net/2097/2337

University of Melbourne

24. WAHID, ALIF. Estimating the Internet malicious host population while preserving privacy.

Degree: 2013, University of Melbourne

URL: http://hdl.handle.net/11343/38139

► The Internet is a globally significant infrastructure that attracts a large number of threats posed by the population of malicious hosts within it. These threats… (more)

▼ The Internet is a globally significant infrastructure that attracts a large number of threats posed by the population of malicious hosts within it. These threats scale with the size of the malicious host population, which makes the accurate estimation of this population an important challenge. The difficulty of this challenge is further compounded by the conflicting requirements of preserving the privacy of bystanders associated with malicious host behaviour while accurately identifying malicious host instances across the Internet. In this thesis, we address this challenge of estimating the Internet malicious host population while preserving privacy. We begin by identifying four major research problems that have not been addressed in the literature. First is the lack of a model for host-to-address bindings. Second is the characterisation of malicious address properties. Third is the correlation of independent measurements. And fourth is the development of dynamic countermeasures. We subsequently proceed to develop novel solutions corresponding to the first three problems, while the fourth remains to be addressed in the future. Our first contribution is the development of a probabilistic model for host-to-address bindings, which allows the number of hosts that attached to an observed address to be inferred based on privacy preserving data sets and a publicly accessible ground truth. We demonstrate the properties of this model in terms of preferential attachment and point out its primary benefit in terms of enabling the inference of host behaviour based only on address characteristics, which is a necessary condition for privacy preservation. However, this leads to the need for an understanding of various address characteristics in order to draw reliable and robust inferences. Our second contribution is the analysis of a large repository of intrusion alerts from globally distributed vantage points that provide access to various characteristics of malicious addresses. We find that alerted addresses are active for very short periods in the order of a few minutes and that they rarely appear more than once. We also find that there are statistically self-similar properties corresponding to these addresses in terms of non-existent temporal and spatial clusters. The main implication is that intrusion alerts contain the necessary information for use with our model of host-to-address bindings but lack sufficient robustness for reliably estimating the number of malicious hosts corresponding to an address due to the presence of spoofed and inactive sources. Our third contribution is the combined analysis of passive measurements in the form of intrusion alerts with active measurements in the form of ping responses in order to identify those addresses that are active, attached, allocated and malicious simultaneously across two different data sets…

Subjects/Keywords: intrusion detection; privacy protection; network security

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

WAHID, A. (2013). Estimating the Internet malicious host population while preserving privacy. (Doctoral Dissertation). University of Melbourne. Retrieved from http://hdl.handle.net/11343/38139

Chicago Manual of Style (16^th Edition):

WAHID, ALIF. “Estimating the Internet malicious host population while preserving privacy.” 2013. Doctoral Dissertation, University of Melbourne. Accessed January 17, 2020. http://hdl.handle.net/11343/38139.

MLA Handbook (7^th Edition):

WAHID, ALIF. “Estimating the Internet malicious host population while preserving privacy.” 2013. Web. 17 Jan 2020.

Vancouver:

WAHID A. Estimating the Internet malicious host population while preserving privacy. [Internet] [Doctoral dissertation]. University of Melbourne; 2013. [cited 2020 Jan 17]. Available from: http://hdl.handle.net/11343/38139.

Council of Science Editors:

WAHID A. Estimating the Internet malicious host population while preserving privacy. [Doctoral Dissertation]. University of Melbourne; 2013. Available from: http://hdl.handle.net/11343/38139

University of Houston

25. Zhang, Hongyang 1988-. Detecting Network Intruders by Examining Packet Crossovers in Connections.

Degree: Computer Science, Department of, 2014, University of Houston

URL: http://hdl.handle.net/10657/867

► Routing packet traffic through a chain of hosts is a common technique for hackers to attack a victim machine without exposing themselves. Generally, a long… (more)

Subjects/Keywords: Intrusion detection; Stepping-stone; Computer science

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Zhang, H. 1. (2014). Detecting Network Intruders by Examining Packet Crossovers in Connections. (Thesis). University of Houston. Retrieved from http://hdl.handle.net/10657/867

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Zhang, Hongyang 1988-. “Detecting Network Intruders by Examining Packet Crossovers in Connections.” 2014. Thesis, University of Houston. Accessed January 17, 2020. http://hdl.handle.net/10657/867.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Zhang, Hongyang 1988-. “Detecting Network Intruders by Examining Packet Crossovers in Connections.” 2014. Web. 17 Jan 2020.

Vancouver:

Zhang H1. Detecting Network Intruders by Examining Packet Crossovers in Connections. [Internet] [Thesis]. University of Houston; 2014. [cited 2020 Jan 17]. Available from: http://hdl.handle.net/10657/867.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Zhang H1. Detecting Network Intruders by Examining Packet Crossovers in Connections. [Thesis]. University of Houston; 2014. Available from: http://hdl.handle.net/10657/867

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

University of Waterloo

26. Zaman, Safaa. A Collaborative Architecture for Distributed Intrusion Detection System based on Lightweight Modules.

Degree: 2009, University of Waterloo

URL: http://hdl.handle.net/10012/4505

► A variety of intrusion prevention techniques, such as user authentication (e.g.: using passwords), avoidance of programming errors, and information protection, have been used to protect… (more)

▼ A variety of intrusion prevention techniques, such as user authentication (e.g.: using passwords), avoidance of programming errors, and information protection, have been used to protect computer systems. However, intrusion prevention alone is not sufficient to protect our systems, as those systems become ever more complex with the rapid growth and expansion of Internet technology and local network systems. Moreover, programming errors, firewall configuration errors, and ambiguous or undefined security policies add to the system’s complexity. An Intrusion Detection System (IDS) is therefore needed as another layer to protect computer systems. The IDS is one of the most important techniques of information dynamic security technology. It is defined as a process of monitoring the events occurring in a computer system or network and analyzing them to differentiate between normal activities of the system and behaviours that can be classified as suspicious or intrusive. Current Intrusion Detection Systems have several known shortcomings, such as: low accuracy (registering high False Positives and False Negatives); low real-time performance (processing a large amount of traffic in real time); limited scalability (storing a large number of user profiles and attack signatures); an inability to detect new attacks (recognizing new attacks when they are launched for the first time); and weak system-reactive capabilities (efficiency of response). This makes the area of IDS an attractive research field. In recent years, researchers have investigated techniques such as artificial intelligence, autonomous agents, and distributed systems for detecting intrusion in network environments. This thesis presents a novel IDS distributed architecture – Collaborative Distributed Intrusion Detection System (C-dIDS), based on lightweight IDS modules – that integrates two main concepts in order to improve IDS performance and the scalability: lightweight IDS and collaborative architecture. To accomplish the first concept, lightweight IDS, we apply two different approaches: a features selection approach and an IDS classification scheme. In the first approach, each detector (IDS module) uses smaller amounts of data in the detection process by applying a novel features selection approach called the Fuzzy Enhanced Support Vector Decision Function (Fuzzy ESVDF). This approach improves the system scalability in terms of reducing the number of needed features without degrading the overall system performance. The second approach uses a new IDS classification scheme. The proposed IDS classification scheme employs multiple specialized detectors in each layer of the TCP/IP network model. This helps collecting efficient and useful information for dIDS, increasing the system’s ability to detect different attack types and reducing the system’s scalability. The second concept uses a novel architecture for dIDS called Collaborative Distributed Intrusion Detection System (C-dIDS) to integrate these different specialized detectors (IDS modules) that…

Subjects/Keywords: Intrusion Detection Systems

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Zaman, S. (2009). A Collaborative Architecture for Distributed Intrusion Detection System based on Lightweight Modules. (Thesis). University of Waterloo. Retrieved from http://hdl.handle.net/10012/4505

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Zaman, Safaa. “A Collaborative Architecture for Distributed Intrusion Detection System based on Lightweight Modules.” 2009. Thesis, University of Waterloo. Accessed January 17, 2020. http://hdl.handle.net/10012/4505.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Zaman, Safaa. “A Collaborative Architecture for Distributed Intrusion Detection System based on Lightweight Modules.” 2009. Web. 17 Jan 2020.

Vancouver:

Zaman S. A Collaborative Architecture for Distributed Intrusion Detection System based on Lightweight Modules. [Internet] [Thesis]. University of Waterloo; 2009. [cited 2020 Jan 17]. Available from: http://hdl.handle.net/10012/4505.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Zaman S. A Collaborative Architecture for Distributed Intrusion Detection System based on Lightweight Modules. [Thesis]. University of Waterloo; 2009. Available from: http://hdl.handle.net/10012/4505

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

University of New South Wales

27. Creech, Gideon. Developing a high-accuracy cross platform Host-Based Intrusion Detection System capable of reliably detecting zero-day attacks.

Degree: Engineering & Information Technology, 2014, University of New South Wales

URL: http://handle.unsw.edu.au/1959.4/53218 ; https://unsworks.unsw.edu.au/fapi/datastream/unsworks:11913/SOURCE02?view=true

► Current anomaly host-based intrusion detection systems are limited in accuracy with any increase in detection rate resulting in a corresponding increase in false alarm rate.… (more)

▼ Current anomaly host-based intrusion detection systems are limited in accuracy with any increase in detection rate resulting in a corresponding increase in false alarm rate. Furthermore, present technology is largely limited in scope to the Linux operating system, with the popular Windows family of computers forced to rely on signature-based protection schemes.This thesis investigates the development of a new approach to host-based intrusion detection system design with the specific aims of improving performance beyond that of existing technology and developing a cross platform approach to intrusion detection. This research has made three original and significant contributions to the field, and represents a marked advance in the body of knowledge.The first major contribution is the development of a new semantic approach to system call data processing, allowing the creation of host-based intrusion detection systems for the Linux operating system which perform significantly better than existing approaches. Performance was evaluated against existing datasets and also against a new modern dataset designed as part of this research. The second key contribution is the development of a new theory which allows the deployment of traditional system call centric Linux anomaly-based intrusion detection systems on the Windows operating system for the first time. This significant technological advance means that protection against zero-day attacks is now possible on this operating system for the first time. These results were tested using a second new dataset designed as part of this research.The final key contribution of this thesis is the development of a new attack methodology which is able to bypass traditional Windows signature-based defences without any obfuscation. The revelation of this new attack technology is an important contribution in and of itself as it allows the community of researchers worldwide to address this important weakness in current approaches. Notwithstanding this threat, host-based intrusion detection systems which use the first two new theories outlined in this thesis are shown to be able to detect this new attack class with a high degree of accuracy, allowing effective protection and significantly mitigating this threat. Advisors/Committee Members: Hu, Jiankun, Engineering & Information Technology, UNSW Canberra, UNSW, Brown, Lawrie, Engineering & Information Technology, UNSW Canberra, UNSW.

Subjects/Keywords: Hacking; Intrusion detection; Zero-day attacks

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Creech, G. (2014). Developing a high-accuracy cross platform Host-Based Intrusion Detection System capable of reliably detecting zero-day attacks. (Doctoral Dissertation). University of New South Wales. Retrieved from http://handle.unsw.edu.au/1959.4/53218 ; https://unsworks.unsw.edu.au/fapi/datastream/unsworks:11913/SOURCE02?view=true

Chicago Manual of Style (16^th Edition):

Creech, Gideon. “Developing a high-accuracy cross platform Host-Based Intrusion Detection System capable of reliably detecting zero-day attacks.” 2014. Doctoral Dissertation, University of New South Wales. Accessed January 17, 2020. http://handle.unsw.edu.au/1959.4/53218 ; https://unsworks.unsw.edu.au/fapi/datastream/unsworks:11913/SOURCE02?view=true.

MLA Handbook (7^th Edition):

Creech, Gideon. “Developing a high-accuracy cross platform Host-Based Intrusion Detection System capable of reliably detecting zero-day attacks.” 2014. Web. 17 Jan 2020.

Vancouver:

Creech G. Developing a high-accuracy cross platform Host-Based Intrusion Detection System capable of reliably detecting zero-day attacks. [Internet] [Doctoral dissertation]. University of New South Wales; 2014. [cited 2020 Jan 17]. Available from: http://handle.unsw.edu.au/1959.4/53218 ; https://unsworks.unsw.edu.au/fapi/datastream/unsworks:11913/SOURCE02?view=true.

Council of Science Editors:

Creech G. Developing a high-accuracy cross platform Host-Based Intrusion Detection System capable of reliably detecting zero-day attacks. [Doctoral Dissertation]. University of New South Wales; 2014. Available from: http://handle.unsw.edu.au/1959.4/53218 ; https://unsworks.unsw.edu.au/fapi/datastream/unsworks:11913/SOURCE02?view=true

Colorado State University

28. Zhang, Han. Detecting advanced botnets in enterprise networks.

Degree: PhD, Computer Science, 2017, Colorado State University

URL: http://hdl.handle.net/10217/181362

► A botnet is a network composed of compromised computers that are controlled by a botmaster through command and control (C&C) channel. Botnets are more destructive… (more)

▼ A botnet is a network composed of compromised computers that are controlled by a botmaster through command and control (C&C) channel. Botnets are more destructive compared to common virus and malware, because they control the resources from many compromised computers. Botnets provide a very important platform for attacks, such as Distributed Denial-of-Service (DDoS), spamming, scanning, and many more. To foil detection systems, botnets began to use various evasion techniques, including encrypted communications, dynamically generated C&C domains, and more. We call such botnets that use evasion techniques as advanced botnets. In this dissertation, we introduce various algorithms and systems to detect advanced botnets in enterprise-like network environment. Encrypted botnets introduce several problems to detection. First, to enable research in detecting encrypted botnets, researchers need samples of encrypted botnet traces with ground truth, which are very hard to get. Traces that are available are not customizable, which prevents testing under various controlled scenarios. To address this problem we introduce BotTalker, a tool that can be used to generate customized encrypted botnet communication traffic. BotTalker emulates the actions a bot would take to encrypt communication. To the best of our knowledge, BotTalker is the first work that provides users customized encrypted botnet traffic. The second problem introduced by encrypted botnets is that Deep Packet Inspection (DPI)-based security systems are foiled. We measure the effects of encryption on three security systems, including Snort, Suricata and BotHunter (BH) using the encrypted botnet traffic generated by BotTalker. The results show that encryption foils these systems greatly. Then, we introduce a method to detect encrypted botnet traffic based on the fact that encryption increases data's entropy. In particular, we present two high-entropy (HE) classifiers and add one of them to enhance BH by utilizing the other detectors it provides. By doing this HE classifier restores BH's ability to detect bots, even when they use encryption. Entropy calculation at line speed is expensive, especially when the flows are very long. To deal with this issue, we introduce two algorithms to classify flows as HE by looking at only part of a flow. In particular, we classify a flow as HE or low entropy (LE) by only considering the first M packets of the flow. These early HE classifiers are used in two ways: (a) to improve the speed of bot detection tools, and (b) as a filter to reduce the load on an Intrusion Detection System (IDS). We implement the filter as a preprocessor in Snort. The results show that by using the first 15 packets of a flow the traffic delivered to IDS is reduced by more than 50% while maintaining more than 99.9% of the original alerts. Comparing our traffic reduction scheme with other work we find that they need to inspect at least 13 times more packets than ours or they miss about 70 times of the alerts. To improve the resiliency of communication between… Advisors/Committee Members: Papadopoulos, Christos (advisor), Ray, Indrakshi (committee member), Pallickara, Shrideep (committee member), Hayne, Stephen C. (committee member).

Subjects/Keywords: DNS; Network Security; Intrusion Detection System; Botnet

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Zhang, H. (2017). Detecting advanced botnets in enterprise networks. (Doctoral Dissertation). Colorado State University. Retrieved from http://hdl.handle.net/10217/181362

Chicago Manual of Style (16^th Edition):

Zhang, Han. “Detecting advanced botnets in enterprise networks.” 2017. Doctoral Dissertation, Colorado State University. Accessed January 17, 2020. http://hdl.handle.net/10217/181362.

MLA Handbook (7^th Edition):

Zhang, Han. “Detecting advanced botnets in enterprise networks.” 2017. Web. 17 Jan 2020.

Vancouver:

Zhang H. Detecting advanced botnets in enterprise networks. [Internet] [Doctoral dissertation]. Colorado State University; 2017. [cited 2020 Jan 17]. Available from: http://hdl.handle.net/10217/181362.

Council of Science Editors:

Zhang H. Detecting advanced botnets in enterprise networks. [Doctoral Dissertation]. Colorado State University; 2017. Available from: http://hdl.handle.net/10217/181362

Florida International University

29. Jing, Xueyan. Innovative Two-Stage Fuzzy Classification for Unknown Intrusion Detection.

Degree: PhD, Electrical Engineering, 2016, Florida International University

URL: https://digitalcommons.fiu.edu/etd/2436 ; 10.25148/etd.FIDC000288 ; FIDC000288

► Intrusion detection is the essential part of network security in combating against illegal network access or malicious cyberattacks. Due to the constantly evolving nature… (more)

▼ Intrusion detection is the essential part of network security in combating against illegal network access or malicious cyberattacks. Due to the constantly evolving nature of cyber attacks, it has been a technical challenge for an intrusion detection system (IDS) to effectively recognize unknown attacks or known attacks with inadequate training data. Therefore in this dissertation work, an innovative two-stage classifier is developed for accurately and efficiently detecting both unknown attacks and known attacks with insufficient or inaccurate training information. The novel two-stage fuzzy classification scheme is based on advanced machine learning techniques specifically for handling the ambiguity of traffic connections and network data. In the first stage of the classification, a fuzzy C-means (FCM) algorithm is employed to softly compute and optimize clustering centers of the training datasets with some degree of fuzziness counting for feature inaccuracy and ambiguity in the training data. Subsequently, a distance-weighted k-NN (k-nearest neighbors) classifier, combined with the Dempster-Shafer Theory (DST), is introduced to assess the belief functions and pignistic probabilities of the incoming data associated with each of known classes to further address the data uncertainty issue in the cyberattack data. In the second stage of the proposed classification algorithm, a subsequent classification scheme is implemented based on the obtained pignistic probabilities and their entropy functions to determine if the input data are normal, one of the known attacks or an unknown attack. Secondly, to strengthen the robustness to attacks, we form the three-layer hierarchy ensemble classifier based on the FCM weighted k-NN DST classifier to have more precise inferences than those made by a single classifier. The proposed intrusion detection algorithm is evaluated through the application of the KDD’99 datasets and their variants containing known and unknown attacks. The experimental results show that the new two-stage fuzzy KNN-DST classifier outperforms other well-known classifiers in intrusion detection and is especially effective in detecting unknown attacks. Advisors/Committee Members: Hai Deng, Frank Urban, Jean Andrian, Deng Pan.

Subjects/Keywords: intrusion detection; classification; fuzzy; Dempster-shafer theory

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Jing, X. (2016). Innovative Two-Stage Fuzzy Classification for Unknown Intrusion Detection. (Doctoral Dissertation). Florida International University. Retrieved from https://digitalcommons.fiu.edu/etd/2436 ; 10.25148/etd.FIDC000288 ; FIDC000288

Chicago Manual of Style (16^th Edition):

Jing, Xueyan. “Innovative Two-Stage Fuzzy Classification for Unknown Intrusion Detection.” 2016. Doctoral Dissertation, Florida International University. Accessed January 17, 2020. https://digitalcommons.fiu.edu/etd/2436 ; 10.25148/etd.FIDC000288 ; FIDC000288.

MLA Handbook (7^th Edition):

Jing, Xueyan. “Innovative Two-Stage Fuzzy Classification for Unknown Intrusion Detection.” 2016. Web. 17 Jan 2020.

Vancouver:

Jing X. Innovative Two-Stage Fuzzy Classification for Unknown Intrusion Detection. [Internet] [Doctoral dissertation]. Florida International University; 2016. [cited 2020 Jan 17]. Available from: https://digitalcommons.fiu.edu/etd/2436 ; 10.25148/etd.FIDC000288 ; FIDC000288.

Council of Science Editors:

Jing X. Innovative Two-Stage Fuzzy Classification for Unknown Intrusion Detection. [Doctoral Dissertation]. Florida International University; 2016. Available from: https://digitalcommons.fiu.edu/etd/2436 ; 10.25148/etd.FIDC000288 ; FIDC000288

30. Singh, Jatinder. Study of the enhancements in intrusion detection techniques for wireless local area network (WLAN).

Degree: 2012, Punjabi University; University College of Engineering

URL: http://shodhganga.inflibnet.ac.in/handle/10603/3650

► Wireless local area networks (wireless LANs, or WLANs) are changing the landscape of computer networking. In recent years, the proliferation of wireless devices coupled with… (more)

▼ Wireless local area networks (wireless LANs, or WLANs) are changing the landscape of computer networking. In recent years, the proliferation of wireless devices coupled with the demand for continual network connections without having to "plug in," are resulting in an explosive growth in enterprise WLANs. Wireless networks offer the benefits of increased productivity, easier network expansion, flexibility, and lower the cost of ownership. In addition Wireless LAN systems can be configured in a variety of topologies to meet the needs of specific applications and installations. Following the increasing demand for wireless data access, different kind of wireless communication technologies are being developed continually. On the other hand, Wireless LAN standards offer very unsatisfactory level of security and one could not truly trust them. Some commonly used attacks are more strained in wireless environment and some additional effort should be used to prevent those. The nature of the radio communication makes it practically impossible to prevent some attacks. In the literature number of techniques had been developed to address different types of attacks, but the effective detection of especially the Session hijacking, Man-in-the-middle, Denial of Services; Distributed Denial of Services and Shrew attacks are remain open challenges. The research work seeks to investigate the design of effective intrusion detection techniques in the WLAN. The research work embrace with the comprehensive review of; (i) the outstanding vulnerabilities and attacks in WLAN, (ii) the wireless intrusion detection techniques, and (iii) the intrusion detection tools to analyze their performance and enhancements for WLAN. This study provides the suggestive guidelines on the selection and design of Intrusion Detection Techniques for WLAN. In the research work, three new robust, efficient intrusion detection techniques (namely Cross Layer Based, MAC Layer Based and Distributed techniques) have been proposed that attains low misdetection ratio and false positive rate while increasing the packet delivery ratio. Further, we have developed an algorithm to automatically assign priority to the detected attack by cross layer detection technique using MAC layer based defense architecture. The performance of all these techniques has been evaluated in NS2 tool on the Fedora platform. First, A MAC Layer Based defense scheme is developed for Reduction-of-Quality (RoQ) attacks in WLAN, which not only detect, but also prevents the intruders in WLAN. The detection technique makes use of three status values that can be derived from the MAC layer: frequency of receiving RTS/CTS packets, frequency of sensing a busy channel, and the number of RTS/DATA retransmissions. When the number of RTS/CTS packets received exceeds a certain threshold RCth, it indicates that too many nodes are within the transmission range to compete for the channel. When the channel is sensed to be in a busy state, a node will persist in the backoff stage and stop the congestion window (CW)… Advisors/Committee Members: Kaur, Lakhwinder, Gupta, Savita.

Subjects/Keywords: WLAN; Computer Engineering; Intrusion Detection Techniques; Wireless Local Area Network (WLAN); Intrusion Detection; Wormhole attack

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Singh, J. (2012). Study of the enhancements in intrusion detection techniques for wireless local area network (WLAN). (Thesis). Punjabi University; University College of Engineering. Retrieved from http://shodhganga.inflibnet.ac.in/handle/10603/3650

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Singh, Jatinder. “Study of the enhancements in intrusion detection techniques for wireless local area network (WLAN).” 2012. Thesis, Punjabi University; University College of Engineering. Accessed January 17, 2020. http://shodhganga.inflibnet.ac.in/handle/10603/3650.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Singh, Jatinder. “Study of the enhancements in intrusion detection techniques for wireless local area network (WLAN).” 2012. Web. 17 Jan 2020.

Vancouver:

Singh J. Study of the enhancements in intrusion detection techniques for wireless local area network (WLAN). [Internet] [Thesis]. Punjabi University; University College of Engineering; 2012. [cited 2020 Jan 17]. Available from: http://shodhganga.inflibnet.ac.in/handle/10603/3650.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Singh J. Study of the enhancements in intrusion detection techniques for wireless local area network (WLAN). [Thesis]. Punjabi University; University College of Engineering; 2012. Available from: http://shodhganga.inflibnet.ac.in/handle/10603/3650

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Open Access Theses and Dissertations