You searched for subject:(Intrusion Detection)
.
Showing records 1 – 30 of
565 total matches.
◁ [1] [2] [3] [4] [5] … [19] ▶

University of Guelph
1.
Nyakundi, Eric.
USING SUPPORT VECTOR MACHINES IN ANOMALY INTRUSION DETECTION.
Degree: MS, School of Computer Science, 2015, University of Guelph
URL: https://atrium.lib.uoguelph.ca/xmlui/handle/10214/8880
► Recent increase in hacks and computer network attacks around the world, including Sony Pictures (2014), Home Depot (2014), and Target (2014) gives a compelling need…
(more)
▼ Recent increase in hacks and computer network attacks around the world, including Sony Pictures (2014), Home Depot (2014), and Target (2014) gives a compelling need to develop better
Intrusion Detection and Prevention systems. Network intrusions have become larger and more pervasive in nature. However, most anomaly
intrusion detection systems are plagued by large number of false positives thus limiting their use. In this Thesis as a contribution to building better
Intrusion Detection Systems, we classify intrusions using Support Vector Machines and perform experiments to determine their performance and compare them to other classifiers e.g naive-Bayes, multilayer perceptrons on the network
intrusion detection classification task. The classifiers are evaluated on the ISCX2012 dataset. The proposed Support Vector Machine classifier achieves 99.1% average
detection accuracy which demonstrates better performance compared to the modified gravitational search algorithm (MGSA) neural network which achieved 97.8% accuracy and the multi-objective genetic algorithm (MOGA) multilayer perceptron which achieved 97% average
detection accuracy.
Advisors/Committee Members: Obimbo, Charlie (advisor).
Subjects/Keywords: Support Vector Machines; Intrusion detection systems; Anomaly intrusion detection; Network intrusion detection
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Nyakundi, E. (2015). USING SUPPORT VECTOR MACHINES IN ANOMALY INTRUSION DETECTION. (Masters Thesis). University of Guelph. Retrieved from https://atrium.lib.uoguelph.ca/xmlui/handle/10214/8880
Chicago Manual of Style (16th Edition):
Nyakundi, Eric. “USING SUPPORT VECTOR MACHINES IN ANOMALY INTRUSION DETECTION.” 2015. Masters Thesis, University of Guelph. Accessed January 23, 2021.
https://atrium.lib.uoguelph.ca/xmlui/handle/10214/8880.
MLA Handbook (7th Edition):
Nyakundi, Eric. “USING SUPPORT VECTOR MACHINES IN ANOMALY INTRUSION DETECTION.” 2015. Web. 23 Jan 2021.
Vancouver:
Nyakundi E. USING SUPPORT VECTOR MACHINES IN ANOMALY INTRUSION DETECTION. [Internet] [Masters thesis]. University of Guelph; 2015. [cited 2021 Jan 23].
Available from: https://atrium.lib.uoguelph.ca/xmlui/handle/10214/8880.
Council of Science Editors:
Nyakundi E. USING SUPPORT VECTOR MACHINES IN ANOMALY INTRUSION DETECTION. [Masters Thesis]. University of Guelph; 2015. Available from: https://atrium.lib.uoguelph.ca/xmlui/handle/10214/8880
2.
Ferreira, Eduardo Alves.
Detecção autônoma de intrusões utilizando aprendizado de máquina.
Degree: Mestrado, Ciências de Computação e Matemática Computacional, 2011, University of São Paulo
URL: http://www.teses.usp.br/teses/disponiveis/55/55134/tde-28072011-160306/
;
► A evolução da tecnologia da informação popularizou o uso de sistemas computacionais para a automação de tarefas operacionais. As tarefas de implantação e manutenção desses…
(more)
▼ A evolução da tecnologia da informação popularizou o uso de sistemas computacionais para a automação de tarefas operacionais. As tarefas de implantação e manutenção desses sistemas computacionais, por outro lado, não acompanharam essa tendência de forma ágil, tendo sido, por anos, efetuadas de forma manual, implicando alto custo, baixa produtividade e pouca qualidade de serviço. A fim de preencher essa lacuna foi proposta uma iniciativa denominada Computação Autônoma, a qual visa prover capacidade de autogerenciamento a sistemas computacionais. Dentre os aspectos necessários para a construção de um sistema autônomo está a detecção de intrusão, responsável por monitorar o funcionamento e fluxos de dados de sistemas em busca de indícios de operações maliciosas. Dado esse contexto, este trabalho apresenta um sistema autônomo de detecção de intrusões em aplicações Web, baseado em técnicas de aprendizado de máquina com complexidade computacional próxima de linear. Esse sistema utiliza técnicas de agrupamento de dados e de detecção de novidades para caracterizar o comportamento normal de uma aplicação, buscando posteriormente por anomalias no funcionamento das aplicações. Observou-se que a técnica é capaz de detectar ataques com maior autonomia e menor dependência sobre contextos específicos em relação a trabalhos anteriores
The use of computers to automatically perform operational tasks is commonplace, thanks to the information technology evolution. The maintenance of computer systems, on the other hand, is commonly performed manually, resulting in high costs, low productivity and low quality of service. The Autonomous Computing initiative aims to approach this limitation, through selfmanagement of computer systems. In order to assemble a fully autonomous system, an intrusion detection application is needed to monitor the behavior and data flows on applications. Considering this context, an autonomous Web intrusion detection system is proposed, based on machine-learning techniques with near-linear computational complexity. This system is based on clustering and novelty detection techniques, characterizing an application behavior, to later pinpoint anomalies in live applications. By conducting experiments, we observed that this new approach is capable of detecting anomalies with less dependency on specific contexts than previous solutions
Advisors/Committee Members: Mello, Rodrigo Fernandes de.
Subjects/Keywords: Detecção de intrusão; Intrusion detection
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Ferreira, E. A. (2011). Detecção autônoma de intrusões utilizando aprendizado de máquina. (Masters Thesis). University of São Paulo. Retrieved from http://www.teses.usp.br/teses/disponiveis/55/55134/tde-28072011-160306/ ;
Chicago Manual of Style (16th Edition):
Ferreira, Eduardo Alves. “Detecção autônoma de intrusões utilizando aprendizado de máquina.” 2011. Masters Thesis, University of São Paulo. Accessed January 23, 2021.
http://www.teses.usp.br/teses/disponiveis/55/55134/tde-28072011-160306/ ;.
MLA Handbook (7th Edition):
Ferreira, Eduardo Alves. “Detecção autônoma de intrusões utilizando aprendizado de máquina.” 2011. Web. 23 Jan 2021.
Vancouver:
Ferreira EA. Detecção autônoma de intrusões utilizando aprendizado de máquina. [Internet] [Masters thesis]. University of São Paulo; 2011. [cited 2021 Jan 23].
Available from: http://www.teses.usp.br/teses/disponiveis/55/55134/tde-28072011-160306/ ;.
Council of Science Editors:
Ferreira EA. Detecção autônoma de intrusões utilizando aprendizado de máquina. [Masters Thesis]. University of São Paulo; 2011. Available from: http://www.teses.usp.br/teses/disponiveis/55/55134/tde-28072011-160306/ ;
3.
Victor, Ganta Jacob.
Intrusion Detection Systems False Positives;.
Degree: Compute Science Engineering, 2013, Jawaharlal Nehru Technological University, Hyderabad
URL: http://shodhganga.inflibnet.ac.in/handle/10603/19733
► Computers and internet have become a part of human life, to address security challenges tools like Anti-viruses, Firewalls, Intrusion Detection Systems (IDS) etc. are deployed.…
(more)
▼ Computers and internet have become a part of human
life, to address security challenges tools like Anti-viruses,
Firewalls, Intrusion Detection Systems (IDS) etc. are deployed. The
IDS is built in a way to allow known newlinegood and block known
bad or issue alerts and to check the intrusions. The IDS raises
alerts if, a user action significantly deviates from baseline
behavior or matching with signature. Partial or incomplete
interpretation of behavior or signature will result in False
Positive or False Negative. newlineThe act of flagging a given
behavior as illegal, even when it is legitimate is newlinedefined
as false positive. The research scholar noted nuisance created by
newlinefalse positives and was motivated to contribute to this
domain. The newlineoccurrence of false positives depends on design
or implementation of newlineIDS. This work is on IDS implementation
issues and the proposed framework that can be used by any
organization to address false newlinepositives.
newline
References p. 117-130 Appendix p.
131-154
Advisors/Committee Members: Rao, M Srinivasa.
Subjects/Keywords: Detection; False; Intrusion; Positives; Systems
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Victor, G. J. (2013). Intrusion Detection Systems False Positives;. (Thesis). Jawaharlal Nehru Technological University, Hyderabad. Retrieved from http://shodhganga.inflibnet.ac.in/handle/10603/19733
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Victor, Ganta Jacob. “Intrusion Detection Systems False Positives;.” 2013. Thesis, Jawaharlal Nehru Technological University, Hyderabad. Accessed January 23, 2021.
http://shodhganga.inflibnet.ac.in/handle/10603/19733.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Victor, Ganta Jacob. “Intrusion Detection Systems False Positives;.” 2013. Web. 23 Jan 2021.
Vancouver:
Victor GJ. Intrusion Detection Systems False Positives;. [Internet] [Thesis]. Jawaharlal Nehru Technological University, Hyderabad; 2013. [cited 2021 Jan 23].
Available from: http://shodhganga.inflibnet.ac.in/handle/10603/19733.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Victor GJ. Intrusion Detection Systems False Positives;. [Thesis]. Jawaharlal Nehru Technological University, Hyderabad; 2013. Available from: http://shodhganga.inflibnet.ac.in/handle/10603/19733
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Penn State University
4.
Jha, Manjari.
Probabilistic Techniques for Metagenomic Clustering and Intrusion Detection.
Degree: 2018, Penn State University
URL: https://submit-etda.libraries.psu.edu/catalog/15543mom5590
► This thesis focuses on developing probabilistic models for the analysis of diverse datasets using unsupervised clustering techniques. Primarily, we focus on two main fields: the…
(more)
▼ This thesis focuses on developing probabilistic models for the analysis of diverse datasets using unsupervised clustering techniques. Primarily, we focus on two main fields: the clustering of DNA reads derived from a metagenomic sample, and the separation of attacks from normal connections in a collection of network connection records.
Metagenomics involves the analysis of genomes of microorganisms sampled directly from their environment. Next Generation Sequencing allows a high-throughput sampling of small segments from genomes in the metagenome to generate reads. To study the properties and relationships of the microorganisms present, clustering can be performed based on the inherent composition of the sampled reads for unknown species.
We propose a two-dimensional lattice based probabilistic model for clustering metagenomic datasets. The occurrence of a species in the metagenome is estimated using a lattice of probabilistic distributions over small sized genomic sequences. The two dimensions denote distributions for different word sizes and the distribution of groups of words respectively. The lattice structure allows for additional support for a node from its neighbors when the probabilistic support for the species using the parameters of the current node is deemed insufficient.
We test our algorithm on simulated metagenomic data containing bacterial species with known ground truth and observe more than 85% precision. We also evaluate our algorithm on an in vitro-simulated bacterial metagenome and on human patient data, using ground truth from BLAST, and show a better clustering than other algorithms even for short reads and varied abundance.
Secondly, we work on developing a model for identifying intrusions in a computer network, inspired by the mechanisms for defense used in the immune system. The immune system is built to defend an organism against both known and new attacks, and functions as an adaptive distributed defense system. Artificial Immune Systems abstract the structure of immune systems to incorporate memory, fault
detection and adaptive learning. We propose an immune system based real time
intrusion detection system using unsupervised clustering. The model consists of three layers: a probabilistic model based T-cell algorithm which identifies possible attacks, a B-cell model which uses the inputs from T-cells together with feature information to confirm true attacks, and a damage signal generating Antigen Presenting Cell layer.
The algorithm is tested on the KDD 99 data, where it achieves a low false alarm rate while maintaining a high
detection rate. This is true even in case of novel attacks, which is a significant improvement over other algorithms.
Advisors/Committee Members: Raj Acharya, Dissertation Advisor/Co-Advisor, Kultegin Aydin, Committee Chair/Co-Chair, David Jonathan Miller, Committee Member, Vishal Monga, Committee Member, Mary Poss, Outside Member.
Subjects/Keywords: metagenomics; intrusion detection; clustering; unsupervised
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Jha, M. (2018). Probabilistic Techniques for Metagenomic Clustering and Intrusion Detection. (Thesis). Penn State University. Retrieved from https://submit-etda.libraries.psu.edu/catalog/15543mom5590
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Jha, Manjari. “Probabilistic Techniques for Metagenomic Clustering and Intrusion Detection.” 2018. Thesis, Penn State University. Accessed January 23, 2021.
https://submit-etda.libraries.psu.edu/catalog/15543mom5590.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Jha, Manjari. “Probabilistic Techniques for Metagenomic Clustering and Intrusion Detection.” 2018. Web. 23 Jan 2021.
Vancouver:
Jha M. Probabilistic Techniques for Metagenomic Clustering and Intrusion Detection. [Internet] [Thesis]. Penn State University; 2018. [cited 2021 Jan 23].
Available from: https://submit-etda.libraries.psu.edu/catalog/15543mom5590.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Jha M. Probabilistic Techniques for Metagenomic Clustering and Intrusion Detection. [Thesis]. Penn State University; 2018. Available from: https://submit-etda.libraries.psu.edu/catalog/15543mom5590
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Victoria University of Wellington
5.
Seifert, Christian.
Cost-effective Detection of Drive-by-Download Attacks
with Hybrid Client Honeypots.
Degree: 2010, Victoria University of Wellington
URL: http://hdl.handle.net/10063/1385
► With the increasing connectivity of and reliance on computers and networks, important aspects of computer systems are under a constant threat. In particular, drive-by-download attacks…
(more)
▼ With the increasing connectivity of and reliance on computers and networks,
important aspects of computer systems are under a constant threat.
In particular, drive-by-download attacks have emerged as a new threat to
the integrity of computer systems. Drive-by-download attacks are clientside
attacks that originate fromweb servers that are visited byweb browsers.
As a vulnerable web browser retrieves a malicious web page, the malicious
web server can push malware to a user's machine that can be executed
without their notice or consent.
The
detection of malicious web pages that exist on the Internet is prohibitively
expensive. It is estimated that approximately 150 million malicious
web pages that launch drive-by-download attacks exist today. Socalled
high-interaction client honeypots are devices that are able to detect
these malicious web pages, but they are slow and known to miss attacks.
Detection ofmaliciousweb pages in these quantitieswith client honeypots
would cost millions of US dollars.
Therefore, we have designed a more scalable system called a hybrid
client honeypot. It consists of lightweight client honeypots, the so-called
low-interaction client honeypots, and traditional high-interaction client
honeypots. The lightweight low-interaction client honeypots inspect web
pages at high speed and forward only likely malicious web pages to the
high-interaction client honeypot for a final classification.
For the comparison of client honeypots and evaluation of the hybrid
client honeypot system, we have chosen a cost-based evaluation method:
the true positive cost curve (TPCC). It allows us to evaluate client honeypots
against their primary purpose of identification of malicious web
pages. We show that costs of identifying malicious web pages with the
developed hybrid client honeypot systems are reduced by a factor of nine
compared to traditional high-interaction client honeypots.
The five main contributions of our work are:
High-Interaction Client Honeypot The first main contribution of
our work is the design and implementation of a high-interaction
client honeypot Capture-HPC. It is an open-source, publicly available
client honeypot research platform, which allows researchers and
security professionals to conduct research on malicious web pages
and client honeypots. Based on our client honeypot implementation
and analysis of existing client honeypots, we developed a component
model of client honeypots. This model allows researchers to
agree on the object of study, allows for focus of specific areas within
the object of study, and provides a framework for communication of
research around client honeypots.
True Positive Cost Curve As mentioned above, we have chosen a
cost-based evaluationmethod to compare and evaluate client honeypots
against their primary purpose of identification ofmaliciousweb
pages: the true positive cost curve. It takes into account the unique
characteristics of client honeypots, speed,
detection accuracy, and resource
cost and provides a simple, cost-based mechanism to evaluate
and compare…
Advisors/Committee Members: Komisarczuk, Peter, Welch, Ian.
Subjects/Keywords: Intrusion detection; Honeypots; Security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Seifert, C. (2010). Cost-effective Detection of Drive-by-Download Attacks
with Hybrid Client Honeypots. (Doctoral Dissertation). Victoria University of Wellington. Retrieved from http://hdl.handle.net/10063/1385
Chicago Manual of Style (16th Edition):
Seifert, Christian. “Cost-effective Detection of Drive-by-Download Attacks
with Hybrid Client Honeypots.” 2010. Doctoral Dissertation, Victoria University of Wellington. Accessed January 23, 2021.
http://hdl.handle.net/10063/1385.
MLA Handbook (7th Edition):
Seifert, Christian. “Cost-effective Detection of Drive-by-Download Attacks
with Hybrid Client Honeypots.” 2010. Web. 23 Jan 2021.
Vancouver:
Seifert C. Cost-effective Detection of Drive-by-Download Attacks
with Hybrid Client Honeypots. [Internet] [Doctoral dissertation]. Victoria University of Wellington; 2010. [cited 2021 Jan 23].
Available from: http://hdl.handle.net/10063/1385.
Council of Science Editors:
Seifert C. Cost-effective Detection of Drive-by-Download Attacks
with Hybrid Client Honeypots. [Doctoral Dissertation]. Victoria University of Wellington; 2010. Available from: http://hdl.handle.net/10063/1385

North-West University
6.
Ohaeri, Ifeoma Ugochi.
Intrusion detection and response model to enhance security in cognitive radio networks / Ifeoma Ugochi Ohaeri
.
Degree: 2012, North-West University
URL: http://hdl.handle.net/10394/15665
► With the rapid proliferation of new technologies and services in the wireless domain, spectrum scarcity has become a major concern. Cognitive radios (CRs) arise as…
(more)
▼ With the rapid proliferation of new technologies and services in the wireless domain,
spectrum scarcity has become a major concern. Cognitive radios (CRs) arise as a
promising solution to the scarcity of spectrum. A basic operation of the CRs is spectrum
sensing. Whenever a primary signal is detected, CRs have to vacate the specific spectrum
band. Malicious users can mimic incumbent transmitters so as to enforce CRs to vacate
the specific band. Cognitive radio networks (CRNs) are expected to bring an evolution to
the spectrum scarcity problem through intelligent use of the fallow spectrum bands.
However, as CRNs are wireless in nature, they face all common security threats found in
the traditional wireless networks. Common security combating measures for wireless
environments consist of authorization, authentication, and access control. But CRNs face
new security threats and challenges that have arisen due to their unique cognitive (self-configuration,
self-healing, self-optimization, and self-protection) characteristics. Because
of these new security threats, the use of traditional security combating measures would be
inadequate to address the challenges. Consequently, this research work proposes an
Intrusion Detection and Response Model (IDRM) to enhance security in cognitive radio
networks. Intrusion detection monitors all the activities in order to detect the intrusion. It
searches for security violation incidents, recognizes unauthorized accesses, and identifies
information leakages. Unfortunately, system administrators neither can keep up with the
pace that an intrusion detection system is delivering responses or alerts, nor can they react
within adequate time limits. Therefore, an automatic response system has to take over this
task by reacting without human intervention within the cognitive radio network.
Subjects/Keywords: Intrusion detection systems;
Computer security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Ohaeri, I. U. (2012). Intrusion detection and response model to enhance security in cognitive radio networks / Ifeoma Ugochi Ohaeri
. (Thesis). North-West University. Retrieved from http://hdl.handle.net/10394/15665
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Ohaeri, Ifeoma Ugochi. “Intrusion detection and response model to enhance security in cognitive radio networks / Ifeoma Ugochi Ohaeri
.” 2012. Thesis, North-West University. Accessed January 23, 2021.
http://hdl.handle.net/10394/15665.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Ohaeri, Ifeoma Ugochi. “Intrusion detection and response model to enhance security in cognitive radio networks / Ifeoma Ugochi Ohaeri
.” 2012. Web. 23 Jan 2021.
Vancouver:
Ohaeri IU. Intrusion detection and response model to enhance security in cognitive radio networks / Ifeoma Ugochi Ohaeri
. [Internet] [Thesis]. North-West University; 2012. [cited 2021 Jan 23].
Available from: http://hdl.handle.net/10394/15665.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Ohaeri IU. Intrusion detection and response model to enhance security in cognitive radio networks / Ifeoma Ugochi Ohaeri
. [Thesis]. North-West University; 2012. Available from: http://hdl.handle.net/10394/15665
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
7.
Han, Lu.
Indicators of Compromise of Vehicular Systems
.
Degree: Chalmers tekniska högskola / Institutionen för data och informationsteknik, 2019, Chalmers University of Technology
URL: http://hdl.handle.net/20.500.12380/300607
► Modern vehicles are no longer mere mechanical devices; they are equipped with plenty of sensors and Electronic Control Units (ECUs) for their primary functions such…
(more)
▼ Modern vehicles are no longer mere mechanical devices; they are equipped with
plenty of sensors and Electronic Control Units (ECUs) for their primary functions
such as powertrain and brake systems. Some legislation mandates the use of ECUs
in the modern vehicles because the pure mechanical solutions such as legacy carburetors
or hydraulic brake systems can neither comply with the safety and emission
regulations nor achieve the consumers’ demands. The number of ECUs in most
modern vehicles goes beyond one hundred. To achieve higher consumer satisfaction,
vehicle manufacturers also implement plenty of built-in advanced entertainment and
navigation systems which in most cases require an Internet connection.
By connecting to the Internet, to other vehicles, and to infrastructures, as well
as having hundred of millions of lines of code, vehicles have emerged as drivable
computers. Similar to ordinary computers, modern vehicles are also exposed to
different types of cyber-attacks which can cause safety issues for the driver, the
passengers, and other properties.
Nonetheless, there has been much research within this area; especially on Intrusion
Detection Systems (IDS). However, there are still some issues with the IDSs, and the
most significant one is the high rate of false alarms considering the massive number
of vehicles deployed in the market.
In this thesis project, we introduced many Indicators of Compromise (IOC) in vehicular
systems. Indicators of Compromise are simple artifacts whose presence in a
system is a sign of intrusion or infection by malicious software. The IOCs trigger if
the legitimate behavior of the system is violated; thus can mitigate the number of
false positives if implemented and deployed on the system. Also, we have defined a
set of criteria and methodologies in order to conduct a qualitative evaluation of the
IOCs in order to determine their quality. Additionally, we have identified where in
the overall architecture of a vehicle an indicator would fit. We have also proposed
a centralized IDS with logic for the central node to combine the IOCs that one of
them might not achieve the desired degree of confidence for raising an alarm. As
part of the research, we have studied previous work in the field as well as interviewed
industry experts. From this point
Subjects/Keywords: IDS;
Intrusion;
Detection;
ECU;
IOC
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Han, L. (2019). Indicators of Compromise of Vehicular Systems
. (Thesis). Chalmers University of Technology. Retrieved from http://hdl.handle.net/20.500.12380/300607
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Han, Lu. “Indicators of Compromise of Vehicular Systems
.” 2019. Thesis, Chalmers University of Technology. Accessed January 23, 2021.
http://hdl.handle.net/20.500.12380/300607.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Han, Lu. “Indicators of Compromise of Vehicular Systems
.” 2019. Web. 23 Jan 2021.
Vancouver:
Han L. Indicators of Compromise of Vehicular Systems
. [Internet] [Thesis]. Chalmers University of Technology; 2019. [cited 2021 Jan 23].
Available from: http://hdl.handle.net/20.500.12380/300607.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Han L. Indicators of Compromise of Vehicular Systems
. [Thesis]. Chalmers University of Technology; 2019. Available from: http://hdl.handle.net/20.500.12380/300607
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Virginia Tech
8.
DeFreeuw, Jonathan Daniel.
Embedding Network Information for Machine Learning-based Intrusion Detection.
Degree: MS, Computer Engineering, 2019, Virginia Tech
URL: http://hdl.handle.net/10919/99342
► As computer networks grow and demonstrate more complicated and intricate behaviors, traditional intrusion detections systems have fallen behind in their ability to protect network resources.…
(more)
▼ As computer networks grow and demonstrate more complicated and intricate behaviors, traditional
intrusion detections systems have fallen behind in their ability to protect network resources. Machine learning has stepped to the forefront of
intrusion detection research due to its potential to predict future behaviors. However, training these systems requires network data such as NetFlow that contains information regarding relationships between hosts, but requires human understanding to extract. Additionally, standard methods of encoding this categorical data struggles to capture similarities between points. To counteract this, we evaluate a method of embedding IP addresses and transport-layer ports into a continuous space, called IP2Vec. We demonstrate this embedding on two separate datasets, CTU'13 and UGR'16, and combine the UGR'16 embedding with several machine learning methods. We compare the models with and without the embedding to evaluate the benefits of including network behavior into an
intrusion detection system. We show that the addition of embeddings improve the F1-scores for all models in the multiclassification problem given in the UGR'16 data.
Advisors/Committee Members: Tront, Joseph G. (committeechair), Yang, Yaling (committee member), Marchany, Randolph Carlos (committee member).
Subjects/Keywords: word embeddings; intrusion detection
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
DeFreeuw, J. D. (2019). Embedding Network Information for Machine Learning-based Intrusion Detection. (Masters Thesis). Virginia Tech. Retrieved from http://hdl.handle.net/10919/99342
Chicago Manual of Style (16th Edition):
DeFreeuw, Jonathan Daniel. “Embedding Network Information for Machine Learning-based Intrusion Detection.” 2019. Masters Thesis, Virginia Tech. Accessed January 23, 2021.
http://hdl.handle.net/10919/99342.
MLA Handbook (7th Edition):
DeFreeuw, Jonathan Daniel. “Embedding Network Information for Machine Learning-based Intrusion Detection.” 2019. Web. 23 Jan 2021.
Vancouver:
DeFreeuw JD. Embedding Network Information for Machine Learning-based Intrusion Detection. [Internet] [Masters thesis]. Virginia Tech; 2019. [cited 2021 Jan 23].
Available from: http://hdl.handle.net/10919/99342.
Council of Science Editors:
DeFreeuw JD. Embedding Network Information for Machine Learning-based Intrusion Detection. [Masters Thesis]. Virginia Tech; 2019. Available from: http://hdl.handle.net/10919/99342

Oklahoma State University
9.
Koskei, Jordan Kiprop.
Attacker Intention Discovery Layer for Intrusion Detection Systems Using Hidden Markov Models.
Degree: Computer Science Department, 2011, Oklahoma State University
URL: http://hdl.handle.net/11244/8184
► Currently deployed intrusion detection systems (IDS) have no capacity to discover attacker high level intentions. Understanding an intruder's intention greatly enhances network security as it…
(more)
▼ Currently deployed
intrusion detection systems (IDS) have no capacity to discover attacker high level intentions. Understanding an intruder's intention greatly enhances network security as it allows deployment of more accurate pre-emptive counter-measures and better disaster recovery. In this thesis, we propose a system where we model a known attack scenario using HMM and use alerts from an IDS later to discover an attackers set of intentions for a given set of alerts.
Advisors/Committee Members: Thomas, Johnson (advisor), Kak, Subhash C. (committee member), Toulouse, Michel (committee member).
Subjects/Keywords: intrusion detection; network security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Koskei, J. K. (2011). Attacker Intention Discovery Layer for Intrusion Detection Systems Using Hidden Markov Models. (Thesis). Oklahoma State University. Retrieved from http://hdl.handle.net/11244/8184
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Koskei, Jordan Kiprop. “Attacker Intention Discovery Layer for Intrusion Detection Systems Using Hidden Markov Models.” 2011. Thesis, Oklahoma State University. Accessed January 23, 2021.
http://hdl.handle.net/11244/8184.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Koskei, Jordan Kiprop. “Attacker Intention Discovery Layer for Intrusion Detection Systems Using Hidden Markov Models.” 2011. Web. 23 Jan 2021.
Vancouver:
Koskei JK. Attacker Intention Discovery Layer for Intrusion Detection Systems Using Hidden Markov Models. [Internet] [Thesis]. Oklahoma State University; 2011. [cited 2021 Jan 23].
Available from: http://hdl.handle.net/11244/8184.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Koskei JK. Attacker Intention Discovery Layer for Intrusion Detection Systems Using Hidden Markov Models. [Thesis]. Oklahoma State University; 2011. Available from: http://hdl.handle.net/11244/8184
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Penn State University
10.
Celik, Zeynel Berkay.
Salting Public Traces with Attack Traffic to Test Flow Classifiers
.
Degree: 2011, Penn State University
URL: https://submit-etda.libraries.psu.edu/catalog/12196
► We consider the problem of using flow-level data for detection of botnet command and control (C&C) activity. We find that current approaches do not consider…
(more)
▼ We consider the problem of using flow-level data for
detection of botnet command and control (C&C) activity. We find that current approaches do not consider timing-based calibration of the C&C traffic traces prior to using this traffic to salt a background traffic trace. Thus, timing-based features of the C&C traffic may be artificially distinctive, potentially leading to (unrealistically) optimistic flow classification results.
In this thesis, we show that round-trip times (RTT) of the C&C traffic are significantly smaller than that of the background traffic. We present a method to calibrate the timing-based features of the simulated botnet traffic by estimating eligible RTT samples from the background traffic. We then salt C&C traffic, and design flow classifiers under four scenarios: with and without calibrating timing-based features of C&C traffic, without using timing-based features, and calibrating C&C traffic only in the test set. In the flow classifier, we strive to use features that are not readily susceptible to obfuscation or tampering such as port numbers or protocol-specific information in the payload header. We discuss the results for several supervised classifiers, evaluating botnet C&C traffic precision, recall, and overall classification accuracy. Our experiments reveal to what extent the presence of timing artifacts in botnet traces leads to changes in classifier results, and we show that the presence of timing artifacts in botnet traces can lead to changes in classifier/network
intrusion detection system (NIDS) results.
Advisors/Committee Members: George Kesidis, Thesis Advisor/Co-Advisor, George Kesidis, Thesis Advisor/Co-Advisor.
Subjects/Keywords: security; classification; botnet detection; netflow; intrusion detection
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Celik, Z. B. (2011). Salting Public Traces with Attack Traffic to Test Flow Classifiers
. (Thesis). Penn State University. Retrieved from https://submit-etda.libraries.psu.edu/catalog/12196
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Celik, Zeynel Berkay. “Salting Public Traces with Attack Traffic to Test Flow Classifiers
.” 2011. Thesis, Penn State University. Accessed January 23, 2021.
https://submit-etda.libraries.psu.edu/catalog/12196.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Celik, Zeynel Berkay. “Salting Public Traces with Attack Traffic to Test Flow Classifiers
.” 2011. Web. 23 Jan 2021.
Vancouver:
Celik ZB. Salting Public Traces with Attack Traffic to Test Flow Classifiers
. [Internet] [Thesis]. Penn State University; 2011. [cited 2021 Jan 23].
Available from: https://submit-etda.libraries.psu.edu/catalog/12196.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Celik ZB. Salting Public Traces with Attack Traffic to Test Flow Classifiers
. [Thesis]. Penn State University; 2011. Available from: https://submit-etda.libraries.psu.edu/catalog/12196
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

University of Houston
11.
Ding, Wei 1983-.
Detecting Network Intruders Connected Through Long Stepping-stone Chains.
Degree: PhD, Computer Science, 2014, University of Houston
URL: http://hdl.handle.net/10657/4747
► A common technique hackers use to avoid being detected is to route their network connections through a chain of stepping-stone hosts. There is no valid…
(more)
▼ A common technique hackers use to avoid being detected is to route their network connections through a chain of stepping-stone hosts. There is no valid reason to use a long connection chain for remote login such as SSH connection. In this dissertation, we focus on protecting hosts from being attacked via stepping-stone connection chains. Our objective is to detect intruders at a stepping-stone host in the middle of the connection chain and at the target host at the end of the chain. Along with the developing of correlation-based stepping-stone
detection algorithms, hackers also developed new techniques to evade being detected. Hackers can add chaff packets or jitter the original packets to decrease the
detection rate of these correlation algorithms. Dealing with chaff packet-added intrusions has already been studied, while the jittering part hasn't been touched. Our jittering
detection algorithm utilizes statistical distributions to fit the inter-arrival time gaps of traffic flows, extracting features from fitting, and separates jittered ones from normal ones by using support vector machines. The algorithm does not work well for light jittering. Hence, we further propose a hybrid stepping-stone
detection algorithm to employ both correlation and jitter
detection algorithms to detect intrusions. Experiment results show that our hybrid stepping-stone
detection algorithm can successfully detect more than 90% stepping-stone intrusions in most cases with a 0% false positive rate. It is always important for a host to protect itself from being a victim. To detect long connection chain intrusions at the target host, we propose two
detection algorithms: a nearest neighbor-based algorithm and an anomaly
detection-based algorithm. The first algorithm centers around analyzing the delay between the time a user presses ``enter" to finish a command and the time that the user types the next character, and uses an approximated upstream round-trip time to separate a long connection chain from short ones. Experiment results show that our method can correctly identify long chains from short ones with good accuracy. Besides, based on the idea of anomaly behavior
detection, a novel method to identify long connection chains from short chains using a pre-defined short chain profile has been proposed. Each new connection will be compared to the profile. Any connection that differs significantly from the profile will be considered as a suspicious long connection. In addition, several methods are proposed to increase the
detection rate by adapting to a user's different typing speed. This algorithm can get better
detection accuracy compared to the first one. With the algorithms proposed in this dissertation, we can detect stepping-stones in the middle of the chain in a robust way, and we can further and more effectively protect victim hosts from stepping-stone intrusions at the end of the chain.
Advisors/Committee Members: Huang, Stephen (advisor), Leiss, Ernst L. (committee member), Cheng, Kam-Hoi (committee member), Vilalta, Ricardo (committee member), Pan, Tsorng-Whay (committee member).
Subjects/Keywords: Intrusion detection; Network Security; Stepping-stone Detection
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Ding, W. 1. (2014). Detecting Network Intruders Connected Through Long Stepping-stone Chains. (Doctoral Dissertation). University of Houston. Retrieved from http://hdl.handle.net/10657/4747
Chicago Manual of Style (16th Edition):
Ding, Wei 1983-. “Detecting Network Intruders Connected Through Long Stepping-stone Chains.” 2014. Doctoral Dissertation, University of Houston. Accessed January 23, 2021.
http://hdl.handle.net/10657/4747.
MLA Handbook (7th Edition):
Ding, Wei 1983-. “Detecting Network Intruders Connected Through Long Stepping-stone Chains.” 2014. Web. 23 Jan 2021.
Vancouver:
Ding W1. Detecting Network Intruders Connected Through Long Stepping-stone Chains. [Internet] [Doctoral dissertation]. University of Houston; 2014. [cited 2021 Jan 23].
Available from: http://hdl.handle.net/10657/4747.
Council of Science Editors:
Ding W1. Detecting Network Intruders Connected Through Long Stepping-stone Chains. [Doctoral Dissertation]. University of Houston; 2014. Available from: http://hdl.handle.net/10657/4747
12.
Chevalier, Ronny.
Detecting and Surviving Intrusions : Exploring New Host-Based Intrusion Detection, Recovery, and Response Approaches : Détecter et survivre aux intrusions : exploration de nouvelles approches de détection, de restauration, et de réponse aux intrusions.
Degree: Docteur es, Informatique (STIC), 2019, CentraleSupélec
URL: http://www.theses.fr/2019CSUP0003
► Les systèmes informatiques, tels que les ordinateurs portables ou les systèmes embarqués, sont construits avec des couches de mécanismes de sécurité préventifs afin de réduire…
(more)
▼ Les systèmes informatiques, tels que les ordinateurs portables ou les systèmes embarqués, sont construits avec des couches de mécanismes de sécurité préventifs afin de réduire la probabilité qu’un attaquant les compromettent. Néanmoins, malgré des décennies d’avancées dans ce domaine, des intrusions surviennent toujours. Par conséquent, nous devons supposer que des intrusions auront lieu et nous devons construire nos systèmes afin qu’ils puissent les détecter et y survivre.Les systèmes d’exploitation généralistes sont déployés avec des mécanismes de détection d’intrusion, mais leur capacité à survivre à une intrusion est limitée. Les solutions de l’état de l’art nécessitent des procédures manuelles, comportent des pertes de disponibilité, ou font subir un fort coût en performance. De plus, les composants de bas niveau tels que le BIOS sont de plus en plus la cible d’attaquants cherchant à implanter des logiciels malveillants, furtifs, et résilients. Bien que des solutions de l’état de l’art garantissent l’intégrité de ces composants au démarrage, peu s’intéressent à la sécurité des services fournis par le BIOS qui sont exécutés au sein du System Management Mode (SMM).Ce manuscrit montre que nous pouvons construire des systèmes capables de détecter des intrusions au niveau du BIOS et y survivre au niveau du système d’exploitation. Tout d’abord, nous démontrons qu'une approche de survivabilité aux intrusions est viable et praticable pour des systèmes d’exploitation généralistes. Ensuite, nous démontrons qu'il est possible de détecter des intrusions au niveau du BIOS avec une solution basée sur du matériel.
Computing platforms, such as embedded systems or laptops, are built with layers of preventive security mechanisms to reduce the likelihood of attackers successfully compromising them. Nevertheless, given time and despite decades of improvements in preventive security, intrusions still happen. Therefore, systems should expect intrusions to occur, thus they should be built to detect and to survive them.Commodity Operating Systems (OSs) are deployed with intrusion detection solutions, but their ability to survive them is limited. State-of-the-art approaches from industry or academia either involve manual procedures, loss of availability, coarse-grained responses, or non-negligible performance overhead. Moreover, low-level components, such as the BIOS, are increasingly targeted by sophisticated attackers to implant stealthy and resilient malware. State-of-the-art solutions, however, mainly focus on boot time integrity, leaving the runtime part of the BIOS—known as the System Management Mode (SMM)—a prime target.This dissertation shows that we can build platforms that detect intrusions at the BIOS level and survive intrusions at the OS level. First, by demonstrating that intrusion survivability is a viable approach for commodity OSs. We develop a new approach that address various limitations from the literature, and we evaluate its security and performance. Second, by developing a hardware-based approach that detects…
Advisors/Committee Members: Mé, Ludovic (thesis director).
Subjects/Keywords: Sécurité; Détection d’intrusion; Réponse aux intrusions; Survivabilité; Security; Intrusion detection; Intrusion response; Intrusion recovery; Survivability
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Chevalier, R. (2019). Detecting and Surviving Intrusions : Exploring New Host-Based Intrusion Detection, Recovery, and Response Approaches : Détecter et survivre aux intrusions : exploration de nouvelles approches de détection, de restauration, et de réponse aux intrusions. (Doctoral Dissertation). CentraleSupélec. Retrieved from http://www.theses.fr/2019CSUP0003
Chicago Manual of Style (16th Edition):
Chevalier, Ronny. “Detecting and Surviving Intrusions : Exploring New Host-Based Intrusion Detection, Recovery, and Response Approaches : Détecter et survivre aux intrusions : exploration de nouvelles approches de détection, de restauration, et de réponse aux intrusions.” 2019. Doctoral Dissertation, CentraleSupélec. Accessed January 23, 2021.
http://www.theses.fr/2019CSUP0003.
MLA Handbook (7th Edition):
Chevalier, Ronny. “Detecting and Surviving Intrusions : Exploring New Host-Based Intrusion Detection, Recovery, and Response Approaches : Détecter et survivre aux intrusions : exploration de nouvelles approches de détection, de restauration, et de réponse aux intrusions.” 2019. Web. 23 Jan 2021.
Vancouver:
Chevalier R. Detecting and Surviving Intrusions : Exploring New Host-Based Intrusion Detection, Recovery, and Response Approaches : Détecter et survivre aux intrusions : exploration de nouvelles approches de détection, de restauration, et de réponse aux intrusions. [Internet] [Doctoral dissertation]. CentraleSupélec; 2019. [cited 2021 Jan 23].
Available from: http://www.theses.fr/2019CSUP0003.
Council of Science Editors:
Chevalier R. Detecting and Surviving Intrusions : Exploring New Host-Based Intrusion Detection, Recovery, and Response Approaches : Détecter et survivre aux intrusions : exploration de nouvelles approches de détection, de restauration, et de réponse aux intrusions. [Doctoral Dissertation]. CentraleSupélec; 2019. Available from: http://www.theses.fr/2019CSUP0003

University of Western Ontario
13.
Miriya Thanthrige, Udaya Sampath Karunathilaka Perera.
Hidden Markov Model Based Intrusion Alert Prediction.
Degree: 2016, University of Western Ontario
URL: https://ir.lib.uwo.ca/etd/4044
► Intrusion detection is only a starting step in securing IT infrastructure. Prediction of intrusions is the next step to provide an active defense against incoming…
(more)
▼ Intrusion detection is only a starting step in securing IT infrastructure. Prediction of intrusions is the next step to provide an active defense against incoming attacks.
Most of the existing intrusion prediction methods mainly focus on prediction of either intrusion type or intrusion category. Also, most of them are built based on domain knowledge and specific scenario knowledge. This thesis proposes an alert prediction framework which provides more detailed information than just the intrusion type or category to initiate possible defensive measures. The proposed algorithm is based on hidden Markov model and it does not depend on specific domain knowledge. Instead, it depends on a training process. Hence the proposed algorithm is adaptable to different conditions. Also, it is based on prediction of the next alert cluster, which contains source IP address, destination IP range, alert type and alert category. Hence, prediction of next alert cluster provides more information about future strategies of the attacker.
Experiments were conducted using a public data set generated over 2500 alert predictions. Proposed alert prediction framework achieved accuracy of 81% and 77% for single step and five step predictions respectively for prediction of the next alert cluster. It also achieved an accuracy of prediction of 95% and 92% for single step and five step predictions respectively for prediction of the next alert category. The proposed methods achieved 5% prediction accuracy improvement for alert category over variable length Markov based alert prediction method, while providing more information for a possible defense.
Subjects/Keywords: Feature Reduction; HMM; Intrusion Alerts; Intrusion Detection; Intrusion Prediction; Other Electrical and Computer Engineering
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Miriya Thanthrige, U. S. K. P. (2016). Hidden Markov Model Based Intrusion Alert Prediction. (Thesis). University of Western Ontario. Retrieved from https://ir.lib.uwo.ca/etd/4044
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Miriya Thanthrige, Udaya Sampath Karunathilaka Perera. “Hidden Markov Model Based Intrusion Alert Prediction.” 2016. Thesis, University of Western Ontario. Accessed January 23, 2021.
https://ir.lib.uwo.ca/etd/4044.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Miriya Thanthrige, Udaya Sampath Karunathilaka Perera. “Hidden Markov Model Based Intrusion Alert Prediction.” 2016. Web. 23 Jan 2021.
Vancouver:
Miriya Thanthrige USKP. Hidden Markov Model Based Intrusion Alert Prediction. [Internet] [Thesis]. University of Western Ontario; 2016. [cited 2021 Jan 23].
Available from: https://ir.lib.uwo.ca/etd/4044.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Miriya Thanthrige USKP. Hidden Markov Model Based Intrusion Alert Prediction. [Thesis]. University of Western Ontario; 2016. Available from: https://ir.lib.uwo.ca/etd/4044
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

North Carolina State University
14.
Yadav, Meeta.
Hardware Architecture of a Behavior Modeling Coprocessor for Network Intrusion Detection System.
Degree: PhD, Computer Engineering, 2009, North Carolina State University
URL: http://www.lib.ncsu.edu/resolver/1840.16/5601
► YADAV, MEETA. Hardware Architecture of a Behavior Modeling Coprocessor for Network Intrusion Detection. (Under the direction of Professor Paul D. Franzon). Intrusion detection systems protect…
(more)
▼ YADAV, MEETA. Hardware Architecture of a Behavior Modeling Coprocessor for Network
Intrusion Detection. (Under the direction of Professor Paul D. Franzon).
Intrusion detection systems protect a network against exploitation and manipulation by monitoring the incoming and outgoing traffic and classifying it as normal or malicious. The task of classifying network traffic is difficult and is made more complex by growing performance pressures of increasing traffic rates, the need to detect stealthy attacks by performing sophisticated analysis, the requirement of in-line processing and the inability of software based systems to keep up with the line-speeds. Most current
intrusion detection systems make trade-offs between one or more performance requirements. For instance, software based systems are scalable and can perform more complex algorithmic analysis on the network traffic but are incapable of keeping up with the line speeds. Hardware based systems can process packets in real-time but are not scalable or configurable, and they are limited to rule based packet filtering. These growing performance pressures on network security devices have redefined the issues to be addressed in the design of a security system, underlining the need for a scalable and configurable hardware system that has the ability to effectively detect intrusions by performing sophisticated analysis at line-speeds while keeping up with the increasing traffic rate and attack sophistication. The focus of this dissertation is to design a hardware based
intrusion detection system that is scalable, configurable, and capable of analyzing traffic to detect various categories of attacks at linespeeds. Specifically, we address four important issues with the design of hardware based systems:
- A behavior based technique was implemented in hardware to detect attacks embedded in the different protocol layers, across layers and in the payload of the packet. The technique monitors the traffic deeply, recovers-higher layer semantics, understands the flow of commands, requests, responses and detect attacks embedded across packets and across connections. The technique checks the network traffic for behavioral compliance using configurable, parametric data structures called theories that can model simple as well as complex behavior. Theories translate themselves into hardware using configurable functional units called assertion blocks.
- Theories and assertion blocks are parametric and configurable in nature and can be configured to translate any behavior description to hardware. The ability of individual theories and assertion blocks to be configured lends the configurability aspect to the entire system. To enable the system to scale with an increase in behavior modules a configurable fabric of assertion blocks has been developed. The configurable assertion block fabric contains pre-synthesized assertion modules that are triggered by theories to perform the operation specified by the theories.
- A Multi-Level Fractional Hash Algorithm was developed to…
Advisors/Committee Members: Paul D. Franzon, Committee Chair (advisor), Michael A Rappa, Committee Member (advisor), Yannis Viniotis, Committee Member (advisor), Gregory T. Byrd, Committee Member (advisor).
Subjects/Keywords: Network Intrusion Prevention; Hardware Architecture; Security; Network Intrusion Detection
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Yadav, M. (2009). Hardware Architecture of a Behavior Modeling Coprocessor for Network Intrusion Detection System. (Doctoral Dissertation). North Carolina State University. Retrieved from http://www.lib.ncsu.edu/resolver/1840.16/5601
Chicago Manual of Style (16th Edition):
Yadav, Meeta. “Hardware Architecture of a Behavior Modeling Coprocessor for Network Intrusion Detection System.” 2009. Doctoral Dissertation, North Carolina State University. Accessed January 23, 2021.
http://www.lib.ncsu.edu/resolver/1840.16/5601.
MLA Handbook (7th Edition):
Yadav, Meeta. “Hardware Architecture of a Behavior Modeling Coprocessor for Network Intrusion Detection System.” 2009. Web. 23 Jan 2021.
Vancouver:
Yadav M. Hardware Architecture of a Behavior Modeling Coprocessor for Network Intrusion Detection System. [Internet] [Doctoral dissertation]. North Carolina State University; 2009. [cited 2021 Jan 23].
Available from: http://www.lib.ncsu.edu/resolver/1840.16/5601.
Council of Science Editors:
Yadav M. Hardware Architecture of a Behavior Modeling Coprocessor for Network Intrusion Detection System. [Doctoral Dissertation]. North Carolina State University; 2009. Available from: http://www.lib.ncsu.edu/resolver/1840.16/5601

NSYSU
15.
Yu Yang, Peng.
Detecting Botnet-based Joint Attacks by Hidden Markov Model.
Degree: Master, Information Management, 2012, NSYSU
URL: http://etd.lib.nsysu.edu.tw/ETD-db/ETD-search/view_etd?URN=etd-0906112-214543
► We present a new detection model include monitoring network perimeter and hosts logs to counter the new method of attacking involve different hosts source during…
(more)
▼ We present a new
detection model include monitoring network perimeter and hosts logs to counter the new method of attacking involve different hosts source during an attacking sequence. The new attacking sequence we called âScout and Intruderâ involve two separate hosts. The scout will scan and evaluate the target area to find the possible victims and their vulnerability, and the intruder launch the precision strike with login activities looked as same as authorized users. By launching the scout and assassin attack, the attacker could access the system without being detected by the network and system
intrusion detection system. In order to detect the Scout and intruder attack, we correlate the netflow connection records, the system logs and network data dump, by finding the states of the attack and the corresponding features we create the
detection model using the Hidden Markov Chain. With the model we created, we could find the potential Scout and the Intruder attack in the initial state, which gives the network/system administrator more response time to stop the attack from the attackers.
Advisors/Committee Members: Sheng-Tzong Cheng (chair), Chia-Mei Chen (committee member), D. J. Guan (chair).
Subjects/Keywords: Intrusion Detection System; Botnet; Hidden Markov Chain
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Yu Yang, P. (2012). Detecting Botnet-based Joint Attacks by Hidden Markov Model. (Thesis). NSYSU. Retrieved from http://etd.lib.nsysu.edu.tw/ETD-db/ETD-search/view_etd?URN=etd-0906112-214543
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Yu Yang, Peng. “Detecting Botnet-based Joint Attacks by Hidden Markov Model.” 2012. Thesis, NSYSU. Accessed January 23, 2021.
http://etd.lib.nsysu.edu.tw/ETD-db/ETD-search/view_etd?URN=etd-0906112-214543.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Yu Yang, Peng. “Detecting Botnet-based Joint Attacks by Hidden Markov Model.” 2012. Web. 23 Jan 2021.
Vancouver:
Yu Yang P. Detecting Botnet-based Joint Attacks by Hidden Markov Model. [Internet] [Thesis]. NSYSU; 2012. [cited 2021 Jan 23].
Available from: http://etd.lib.nsysu.edu.tw/ETD-db/ETD-search/view_etd?URN=etd-0906112-214543.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Yu Yang P. Detecting Botnet-based Joint Attacks by Hidden Markov Model. [Thesis]. NSYSU; 2012. Available from: http://etd.lib.nsysu.edu.tw/ETD-db/ETD-search/view_etd?URN=etd-0906112-214543
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Penn State University
16.
Sridhar, Srikumar.
Testbed Design For Evaluation Of Active Cyber Defense Systems.
Degree: 2018, Penn State University
URL: https://submit-etda.libraries.psu.edu/catalog/15730sus511
► As with any system, often times, an attacker only needs to know a single vulnerability to compromise the entire system. To ensure a system is…
(more)
▼ As with any system, often times, an attacker only needs to know a single vulnerability to compromise the entire system. To ensure a system is free of vulnerability is extremely difficult, if not impossible, especially for large systems with over millions of lines of code. Hence, we focus on a cyber security methodology called Moving Target Defense (MTD). The philosophy of MTD is that instead of attempting to build flawless systems to prevent attacks, one may continually change the attack surface (certain system dimensions) over time in order to increase complexity and cost for attackers to probe the system and launch the attack.
The approach taken for implementing MTD in this thesis involves a naive checkpoint and restore methodology. If either an application has come under attack or the application hasn’t been switched for a while (a user-defined period), the container that it was running in will be killed and a new instance would be spawned
(application switching). This would help prevent a single software vulnerability from compromising the whole system. The new instance of the application will begin its execution from the latest checkpoint available to it. We demonstrate this approach using checkpoint and restore in user space with docker containers.
Additionally, we present the design of a complete, open-source, testbed for systems that utilize docker containers. Tools such as OSSEC (Open Source Host Based
Intrusion Detection System Security), Snort (Network
intrusion prevention and network
intrusion detection system), Bro (Network
intrusion detection system), Sysdig Falco (Runtime container monitoring tool) etc., are utilized to detect intrusions or anomalous behavior in a containerized environment. Multiple
intrusion detection tools are enforced in the system while various exploits are carried out. We perform application switching along with IP mutation once an
intrusion has been detected and evaluate the downtime associated with this process. We find that the process of checkpointing and restoring docker containers on the same host takes roughly 2.5 seconds.
Advisors/Committee Members: Sencun Zhu, Thesis Advisor/Co-Advisor, Gang Tan, Committee Member.
Subjects/Keywords: Moving Target Defense; Container Migration; Intrusion Detection
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Sridhar, S. (2018). Testbed Design For Evaluation Of Active Cyber Defense Systems. (Thesis). Penn State University. Retrieved from https://submit-etda.libraries.psu.edu/catalog/15730sus511
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Sridhar, Srikumar. “Testbed Design For Evaluation Of Active Cyber Defense Systems.” 2018. Thesis, Penn State University. Accessed January 23, 2021.
https://submit-etda.libraries.psu.edu/catalog/15730sus511.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Sridhar, Srikumar. “Testbed Design For Evaluation Of Active Cyber Defense Systems.” 2018. Web. 23 Jan 2021.
Vancouver:
Sridhar S. Testbed Design For Evaluation Of Active Cyber Defense Systems. [Internet] [Thesis]. Penn State University; 2018. [cited 2021 Jan 23].
Available from: https://submit-etda.libraries.psu.edu/catalog/15730sus511.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Sridhar S. Testbed Design For Evaluation Of Active Cyber Defense Systems. [Thesis]. Penn State University; 2018. Available from: https://submit-etda.libraries.psu.edu/catalog/15730sus511
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Penn State University
17.
Cole, Robert James.
Multi-step Attack Detection via Bayesian Modeling Under Model Parameter Uncertainty.
Degree: 2013, Penn State University
URL: https://submit-etda.libraries.psu.edu/catalog/17035
► Organizations in all sectors of business have become highly dependent upon information systems for the conduct of business operations. Of necessity, these information systems are…
(more)
▼ Organizations in all sectors of business have become highly dependent upon information
systems for the conduct of business operations. Of necessity, these information systems are
designed with many points of ingress, points of exposure that can be leveraged by a motivated
attacker seeking to compromise the confidentiality, integrity or availability of an organization’s
information assets. To protect its assets, an organization needs to implement information security
controls that mitigate the risks associated with these techniques. One of the key controls available
to an organization today is the
intrusion detection system (IDS), which is used to detect specific
events associated with unauthorized or suspicious activity. Traditional IDS systems have two
limitations that this research addresses. First, most IDS systems are tuned to detect specific
attacks, but do not attempt to automatically reason across multiple attacks. Such emphasis on
“single-step” attacks, as opposed to “multi-step” attacks puts the entire burden of reasoning
across multiple steps of a potential attack on the security analyst. Second, traditional IDS systems
do not explicitly consider uncertainty, which limits the analyst’s ability to model situations in
which uncertainty might be a significant factor.
This research examines the issue of multi-step attack
detection in the presence of
uncertainty in order to provide guidance to practitioners regarding the design and implementation
of
intrusion detection systems. First, we consider the bounding of uncertainty in a linear Bayesian
model of multi-step attacks. In this work we outline a tradeoff between uncertainty and latency in
the multi-step case: low inference uncertainty can be achieved but only at the price of latency in
terms of the attack stage at which uncertainty levels become small. Next, we consider the
problem of
detection in a general attack topology. In this work, we show how to formulate
queries for general definitions of
intrusion and how to propagate parameter uncertainty through
the model to a query result. In the case of zero parameter uncertainty, we provide an efficient algorithm to enumerate useful operating points within the 2-dimensional design space of
detection rate x false positive rate. For the uncertain parameter case, we show how operating
points become 2-dimensional operating boxes and show that the general problem of operating
box enumeration is highly computationally complex, necessitating heuristic solutions. Next, we
return our focus to the linear attack topology and theoretically show specific cases under which
model parameter uncertainty cannot produce output uncertainty. Finally, we conduct experiments
evaluating two heuristic solutions to the general
detection problem under uncertainty, heuristics
based on our theoretical results. We show that a heuristic solution based on our operating point
enumeration algorithm provides results very close to those of full enumeration. Additionally, our
experimental results show the significance of uncertainty in the…
Advisors/Committee Members: Peng Liu, Dissertation Advisor/Co-Advisor, William Benjamin Gill, Committee Member, Sencun Zhu, Committee Member, George Kesidis, Special Member.
Subjects/Keywords: intrusion detection; IDS; uncertainty; Bayesian modeling; security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Cole, R. J. (2013). Multi-step Attack Detection via Bayesian Modeling Under Model Parameter Uncertainty. (Thesis). Penn State University. Retrieved from https://submit-etda.libraries.psu.edu/catalog/17035
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Cole, Robert James. “Multi-step Attack Detection via Bayesian Modeling Under Model Parameter Uncertainty.” 2013. Thesis, Penn State University. Accessed January 23, 2021.
https://submit-etda.libraries.psu.edu/catalog/17035.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Cole, Robert James. “Multi-step Attack Detection via Bayesian Modeling Under Model Parameter Uncertainty.” 2013. Web. 23 Jan 2021.
Vancouver:
Cole RJ. Multi-step Attack Detection via Bayesian Modeling Under Model Parameter Uncertainty. [Internet] [Thesis]. Penn State University; 2013. [cited 2021 Jan 23].
Available from: https://submit-etda.libraries.psu.edu/catalog/17035.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Cole RJ. Multi-step Attack Detection via Bayesian Modeling Under Model Parameter Uncertainty. [Thesis]. Penn State University; 2013. Available from: https://submit-etda.libraries.psu.edu/catalog/17035
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Penn State University
18.
Chen, Po-Chun.
Experience-Based Cyber Security Analytics.
Degree: 2011, Penn State University
URL: https://submit-etda.libraries.psu.edu/catalog/11363
► As the demand for computational resources and connectivity increases and contemporary computer network systems become more complex, the management of cyber security is progressively becoming…
(more)
▼ As the demand for computational resources and connectivity increases and contemporary computer network systems become more complex, the management of cyber security is progressively becoming a serious issue.
Cyber situation recognition is a challenging problem, particularly when the network size is large.
The amount of data produced by existing
intrusion detection tools and sensors usually significantly exceeds the cognition throughput of a human analyst.
In attempting to align a huge amount of information and the limited human cognitive load, a critical disconnection between human cognition and cyber security tools has been identified.
Although the problem of cyber
intrusion detection has been studied from several perspectives using various approaches, the key component to bridging the gap between existing tools and human analysts' experiences is missing.
A method to capture and leverage cyber security expertise for situation recognition from a high-level viewpoint on the entire network is important, but it is rarely mentioned in the literature.
The goal of this research is to address the problem of cyber
intrusion recognition from the viewpoint of leveraging cyber experts' experiences and reflections.
We developed a systematic approach to capture and utilize experiences and reflections of security analysts to enhance cyber situation awareness.
The contributions of the research include:
1) proposing an approach to enable systematic capture of experience and reflection of cyber security analysts;
2) enhancing the recognition of cyber situations using the captured experiences of cyber security analysts;
3) providing a knowledge-based strategy for relaxing the constraints of Horn logic-based experience patterns to enhance their utilization; and
4) demonstrating the benefit of experience-based cyber situation recognition through simulations.
Advisors/Committee Members: John Yen, Dissertation Advisor/Co-Advisor, John Yen, Committee Chair/Co-Chair, Peng Liu, Committee Member, C Lee Giles, Committee Member, Prasenjit Mitra, Committee Member, Runze Li, Committee Member.
Subjects/Keywords: Cyber Situation Awareness; Intrusion Detection; Situation Recognition
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Chen, P. (2011). Experience-Based Cyber Security Analytics. (Thesis). Penn State University. Retrieved from https://submit-etda.libraries.psu.edu/catalog/11363
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Chen, Po-Chun. “Experience-Based Cyber Security Analytics.” 2011. Thesis, Penn State University. Accessed January 23, 2021.
https://submit-etda.libraries.psu.edu/catalog/11363.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Chen, Po-Chun. “Experience-Based Cyber Security Analytics.” 2011. Web. 23 Jan 2021.
Vancouver:
Chen P. Experience-Based Cyber Security Analytics. [Internet] [Thesis]. Penn State University; 2011. [cited 2021 Jan 23].
Available from: https://submit-etda.libraries.psu.edu/catalog/11363.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Chen P. Experience-Based Cyber Security Analytics. [Thesis]. Penn State University; 2011. Available from: https://submit-etda.libraries.psu.edu/catalog/11363
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

University of KwaZulu-Natal
19.
Naidoo, Tyrone.
Unsupervised feature selection for anomaly-based network intrusion detection using cluster validity indices.
Degree: 2016, University of KwaZulu-Natal
URL: http://hdl.handle.net/10413/14171
► In recent years, there has been a rapid increase in Internet usage, which has in turn led to a rise in malicious network activity. Network…
(more)
▼ In recent years, there has been a rapid increase in Internet usage, which has in turn led to a
rise in malicious network activity. Network
Intrusion Detection Systems (NIDS) are tools
that monitor network traffic with the purpose of rapidly and accurately detecting malicious
activity. These systems provide a time window for responding to emerging threats and
attacks aimed at exploiting vulnerabilities that arise from issues such as misconfigured
firewalls and outdated software.
Anomaly-based network
intrusion detection systems construct a profile of legitimate or
normal traffic patterns using machine learning techniques, and monitor network traffic for
deviations from the profile, which are subsequently classified as threats or intrusions. Due
to the richness of information contained in network traffic, it is possible to define large
feature vectors from network packets. This often leads to redundant or irrelevant features
being used in network
intrusion detection systems, which typically reduces the
detection
performance of the system.
The purpose of feature selection is to remove unnecessary or redundant features in a feature
space, thereby improving the performance of learning algorithms and as a result the
classification accuracy. Previous approaches have performed feature selection via optimization
techniques, using the classification accuracy of the NIDS on a subset of the data
as an objective function. While this approach has been shown to improve the performance
of the system, it is unrealistic to assume that labelled training data is available in operational
networks, which precludes the use of classification accuracy as an objective function
in a practical system.
This research proposes a method for feature selection in network
intrusion detection that
does not require any access to labelled data. The algorithm uses normalized cluster validity
indices as an objective function that is optimized over the search space of candidate
feature subsets via a genetic algorithm. Feature subsets produced by the algorithm are
shown to improve the classification performance of an anomaly{based network
intrusion
detection system over the NSL-KDD dataset. Despite not requiring access to labelled
data, the classification performance of the proposed system approaches that of efective
feature subsets that were derived using labelled training data.
Advisors/Committee Members: Tapamo, Jules-Raymond. (advisor), McDonald, A. M. (advisor).
Subjects/Keywords: Computer engineering.; Network Intrusion Detection Systems (NIDS).
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Naidoo, T. (2016). Unsupervised feature selection for anomaly-based network intrusion detection using cluster validity indices. (Thesis). University of KwaZulu-Natal. Retrieved from http://hdl.handle.net/10413/14171
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Naidoo, Tyrone. “Unsupervised feature selection for anomaly-based network intrusion detection using cluster validity indices.” 2016. Thesis, University of KwaZulu-Natal. Accessed January 23, 2021.
http://hdl.handle.net/10413/14171.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Naidoo, Tyrone. “Unsupervised feature selection for anomaly-based network intrusion detection using cluster validity indices.” 2016. Web. 23 Jan 2021.
Vancouver:
Naidoo T. Unsupervised feature selection for anomaly-based network intrusion detection using cluster validity indices. [Internet] [Thesis]. University of KwaZulu-Natal; 2016. [cited 2021 Jan 23].
Available from: http://hdl.handle.net/10413/14171.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Naidoo T. Unsupervised feature selection for anomaly-based network intrusion detection using cluster validity indices. [Thesis]. University of KwaZulu-Natal; 2016. Available from: http://hdl.handle.net/10413/14171
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

University of Houston
20.
Zhang, Hongyang 1988-.
Detecting Network Intruders by Examining Packet Crossovers in Connections.
Degree: MS, Computer Science, 2014, University of Houston
URL: http://hdl.handle.net/10657/867
► Routing packet traffic through a chain of hosts is a common technique for hackers to attack a victim machine without exposing themselves. Generally, a long…
(more)
▼ Routing packet traffic through a chain of hosts is a common technique for hackers to attack a victim machine without exposing themselves. Generally, a long connection chain formed is an indication of the presence of an intruder. Previous work has mostly focused on detecting stepping-stone hosts. Few researchers have addressed the issue of long connection chains (especially downstream
detection). A challenging issue in this area is to detect users connecting to a server using a long connection chain with only the information at the end of the chain. This thesis presents a solution to the problem of detecting upstream long connection chains. We first observe that the longer a connection chain is, the more packet crossovers are generated. Thus we reduce the problem of detecting long chains to that of detecting unusually large number of packet crossovers along the chain between requests and responses at server side. However, the approach requires the packet information along the whole chain. Since we cannot directly measure the number of crossovers on intermediate nodes, we are forced to study the consequences of large number of crossovers. A
detection algorithm has been designed based on the distribution of packet gaps. We validated our algorithm using test data generated on the Internet. The result shows a high
detection rate of long connection chains from short ones without too many false positives.
Advisors/Committee Members: Huang, Stephen (advisor), Shi, Weidong (committee member), Merchant, Fatima Aziz (committee member).
Subjects/Keywords: Intrusion detection; Stepping-stone; Computer science
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Zhang, H. 1. (2014). Detecting Network Intruders by Examining Packet Crossovers in Connections. (Masters Thesis). University of Houston. Retrieved from http://hdl.handle.net/10657/867
Chicago Manual of Style (16th Edition):
Zhang, Hongyang 1988-. “Detecting Network Intruders by Examining Packet Crossovers in Connections.” 2014. Masters Thesis, University of Houston. Accessed January 23, 2021.
http://hdl.handle.net/10657/867.
MLA Handbook (7th Edition):
Zhang, Hongyang 1988-. “Detecting Network Intruders by Examining Packet Crossovers in Connections.” 2014. Web. 23 Jan 2021.
Vancouver:
Zhang H1. Detecting Network Intruders by Examining Packet Crossovers in Connections. [Internet] [Masters thesis]. University of Houston; 2014. [cited 2021 Jan 23].
Available from: http://hdl.handle.net/10657/867.
Council of Science Editors:
Zhang H1. Detecting Network Intruders by Examining Packet Crossovers in Connections. [Masters Thesis]. University of Houston; 2014. Available from: http://hdl.handle.net/10657/867

Florida International University
21.
Jing, Xueyan.
Innovative Two-Stage Fuzzy Classification for Unknown Intrusion Detection.
Degree: PhD, Electrical Engineering, 2016, Florida International University
URL: https://digitalcommons.fiu.edu/etd/2436
;
10.25148/etd.FIDC000288
;
FIDC000288
► Intrusion detection is the essential part of network security in combating against illegal network access or malicious cyberattacks. Due to the constantly evolving nature…
(more)
▼ Intrusion detection is the essential part of network security in combating against illegal network access or malicious cyberattacks. Due to the constantly evolving nature of cyber attacks, it has been a technical challenge for an
intrusion detection system (IDS) to effectively recognize unknown attacks or known attacks with inadequate training data. Therefore in this dissertation work, an innovative two-stage classifier is developed for accurately and efficiently detecting both unknown attacks and known attacks with insufficient or inaccurate training information.
The novel two-stage fuzzy classification scheme is based on advanced machine learning techniques specifically for handling the ambiguity of traffic connections and network data. In the first stage of the classification, a fuzzy C-means (FCM) algorithm is employed to softly compute and optimize clustering centers of the training datasets with some degree of fuzziness counting for feature inaccuracy and ambiguity in the training data. Subsequently, a distance-weighted k-NN (k-nearest neighbors) classifier, combined with the Dempster-Shafer Theory (DST), is introduced to assess the belief functions and pignistic probabilities of the incoming data associated with each of known classes to further address the data uncertainty issue in the cyberattack data. In the second stage of the proposed classification algorithm, a subsequent classification scheme is implemented based on the obtained pignistic probabilities and their entropy functions to determine if the input data are normal, one of the known attacks or an unknown attack. Secondly, to strengthen the robustness to attacks, we form the three-layer hierarchy ensemble classifier based on the FCM weighted k-NN DST classifier to have more precise inferences than those made by a single classifier. The proposed
intrusion detection algorithm is evaluated through the application of the KDD’99 datasets and their variants containing known and unknown attacks. The experimental results show that the new two-stage fuzzy KNN-DST classifier outperforms other well-known classifiers in
intrusion detection and is especially effective in detecting unknown attacks.
Advisors/Committee Members: Hai Deng, Frank Urban, Jean Andrian, Deng Pan.
Subjects/Keywords: intrusion detection; classification; fuzzy; Dempster-shafer theory
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Jing, X. (2016). Innovative Two-Stage Fuzzy Classification for Unknown Intrusion Detection. (Doctoral Dissertation). Florida International University. Retrieved from https://digitalcommons.fiu.edu/etd/2436 ; 10.25148/etd.FIDC000288 ; FIDC000288
Chicago Manual of Style (16th Edition):
Jing, Xueyan. “Innovative Two-Stage Fuzzy Classification for Unknown Intrusion Detection.” 2016. Doctoral Dissertation, Florida International University. Accessed January 23, 2021.
https://digitalcommons.fiu.edu/etd/2436 ; 10.25148/etd.FIDC000288 ; FIDC000288.
MLA Handbook (7th Edition):
Jing, Xueyan. “Innovative Two-Stage Fuzzy Classification for Unknown Intrusion Detection.” 2016. Web. 23 Jan 2021.
Vancouver:
Jing X. Innovative Two-Stage Fuzzy Classification for Unknown Intrusion Detection. [Internet] [Doctoral dissertation]. Florida International University; 2016. [cited 2021 Jan 23].
Available from: https://digitalcommons.fiu.edu/etd/2436 ; 10.25148/etd.FIDC000288 ; FIDC000288.
Council of Science Editors:
Jing X. Innovative Two-Stage Fuzzy Classification for Unknown Intrusion Detection. [Doctoral Dissertation]. Florida International University; 2016. Available from: https://digitalcommons.fiu.edu/etd/2436 ; 10.25148/etd.FIDC000288 ; FIDC000288

University of Victoria
22.
Wang, Hongrui.
Online intrusion detection design and implementation for SCADA networks.
Degree: Department of Electrical and Computer Engineering, 2017, University of Victoria
URL: http://hdl.handle.net/1828/7984
► The standardization and interconnection of supervisory control and data acquisition (SCADA) systems has exposed the systems to cyber attacks. To improve the security of the…
(more)
▼ The standardization and interconnection of supervisory control and data acquisition
(SCADA) systems has exposed the systems to cyber attacks. To improve the security of the SCADA systems,
intrusion detection system (IDS) design is an effective method. However, traditional IDS design in the industrial networks mainly exploits the prede fined rules, which needs to be complemented and developed to adapt to the big data scenario. Therefore, this thesis aims to design an anomaly-based novel hierarchical online
intrusion detection system (HOIDS) for SCADA networks based on machine learning algorithms theoretically and implement the theoretical idea of the anomaly-based
intrusion detection on a testbed. The theoretical design of HOIDS by utilizing the server-client topology while keeping clients distributed for global protection, high
detection rate is achieved with minimum network impact. We implement accurate models of normal-abnormal binary
detection and multi-attack identification based on logistic regression and quasi-Newton optimization algorithm using the Broyden-Fletcher-Goldfarb-Shanno approach. The
detection system is capable of accelerating
detection by information gain based feature selection or principle component analysis based dimension reduction. By evaluating our system using the KDD99 dataset and the industrial control system datasets, we demonstrate that our design is highly scalable, e fficient and cost effective for securing SCADA infrastructures. Besides the theoretical IDS design, a testbed is modi ed and implemented for SCADA network security research. It simulates the working environment of SCADA systems with the functions of data collection and analysis for
intrusion detection. The testbed is implemented to be more flexible and extensible compared to the existing related work on the testbeds. In the testbed, Bro network analyzer is introduced to support the research of anomaly-based
intrusion detection. The procedures of both signature-based
intrusion detection and anomaly-based
intrusion detection using Bro analyzer are also presented. Besides, a generic Linux-based host is used as the container of different network functions and a human machine interface (HMI) together
with the supervising network is set up to simulate the control center. The testbed does not implement a large number of traffic generation methods, but still provides useful examples of generating normal and abnormal traffic. Besides, the testbed can be modi ed or expanded in the future work about SCADA network security.
Advisors/Committee Members: Dong, Xiaodai (supervisor), Lu, Tao (supervisor).
Subjects/Keywords: Intrusion detection; SCADA networks; Machine learning
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Wang, H. (2017). Online intrusion detection design and implementation for SCADA networks. (Masters Thesis). University of Victoria. Retrieved from http://hdl.handle.net/1828/7984
Chicago Manual of Style (16th Edition):
Wang, Hongrui. “Online intrusion detection design and implementation for SCADA networks.” 2017. Masters Thesis, University of Victoria. Accessed January 23, 2021.
http://hdl.handle.net/1828/7984.
MLA Handbook (7th Edition):
Wang, Hongrui. “Online intrusion detection design and implementation for SCADA networks.” 2017. Web. 23 Jan 2021.
Vancouver:
Wang H. Online intrusion detection design and implementation for SCADA networks. [Internet] [Masters thesis]. University of Victoria; 2017. [cited 2021 Jan 23].
Available from: http://hdl.handle.net/1828/7984.
Council of Science Editors:
Wang H. Online intrusion detection design and implementation for SCADA networks. [Masters Thesis]. University of Victoria; 2017. Available from: http://hdl.handle.net/1828/7984
23.
Chuluundorj, Zorigtbaatar.
Augmenting Network Flows with User Interface Context to Inform Access Control Decisions.
Degree: MS, 2019, Worcester Polytechnic Institute
URL: etd-3101
;
https://digitalcommons.wpi.edu/etd-theses/1331
► Whitelisting IP addresses and hostnames allow organizations to employ a default-deny approach to network traffic. Organizations employing a default-deny approach can stop many malicious…
(more)
▼ Whitelisting IP addresses and hostnames allow organizations to employ a default-deny approach to network traffic. Organizations employing a default-deny approach can stop many malicious threats, even including zero-day attacks, because it only allows explicitly stated legitimate activities. However, creating a comprehensive whitelist for a default-deny approach is difficult due to user-supplied destinations that can only be known at the time of usage. Whitelists, therefore, interfere with user experience by denying network traffic to user-supplied legitimate destinations. In this thesis, we focus on creating dynamic whitelists that are capable of allowing user-supplied network activity. We designed and built a system called Harbinger, which leverages user interface activity to provide contextual information in which network activity took place. We built Harbinger for Microsoft Windows operating systems and have tested its usability and effectiveness on four popular Microsoft applications. We find that Harbinger can reduce false positives-positive
detection rates from 44%-54% to 0%-0.4% in IP and DNS whitelists. Furthermore, while traditional whitelists failed to detect propagation attacks, Harbinger detected the same attacks 96% of the time. We find that our system only introduced six milliseconds of delay or less for 96% of network activity.
Advisors/Committee Members: Craig A. Shue, Advisor.
Subjects/Keywords: Cybersecurity; Intrusion Detection System; Dynamic Whitelists
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Chuluundorj, Z. (2019). Augmenting Network Flows with User Interface Context to Inform Access Control Decisions. (Thesis). Worcester Polytechnic Institute. Retrieved from etd-3101 ; https://digitalcommons.wpi.edu/etd-theses/1331
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Chuluundorj, Zorigtbaatar. “Augmenting Network Flows with User Interface Context to Inform Access Control Decisions.” 2019. Thesis, Worcester Polytechnic Institute. Accessed January 23, 2021.
etd-3101 ; https://digitalcommons.wpi.edu/etd-theses/1331.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Chuluundorj, Zorigtbaatar. “Augmenting Network Flows with User Interface Context to Inform Access Control Decisions.” 2019. Web. 23 Jan 2021.
Vancouver:
Chuluundorj Z. Augmenting Network Flows with User Interface Context to Inform Access Control Decisions. [Internet] [Thesis]. Worcester Polytechnic Institute; 2019. [cited 2021 Jan 23].
Available from: etd-3101 ; https://digitalcommons.wpi.edu/etd-theses/1331.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Chuluundorj Z. Augmenting Network Flows with User Interface Context to Inform Access Control Decisions. [Thesis]. Worcester Polytechnic Institute; 2019. Available from: etd-3101 ; https://digitalcommons.wpi.edu/etd-theses/1331
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

University of Victoria
24.
Bin Aftab, Muhammad Usama.
A Hybrid Framework for Intrusion Detection in Wireless Mesh Networks.
Degree: Department of Electrical and Computer Engineering, 2015, University of Victoria
URL: http://hdl.handle.net/1828/6984
► Network security is an important domain in the field of computer engineering. Sensitive information flowing across computer networks is vulnerable to potential threats, therefore it…
(more)
▼ Network security is an important domain in the field of computer engineering. Sensitive information flowing across computer networks is vulnerable to potential threats, therefore it is important to ensure their security. Wireless Mesh Networks (WMNs) are self-organized networks deployed in small proximity which have an wireless ad-hoc mesh topology. While they are cost effective and easy to deploy, they are extremely vulnerable to network intrusions due to no central switch or router. However, they can be secured using cryptographic techniques, firewalls or Demilitarized Zones (DMZs).
Intrusion Detection Systems (IDSs) are used as a secondary line-of-defence in computer networks from possible intrusions. This thesis proposes a framework for a Hybrid
Intrusion Detection System (HIDS) for WMN.
Advisors/Committee Members: Gulliver, T. Aaron (supervisor).
Subjects/Keywords: wireless; mesh networks; intrusion detection; network security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Bin Aftab, M. U. (2015). A Hybrid Framework for Intrusion Detection in Wireless Mesh Networks. (Masters Thesis). University of Victoria. Retrieved from http://hdl.handle.net/1828/6984
Chicago Manual of Style (16th Edition):
Bin Aftab, Muhammad Usama. “A Hybrid Framework for Intrusion Detection in Wireless Mesh Networks.” 2015. Masters Thesis, University of Victoria. Accessed January 23, 2021.
http://hdl.handle.net/1828/6984.
MLA Handbook (7th Edition):
Bin Aftab, Muhammad Usama. “A Hybrid Framework for Intrusion Detection in Wireless Mesh Networks.” 2015. Web. 23 Jan 2021.
Vancouver:
Bin Aftab MU. A Hybrid Framework for Intrusion Detection in Wireless Mesh Networks. [Internet] [Masters thesis]. University of Victoria; 2015. [cited 2021 Jan 23].
Available from: http://hdl.handle.net/1828/6984.
Council of Science Editors:
Bin Aftab MU. A Hybrid Framework for Intrusion Detection in Wireless Mesh Networks. [Masters Thesis]. University of Victoria; 2015. Available from: http://hdl.handle.net/1828/6984

University of New Mexico
25.
Fugate, Sunny.
Methods for speculatively bootstrapping better intrusion detection system performance.
Degree: Department of Computer Science, 2012, University of New Mexico
URL: http://hdl.handle.net/1928/22040
► During the last three decades, the designers of computer IDSs have been continuously challenged with performance bottlenecks and scalability issues. The number of threats is…
(more)
▼ During the last three decades, the designers of computer IDSs have been continuously challenged with performance bottlenecks and scalability issues. The number of threats is enormous. The performance of ID systems depends primarily on the quantity of input data and complexity of detected patterns. During noisy attacks, system load tends to increase proportional to increasing data rates, making ID systems vulnerable to flooding and denial-of-service attacks. Unfortunately, the number, type, and sophistication of threats is quickly increasing, outpacing our ability to detect them. The more we try to detect, the more computing and economic resources must be reserved solely for the task of
detection, whittling away at what remains for performing useful computations. This dissertation describes methods for assessing the current scaling performance of signature-based IDSs and presents models for speculatively bootstrapping better IDS performance. Using measurements of the coverage and scaling performance of a modern signature-based IDS in the context of an anticipatory model, arguments are presented that maintaining compact, low-coverage signature-sets does not provide optimal protection for modern heterogeneous computing environments. The primary contribution is an analysis of how mechanisms of anticipatory bias can be used to achieve performance improvements. To support the theoretical models, two principal approaches have been implemented. The first uses a combination of anticipation and feedback in an attempt to decrease per-signature costs by (counter-intuitively) increasing system coverage. The approach uses learned sequence statistics to make predictions of future events. Each prediction above a chosen threshold is used to decrease per-stream
detection cost by shunting traffic to smaller detectors (at the risk of increased error rates). The new approach promises decreasing per-signature costs as new
detection signatures are added. The design and performance of a prototype anticipatory IDS, 'Packet Wrangler', demonstrates the feasibility of the basic approach. The second approach applies primarily to improving the performance of IDSs when under stress. When overburdened, an IDS will drop input data (often arbitrarily). A probabilistic signature activation approach is described which improves error rates by decreasing the total amount of input data lost by probabilistically dropping signature activations based on learned event statistics and system load. A theoretical analysis is presented which shows that a policy which drops signatures instead of packets can outperform the default policy of dropping packets in terms of total error rates. A rudimentary prototype based on the Snort IDS, 'Probabilistic Flowbits', is described. Experimental results are then given which show substantially decreased error rates while simultaneously decreasing system overhead. In conclusion, a case is made for expanding IDS coverage and implementation fast-feedback and anticipatory optimizations. It can be…
Advisors/Committee Members: Luger, George, Crandall, Jedidiah, Hayes, Thomas, LorRaine, Duffy, Caudell, Thomas.
Subjects/Keywords: intrusion detection; performance optimization; speculative optimization
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Fugate, S. (2012). Methods for speculatively bootstrapping better intrusion detection system performance. (Doctoral Dissertation). University of New Mexico. Retrieved from http://hdl.handle.net/1928/22040
Chicago Manual of Style (16th Edition):
Fugate, Sunny. “Methods for speculatively bootstrapping better intrusion detection system performance.” 2012. Doctoral Dissertation, University of New Mexico. Accessed January 23, 2021.
http://hdl.handle.net/1928/22040.
MLA Handbook (7th Edition):
Fugate, Sunny. “Methods for speculatively bootstrapping better intrusion detection system performance.” 2012. Web. 23 Jan 2021.
Vancouver:
Fugate S. Methods for speculatively bootstrapping better intrusion detection system performance. [Internet] [Doctoral dissertation]. University of New Mexico; 2012. [cited 2021 Jan 23].
Available from: http://hdl.handle.net/1928/22040.
Council of Science Editors:
Fugate S. Methods for speculatively bootstrapping better intrusion detection system performance. [Doctoral Dissertation]. University of New Mexico; 2012. Available from: http://hdl.handle.net/1928/22040
26.
Badger, Eric C.
Scalable data analytics pipeline for real-time attack detection: design, validation, and deployment in a honeypot environment.
Degree: MS, Electrical & Computer Engineering, 2015, University of Illinois – Urbana-Champaign
URL: http://hdl.handle.net/2142/89057
► This work explores a scalable data analytics pipeline for real-time attack detection through the use of customized honeypots at the National Center for Supercomputing Applications…
(more)
▼ This work explores a scalable data analytics pipeline for real-time attack
detection through the use of customized honeypots at the National Center for Supercomputing Applications (NCSA). Attack
detection tools are common and are constantly getting improved, but validating these tools is challenging. One must automate how to identify what data is essential to detecting the attack, extract this data from multiple different monitors, and send this data to the attack
detection tool. On top of this, one must be able to efficiently scale with an ever-increasing amount of data, while also having the ability to extend to new monitors. This requires an infrastructure that is non-trivial to create or to deploy.
In this work, we present a generalized architecture that aims for a real- time, scalable, and extensible pipeline that can be deployed in diverse in- frastructures to validate arbitrary attack
detection tools. To demonstrate our architecture, we will show an example deployment of our pipeline using completely open-sourced tools. Our example deployment uses as its sources: 1) a customized honeypot environment at NCSA, and 2) customized attack scripts written to follow the skeleton of canonical credential-stealing attacks. To extract useful information, we have deployed network and host-based monitoring tools such as Bro and OSSEC. We have also built an attack de- tection tool named AttackTagger that we will use as our front-end
detection engine.
Advisors/Committee Members: Iyer, Ravishankar K. (advisor), Kalbarczyk, Zbigniew T (committee member).
Subjects/Keywords: Intrusion Detection
…Detection System
ICSI
International Computer Science Institute
IDS
Intrusion Detection System… …Network-based Intrusion Detection System (NIDS). Unlike
OSSEC, Bro is running directly… …Comma-separated Values
DDoS
Distributed Denial of Service
HIDS
Host-based Intrusion… …Registry
NCSA
National Center for Supercomputing Applications
NIDS
Network-based Intrusion… …Detection System
NSF
National Science Foundation
OS
Operating System
OSSEC
Open Source…
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Badger, E. C. (2015). Scalable data analytics pipeline for real-time attack detection: design, validation, and deployment in a honeypot environment. (Thesis). University of Illinois – Urbana-Champaign. Retrieved from http://hdl.handle.net/2142/89057
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Badger, Eric C. “Scalable data analytics pipeline for real-time attack detection: design, validation, and deployment in a honeypot environment.” 2015. Thesis, University of Illinois – Urbana-Champaign. Accessed January 23, 2021.
http://hdl.handle.net/2142/89057.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Badger, Eric C. “Scalable data analytics pipeline for real-time attack detection: design, validation, and deployment in a honeypot environment.” 2015. Web. 23 Jan 2021.
Vancouver:
Badger EC. Scalable data analytics pipeline for real-time attack detection: design, validation, and deployment in a honeypot environment. [Internet] [Thesis]. University of Illinois – Urbana-Champaign; 2015. [cited 2021 Jan 23].
Available from: http://hdl.handle.net/2142/89057.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Badger EC. Scalable data analytics pipeline for real-time attack detection: design, validation, and deployment in a honeypot environment. [Thesis]. University of Illinois – Urbana-Champaign; 2015. Available from: http://hdl.handle.net/2142/89057
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

University of Melbourne
27.
WAHID, ALIF.
Estimating the Internet malicious host population while preserving privacy.
Degree: 2013, University of Melbourne
URL: http://hdl.handle.net/11343/38139
► The Internet is a globally significant infrastructure that attracts a large number of threats posed by the population of malicious hosts within it. These threats…
(more)
▼ The Internet is a globally significant infrastructure that attracts a large number of threats posed by the population of malicious hosts within it. These threats scale with the size of the malicious host population, which makes the accurate estimation of this population an important challenge. The difficulty of this challenge is further compounded by the conflicting requirements of preserving the privacy of bystanders associated with malicious host behaviour while accurately identifying malicious host instances across the Internet.
In this thesis, we address this challenge of estimating the Internet malicious host population while preserving privacy. We begin by identifying four major research problems that have not been addressed in the literature. First is the lack of a model for host-to-address bindings. Second is the characterisation of malicious address properties. Third is the correlation of independent measurements. And fourth is the development of dynamic countermeasures. We subsequently proceed to develop novel solutions corresponding to the first three problems, while the fourth remains to be addressed in the future.
Our first contribution is the development of a probabilistic model for host-to-address bindings, which allows the number of hosts that attached to an observed address to be inferred based on privacy preserving data sets and a publicly accessible ground truth. We demonstrate the properties of this model in terms of preferential attachment and point out its primary benefit in terms of enabling the inference of host behaviour based only on address characteristics, which is a necessary condition for privacy preservation. However, this leads to the need for an understanding of various address characteristics in order to draw reliable and robust inferences.
Our second contribution is the analysis of a large repository of intrusion alerts from globally distributed vantage points that provide access to various characteristics of malicious addresses. We find that alerted addresses are active for very short periods in the order of a few minutes and that they rarely appear more than once. We also find that there are statistically self-similar properties corresponding to these addresses in terms of non-existent temporal and spatial clusters. The main implication is that intrusion alerts contain the necessary information for use with our model of host-to-address bindings but lack sufficient robustness for reliably estimating the number of malicious hosts corresponding to an address due to the presence of spoofed and inactive sources.
Our third contribution is the combined analysis of passive measurements in the form of intrusion alerts with active measurements in the form of ping responses in order to identify those addresses that are active, attached, allocated and malicious simultaneously across two different data sets…
Subjects/Keywords: intrusion detection; privacy protection; network security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
WAHID, A. (2013). Estimating the Internet malicious host population while preserving privacy. (Doctoral Dissertation). University of Melbourne. Retrieved from http://hdl.handle.net/11343/38139
Chicago Manual of Style (16th Edition):
WAHID, ALIF. “Estimating the Internet malicious host population while preserving privacy.” 2013. Doctoral Dissertation, University of Melbourne. Accessed January 23, 2021.
http://hdl.handle.net/11343/38139.
MLA Handbook (7th Edition):
WAHID, ALIF. “Estimating the Internet malicious host population while preserving privacy.” 2013. Web. 23 Jan 2021.
Vancouver:
WAHID A. Estimating the Internet malicious host population while preserving privacy. [Internet] [Doctoral dissertation]. University of Melbourne; 2013. [cited 2021 Jan 23].
Available from: http://hdl.handle.net/11343/38139.
Council of Science Editors:
WAHID A. Estimating the Internet malicious host population while preserving privacy. [Doctoral Dissertation]. University of Melbourne; 2013. Available from: http://hdl.handle.net/11343/38139
28.
Wang, Zhuo.
Using Neural Networks in Intrusion Detection System for Cloud Computing
.
Degree: 2014, California State University – San Marcos
URL: http://hdl.handle.net/10211.3/131348
► Information security is an issue of global concern nowadays. The complexity, accessibility, and extensiveness of the Internet have led to tremendous increase of security risk…
(more)
▼ Information security is an issue of global concern nowadays. The complexity, accessibility, and extensiveness of the Internet have led to tremendous increase of security risk of information systems. The situation hasn't been improved and the harm and loss an intruder or a malicious attack can cause to an information system are known by more and more people, especially when the term "cloud computing" appeared in people's sights.
Because of the grid distribution of cloud computing users, and their lack of knowledge on managing the cloud services, these users and their systems are always regarded as easy targets for intruders looking for possible vulnerabilities. In this case, an
intrusion detection system (IDS) which collects user behaviors in the network and detects malicious activities can protect our systems from the attacks. Neural networks are widely applied in designing IDSs, because of their adaptation and qualifications in dealing with large scale of data, in our case, the dramatically large quantities of user behaviors through the Internet.
Recently, in the area of artificial neural networks, the concept of combining multiple networks has been proposed as a fresh direction for the design and development of highly reliable IDS.
An
intrusion detection system built based on Multilayer perceptron (MLP) neural network and k-means neural network is presented in this thesis; the system combines both supervised learning and unsupervised learning methods and outperforms the
intrusion detecting accuracy rate from systems based on either of them. The key idea of this system is to discover useful patterns or features that describe user behavior on a system, and this set of relevant features is used to build classifiers that can distinguish anomalies and known intrusions with normal user behaviors. Using a set of benchmark data from a KDD (Knowledge Discovery and Data Mining) competition supported by DARPA (Defense Advanced Research Projects Agency), the efficiency and accuracy this proposed system can achieve is demonstrated and the comparison between the performances of proposed system and other IDSs using only MLP, K-means and other neural networks or techniques like SOM (Self-organized Maps) and Radial Basis Function (RBF) are presented.
Keywords: Cloud Computing,
Intrusion Detection System (IDS), Artificial Neural Network (ANN), Supervised Learning, Unsupervised Learning, Multilayer Perceptron (MLP), K-means Algorithm
Advisors/Committee Members: Wu, Shaun-inn (advisor).
Subjects/Keywords: Neural Networks;
Intrusion Detection System;
Cloud Computing
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Wang, Z. (2014). Using Neural Networks in Intrusion Detection System for Cloud Computing
. (Thesis). California State University – San Marcos. Retrieved from http://hdl.handle.net/10211.3/131348
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Wang, Zhuo. “Using Neural Networks in Intrusion Detection System for Cloud Computing
.” 2014. Thesis, California State University – San Marcos. Accessed January 23, 2021.
http://hdl.handle.net/10211.3/131348.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Wang, Zhuo. “Using Neural Networks in Intrusion Detection System for Cloud Computing
.” 2014. Web. 23 Jan 2021.
Vancouver:
Wang Z. Using Neural Networks in Intrusion Detection System for Cloud Computing
. [Internet] [Thesis]. California State University – San Marcos; 2014. [cited 2021 Jan 23].
Available from: http://hdl.handle.net/10211.3/131348.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Wang Z. Using Neural Networks in Intrusion Detection System for Cloud Computing
. [Thesis]. California State University – San Marcos; 2014. Available from: http://hdl.handle.net/10211.3/131348
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

University of Waterloo
29.
Zaman, Safaa.
A Collaborative Architecture for Distributed Intrusion Detection System based on Lightweight Modules.
Degree: 2009, University of Waterloo
URL: http://hdl.handle.net/10012/4505
► A variety of intrusion prevention techniques, such as user authentication (e.g.: using passwords), avoidance of programming errors, and information protection, have been used to protect…
(more)
▼ A variety of intrusion prevention techniques, such as user authentication (e.g.: using passwords), avoidance of programming errors, and information protection, have been used to protect computer systems. However, intrusion prevention alone is not sufficient to protect our systems, as those systems become ever more complex with the rapid growth and expansion of Internet technology and local network systems. Moreover, programming errors, firewall configuration errors, and ambiguous or undefined security policies add to the system’s complexity. An Intrusion Detection System (IDS) is therefore needed as another layer to protect computer systems. The IDS is one of the most important techniques of information dynamic security technology. It is defined as a process of monitoring the events occurring in a computer system or network and analyzing them to differentiate between normal activities of the system and behaviours that can be classified as suspicious or intrusive.
Current Intrusion Detection Systems have several known shortcomings, such as: low accuracy (registering high False Positives and False Negatives); low real-time performance (processing a large amount of traffic in real time); limited scalability (storing a large number of user profiles and attack signatures); an inability to detect new attacks (recognizing new attacks when they are launched for the first time); and weak system-reactive capabilities (efficiency of response). This makes the area of IDS an attractive research field. In recent years, researchers have investigated techniques such as artificial intelligence, autonomous agents, and distributed systems for detecting intrusion in network environments. This thesis presents a novel IDS distributed architecture – Collaborative Distributed Intrusion Detection System (C-dIDS), based on lightweight IDS modules – that integrates two main concepts in order to improve IDS performance and the scalability: lightweight IDS and collaborative architecture.
To accomplish the first concept, lightweight IDS, we apply two different approaches: a features selection approach and an IDS classification scheme. In the first approach, each detector (IDS module) uses smaller amounts of data in the detection process by applying a novel features selection approach called the Fuzzy Enhanced Support Vector Decision Function (Fuzzy ESVDF). This approach improves the system scalability in terms of reducing the number of needed features without degrading the overall system performance. The second approach uses a new IDS classification scheme. The proposed IDS classification scheme employs multiple specialized detectors in each layer of the TCP/IP network model. This helps collecting efficient and useful information for dIDS, increasing the system’s ability to detect different attack types and reducing the system’s scalability.
The second concept uses a novel architecture for dIDS called Collaborative Distributed Intrusion Detection System (C-dIDS) to integrate these different specialized detectors (IDS modules) that…
Subjects/Keywords: Intrusion Detection Systems
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Zaman, S. (2009). A Collaborative Architecture for Distributed Intrusion Detection System based on Lightweight Modules. (Thesis). University of Waterloo. Retrieved from http://hdl.handle.net/10012/4505
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Zaman, Safaa. “A Collaborative Architecture for Distributed Intrusion Detection System based on Lightweight Modules.” 2009. Thesis, University of Waterloo. Accessed January 23, 2021.
http://hdl.handle.net/10012/4505.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Zaman, Safaa. “A Collaborative Architecture for Distributed Intrusion Detection System based on Lightweight Modules.” 2009. Web. 23 Jan 2021.
Vancouver:
Zaman S. A Collaborative Architecture for Distributed Intrusion Detection System based on Lightweight Modules. [Internet] [Thesis]. University of Waterloo; 2009. [cited 2021 Jan 23].
Available from: http://hdl.handle.net/10012/4505.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Zaman S. A Collaborative Architecture for Distributed Intrusion Detection System based on Lightweight Modules. [Thesis]. University of Waterloo; 2009. Available from: http://hdl.handle.net/10012/4505
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Colorado State University
30.
Zhang, Han.
Detecting advanced botnets in enterprise networks.
Degree: PhD, Computer Science, 2017, Colorado State University
URL: http://hdl.handle.net/10217/181362
► A botnet is a network composed of compromised computers that are controlled by a botmaster through command and control (C&C) channel. Botnets are more destructive…
(more)
▼ A botnet is a network composed of compromised computers that are controlled by a botmaster through command and control (C&C) channel. Botnets are more destructive compared to common virus and malware, because they control the resources from many compromised computers. Botnets provide a very important platform for attacks, such as Distributed Denial-of-Service (DDoS), spamming, scanning, and many more. To foil
detection systems, botnets began to use various evasion techniques, including encrypted communications, dynamically generated C&C domains, and more. We call such botnets that use evasion techniques as advanced botnets. In this dissertation, we introduce various algorithms and systems to detect advanced botnets in enterprise-like network environment. Encrypted botnets introduce several problems to
detection. First, to enable research in detecting encrypted botnets, researchers need samples of encrypted botnet traces with ground truth, which are very hard to get. Traces that are available are not customizable, which prevents testing under various controlled scenarios. To address this problem we introduce BotTalker, a tool that can be used to generate customized encrypted botnet communication traffic. BotTalker emulates the actions a bot would take to encrypt communication. To the best of our knowledge, BotTalker is the first work that provides users customized encrypted botnet traffic. The second problem introduced by encrypted botnets is that Deep Packet Inspection (DPI)-based security systems are foiled. We measure the effects of encryption on three security systems, including Snort, Suricata and BotHunter (BH) using the encrypted botnet traffic generated by BotTalker. The results show that encryption foils these systems greatly. Then, we introduce a method to detect encrypted botnet traffic based on the fact that encryption increases data's entropy. In particular, we present two high-entropy (HE) classifiers and add one of them to enhance BH by utilizing the other detectors it provides. By doing this HE classifier restores BH's ability to detect bots, even when they use encryption. Entropy calculation at line speed is expensive, especially when the flows are very long. To deal with this issue, we introduce two algorithms to classify flows as HE by looking at only part of a flow. In particular, we classify a flow as HE or low entropy (LE) by only considering the first M packets of the flow. These early HE classifiers are used in two ways: (a) to improve the speed of bot
detection tools, and (b) as a filter to reduce the load on an
Intrusion Detection System (IDS). We implement the filter as a preprocessor in Snort. The results show that by using the first 15 packets of a flow the traffic delivered to IDS is reduced by more than 50% while maintaining more than 99.9% of the original alerts. Comparing our traffic reduction scheme with other work we find that they need to inspect at least 13 times more packets than ours or they miss about 70 times of the alerts. To improve the resiliency of communication between…
Advisors/Committee Members: Papadopoulos, Christos (advisor), Ray, Indrakshi (committee member), Pallickara, Shrideep (committee member), Hayne, Stephen C. (committee member).
Subjects/Keywords: DNS; network security; intrusion detection system; Botnet
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share





❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Zhang, H. (2017). Detecting advanced botnets in enterprise networks. (Doctoral Dissertation). Colorado State University. Retrieved from http://hdl.handle.net/10217/181362
Chicago Manual of Style (16th Edition):
Zhang, Han. “Detecting advanced botnets in enterprise networks.” 2017. Doctoral Dissertation, Colorado State University. Accessed January 23, 2021.
http://hdl.handle.net/10217/181362.
MLA Handbook (7th Edition):
Zhang, Han. “Detecting advanced botnets in enterprise networks.” 2017. Web. 23 Jan 2021.
Vancouver:
Zhang H. Detecting advanced botnets in enterprise networks. [Internet] [Doctoral dissertation]. Colorado State University; 2017. [cited 2021 Jan 23].
Available from: http://hdl.handle.net/10217/181362.
Council of Science Editors:
Zhang H. Detecting advanced botnets in enterprise networks. [Doctoral Dissertation]. Colorado State University; 2017. Available from: http://hdl.handle.net/10217/181362
◁ [1] [2] [3] [4] [5] … [19] ▶
.