subject:(Intrusion Detection)

University of Guelph

1. Nyakundi, Eric. USING SUPPORT VECTOR MACHINES IN ANOMALY INTRUSION DETECTION.

Degree: MS, School of Computer Science, 2015, University of Guelph

URL: https://atrium.lib.uoguelph.ca/xmlui/handle/10214/8880

► Recent increase in hacks and computer network attacks around the world, including Sony Pictures (2014), Home Depot (2014), and Target (2014) gives a compelling need… (more)

Subjects/Keywords: Support Vector Machines; Intrusion detection systems; Anomaly intrusion detection; Network intrusion detection

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Nyakundi, E. (2015). USING SUPPORT VECTOR MACHINES IN ANOMALY INTRUSION DETECTION. (Masters Thesis). University of Guelph. Retrieved from https://atrium.lib.uoguelph.ca/xmlui/handle/10214/8880

Chicago Manual of Style (16^th Edition):

Nyakundi, Eric. “USING SUPPORT VECTOR MACHINES IN ANOMALY INTRUSION DETECTION.” 2015. Masters Thesis, University of Guelph. Accessed January 23, 2021. https://atrium.lib.uoguelph.ca/xmlui/handle/10214/8880.

MLA Handbook (7^th Edition):

Nyakundi, Eric. “USING SUPPORT VECTOR MACHINES IN ANOMALY INTRUSION DETECTION.” 2015. Web. 23 Jan 2021.

Vancouver:

Nyakundi E. USING SUPPORT VECTOR MACHINES IN ANOMALY INTRUSION DETECTION. [Internet] [Masters thesis]. University of Guelph; 2015. [cited 2021 Jan 23]. Available from: https://atrium.lib.uoguelph.ca/xmlui/handle/10214/8880.

Council of Science Editors:

Nyakundi E. USING SUPPORT VECTOR MACHINES IN ANOMALY INTRUSION DETECTION. [Masters Thesis]. University of Guelph; 2015. Available from: https://atrium.lib.uoguelph.ca/xmlui/handle/10214/8880

2. Ferreira, Eduardo Alves. Detecção autônoma de intrusões utilizando aprendizado de máquina.

Degree: Mestrado, Ciências de Computação e Matemática Computacional, 2011, University of São Paulo

URL: http://www.teses.usp.br/teses/disponiveis/55/55134/tde-28072011-160306/ ;

►

A evolução da tecnologia da informação popularizou o uso de sistemas computacionais para a automação de tarefas operacionais. As tarefas de implantação e manutenção desses… (more)

▼

A evolução da tecnologia da informação popularizou o uso de sistemas computacionais para a automação de tarefas operacionais. As tarefas de implantação e manutenção desses sistemas computacionais, por outro lado, não acompanharam essa tendência de forma ágil, tendo sido, por anos, efetuadas de forma manual, implicando alto custo, baixa produtividade e pouca qualidade de serviço. A fim de preencher essa lacuna foi proposta uma iniciativa denominada Computação Autônoma, a qual visa prover capacidade de autogerenciamento a sistemas computacionais. Dentre os aspectos necessários para a construção de um sistema autônomo está a detecção de intrusão, responsável por monitorar o funcionamento e fluxos de dados de sistemas em busca de indícios de operações maliciosas. Dado esse contexto, este trabalho apresenta um sistema autônomo de detecção de intrusões em aplicações Web, baseado em técnicas de aprendizado de máquina com complexidade computacional próxima de linear. Esse sistema utiliza técnicas de agrupamento de dados e de detecção de novidades para caracterizar o comportamento normal de uma aplicação, buscando posteriormente por anomalias no funcionamento das aplicações. Observou-se que a técnica é capaz de detectar ataques com maior autonomia e menor dependência sobre contextos específicos em relação a trabalhos anteriores

The use of computers to automatically perform operational tasks is commonplace, thanks to the information technology evolution. The maintenance of computer systems, on the other hand, is commonly performed manually, resulting in high costs, low productivity and low quality of service. The Autonomous Computing initiative aims to approach this limitation, through selfmanagement of computer systems. In order to assemble a fully autonomous system, an intrusion detection application is needed to monitor the behavior and data flows on applications. Considering this context, an autonomous Web intrusion detection system is proposed, based on machine-learning techniques with near-linear computational complexity. This system is based on clustering and novelty detection techniques, characterizing an application behavior, to later pinpoint anomalies in live applications. By conducting experiments, we observed that this new approach is capable of detecting anomalies with less dependency on specific contexts than previous solutions

Advisors/Committee Members: Mello, Rodrigo Fernandes de.

Subjects/Keywords: Detecção de intrusão; Intrusion detection

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Ferreira, E. A. (2011). Detecção autônoma de intrusões utilizando aprendizado de máquina. (Masters Thesis). University of São Paulo. Retrieved from http://www.teses.usp.br/teses/disponiveis/55/55134/tde-28072011-160306/ ;

Chicago Manual of Style (16^th Edition):

Ferreira, Eduardo Alves. “Detecção autônoma de intrusões utilizando aprendizado de máquina.” 2011. Masters Thesis, University of São Paulo. Accessed January 23, 2021. http://www.teses.usp.br/teses/disponiveis/55/55134/tde-28072011-160306/ ;.

MLA Handbook (7^th Edition):

Ferreira, Eduardo Alves. “Detecção autônoma de intrusões utilizando aprendizado de máquina.” 2011. Web. 23 Jan 2021.

Vancouver:

Ferreira EA. Detecção autônoma de intrusões utilizando aprendizado de máquina. [Internet] [Masters thesis]. University of São Paulo; 2011. [cited 2021 Jan 23]. Available from: http://www.teses.usp.br/teses/disponiveis/55/55134/tde-28072011-160306/ ;.

Council of Science Editors:

Ferreira EA. Detecção autônoma de intrusões utilizando aprendizado de máquina. [Masters Thesis]. University of São Paulo; 2011. Available from: http://www.teses.usp.br/teses/disponiveis/55/55134/tde-28072011-160306/ ;

3. Victor, Ganta Jacob. Intrusion Detection Systems False Positives;.

Degree: Compute Science Engineering, 2013, Jawaharlal Nehru Technological University, Hyderabad

URL: http://shodhganga.inflibnet.ac.in/handle/10603/19733

►

Computers and internet have become a part of human life, to address security challenges tools like Anti-viruses, Firewalls, Intrusion Detection Systems (IDS) etc. are deployed.… (more)

Subjects/Keywords: Detection; False; Intrusion; Positives; Systems

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Victor, G. J. (2013). Intrusion Detection Systems False Positives;. (Thesis). Jawaharlal Nehru Technological University, Hyderabad. Retrieved from http://shodhganga.inflibnet.ac.in/handle/10603/19733

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Victor, Ganta Jacob. “Intrusion Detection Systems False Positives;.” 2013. Thesis, Jawaharlal Nehru Technological University, Hyderabad. Accessed January 23, 2021. http://shodhganga.inflibnet.ac.in/handle/10603/19733.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Victor, Ganta Jacob. “Intrusion Detection Systems False Positives;.” 2013. Web. 23 Jan 2021.

Vancouver:

Victor GJ. Intrusion Detection Systems False Positives;. [Internet] [Thesis]. Jawaharlal Nehru Technological University, Hyderabad; 2013. [cited 2021 Jan 23]. Available from: http://shodhganga.inflibnet.ac.in/handle/10603/19733.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Victor GJ. Intrusion Detection Systems False Positives;. [Thesis]. Jawaharlal Nehru Technological University, Hyderabad; 2013. Available from: http://shodhganga.inflibnet.ac.in/handle/10603/19733

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Penn State University

4. Jha, Manjari. Probabilistic Techniques for Metagenomic Clustering and Intrusion Detection.

Degree: 2018, Penn State University

URL: https://submit-etda.libraries.psu.edu/catalog/15543mom5590

► This thesis focuses on developing probabilistic models for the analysis of diverse datasets using unsupervised clustering techniques. Primarily, we focus on two main fields: the… (more)

▼ This thesis focuses on developing probabilistic models for the analysis of diverse datasets using unsupervised clustering techniques. Primarily, we focus on two main fields: the clustering of DNA reads derived from a metagenomic sample, and the separation of attacks from normal connections in a collection of network connection records. Metagenomics involves the analysis of genomes of microorganisms sampled directly from their environment. Next Generation Sequencing allows a high-throughput sampling of small segments from genomes in the metagenome to generate reads. To study the properties and relationships of the microorganisms present, clustering can be performed based on the inherent composition of the sampled reads for unknown species. We propose a two-dimensional lattice based probabilistic model for clustering metagenomic datasets. The occurrence of a species in the metagenome is estimated using a lattice of probabilistic distributions over small sized genomic sequences. The two dimensions denote distributions for different word sizes and the distribution of groups of words respectively. The lattice structure allows for additional support for a node from its neighbors when the probabilistic support for the species using the parameters of the current node is deemed insufficient. We test our algorithm on simulated metagenomic data containing bacterial species with known ground truth and observe more than 85% precision. We also evaluate our algorithm on an in vitro-simulated bacterial metagenome and on human patient data, using ground truth from BLAST, and show a better clustering than other algorithms even for short reads and varied abundance. Secondly, we work on developing a model for identifying intrusions in a computer network, inspired by the mechanisms for defense used in the immune system. The immune system is built to defend an organism against both known and new attacks, and functions as an adaptive distributed defense system. Artificial Immune Systems abstract the structure of immune systems to incorporate memory, fault detection and adaptive learning. We propose an immune system based real time intrusion detection system using unsupervised clustering. The model consists of three layers: a probabilistic model based T-cell algorithm which identifies possible attacks, a B-cell model which uses the inputs from T-cells together with feature information to confirm true attacks, and a damage signal generating Antigen Presenting Cell layer. The algorithm is tested on the KDD 99 data, where it achieves a low false alarm rate while maintaining a high detection rate. This is true even in case of novel attacks, which is a significant improvement over other algorithms. Advisors/Committee Members: Raj Acharya, Dissertation Advisor/Co-Advisor, Kultegin Aydin, Committee Chair/Co-Chair, David Jonathan Miller, Committee Member, Vishal Monga, Committee Member, Mary Poss, Outside Member.

Subjects/Keywords: metagenomics; intrusion detection; clustering; unsupervised

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Jha, M. (2018). Probabilistic Techniques for Metagenomic Clustering and Intrusion Detection. (Thesis). Penn State University. Retrieved from https://submit-etda.libraries.psu.edu/catalog/15543mom5590

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Jha, Manjari. “Probabilistic Techniques for Metagenomic Clustering and Intrusion Detection.” 2018. Thesis, Penn State University. Accessed January 23, 2021. https://submit-etda.libraries.psu.edu/catalog/15543mom5590.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Jha, Manjari. “Probabilistic Techniques for Metagenomic Clustering and Intrusion Detection.” 2018. Web. 23 Jan 2021.

Vancouver:

Jha M. Probabilistic Techniques for Metagenomic Clustering and Intrusion Detection. [Internet] [Thesis]. Penn State University; 2018. [cited 2021 Jan 23]. Available from: https://submit-etda.libraries.psu.edu/catalog/15543mom5590.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Jha M. Probabilistic Techniques for Metagenomic Clustering and Intrusion Detection. [Thesis]. Penn State University; 2018. Available from: https://submit-etda.libraries.psu.edu/catalog/15543mom5590

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Victoria University of Wellington

5. Seifert, Christian. Cost-effective Detection of Drive-by-Download Attacks with Hybrid Client Honeypots.

Degree: 2010, Victoria University of Wellington

URL: http://hdl.handle.net/10063/1385

► With the increasing connectivity of and reliance on computers and networks, important aspects of computer systems are under a constant threat. In particular, drive-by-download attacks… (more)

▼ With the increasing connectivity of and reliance on computers and networks, important aspects of computer systems are under a constant threat. In particular, drive-by-download attacks have emerged as a new threat to the integrity of computer systems. Drive-by-download attacks are clientside attacks that originate fromweb servers that are visited byweb browsers. As a vulnerable web browser retrieves a malicious web page, the malicious web server can push malware to a user's machine that can be executed without their notice or consent. The detection of malicious web pages that exist on the Internet is prohibitively expensive. It is estimated that approximately 150 million malicious web pages that launch drive-by-download attacks exist today. Socalled high-interaction client honeypots are devices that are able to detect these malicious web pages, but they are slow and known to miss attacks. Detection ofmaliciousweb pages in these quantitieswith client honeypots would cost millions of US dollars. Therefore, we have designed a more scalable system called a hybrid client honeypot. It consists of lightweight client honeypots, the so-called low-interaction client honeypots, and traditional high-interaction client honeypots. The lightweight low-interaction client honeypots inspect web pages at high speed and forward only likely malicious web pages to the high-interaction client honeypot for a final classification. For the comparison of client honeypots and evaluation of the hybrid client honeypot system, we have chosen a cost-based evaluation method: the true positive cost curve (TPCC). It allows us to evaluate client honeypots against their primary purpose of identification of malicious web pages. We show that costs of identifying malicious web pages with the developed hybrid client honeypot systems are reduced by a factor of nine compared to traditional high-interaction client honeypots. The five main contributions of our work are: High-Interaction Client Honeypot The first main contribution of our work is the design and implementation of a high-interaction client honeypot Capture-HPC. It is an open-source, publicly available client honeypot research platform, which allows researchers and security professionals to conduct research on malicious web pages and client honeypots. Based on our client honeypot implementation and analysis of existing client honeypots, we developed a component model of client honeypots. This model allows researchers to agree on the object of study, allows for focus of specific areas within the object of study, and provides a framework for communication of research around client honeypots. True Positive Cost Curve As mentioned above, we have chosen a cost-based evaluationmethod to compare and evaluate client honeypots against their primary purpose of identification ofmaliciousweb pages: the true positive cost curve. It takes into account the unique characteristics of client honeypots, speed, detection accuracy, and resource cost and provides a simple, cost-based mechanism to evaluate and compare… Advisors/Committee Members: Komisarczuk, Peter, Welch, Ian.

Subjects/Keywords: Intrusion detection; Honeypots; Security

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Seifert, C. (2010). Cost-effective Detection of Drive-by-Download Attacks with Hybrid Client Honeypots. (Doctoral Dissertation). Victoria University of Wellington. Retrieved from http://hdl.handle.net/10063/1385

Chicago Manual of Style (16^th Edition):

Seifert, Christian. “Cost-effective Detection of Drive-by-Download Attacks with Hybrid Client Honeypots.” 2010. Doctoral Dissertation, Victoria University of Wellington. Accessed January 23, 2021. http://hdl.handle.net/10063/1385.

MLA Handbook (7^th Edition):

Seifert, Christian. “Cost-effective Detection of Drive-by-Download Attacks with Hybrid Client Honeypots.” 2010. Web. 23 Jan 2021.

Vancouver:

Seifert C. Cost-effective Detection of Drive-by-Download Attacks with Hybrid Client Honeypots. [Internet] [Doctoral dissertation]. Victoria University of Wellington; 2010. [cited 2021 Jan 23]. Available from: http://hdl.handle.net/10063/1385.

Council of Science Editors:

Seifert C. Cost-effective Detection of Drive-by-Download Attacks with Hybrid Client Honeypots. [Doctoral Dissertation]. Victoria University of Wellington; 2010. Available from: http://hdl.handle.net/10063/1385

North-West University

6. Ohaeri, Ifeoma Ugochi. Intrusion detection and response model to enhance security in cognitive radio networks / Ifeoma Ugochi Ohaeri .

Degree: 2012, North-West University

URL: http://hdl.handle.net/10394/15665

► With the rapid proliferation of new technologies and services in the wireless domain, spectrum scarcity has become a major concern. Cognitive radios (CRs) arise as… (more)

Subjects/Keywords: Intrusion detection systems; Computer security

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Ohaeri, I. U. (2012). Intrusion detection and response model to enhance security in cognitive radio networks / Ifeoma Ugochi Ohaeri . (Thesis). North-West University. Retrieved from http://hdl.handle.net/10394/15665

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Ohaeri, Ifeoma Ugochi. “Intrusion detection and response model to enhance security in cognitive radio networks / Ifeoma Ugochi Ohaeri .” 2012. Thesis, North-West University. Accessed January 23, 2021. http://hdl.handle.net/10394/15665.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Ohaeri, Ifeoma Ugochi. “Intrusion detection and response model to enhance security in cognitive radio networks / Ifeoma Ugochi Ohaeri .” 2012. Web. 23 Jan 2021.

Vancouver:

Ohaeri IU. Intrusion detection and response model to enhance security in cognitive radio networks / Ifeoma Ugochi Ohaeri . [Internet] [Thesis]. North-West University; 2012. [cited 2021 Jan 23]. Available from: http://hdl.handle.net/10394/15665.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Ohaeri IU. Intrusion detection and response model to enhance security in cognitive radio networks / Ifeoma Ugochi Ohaeri . [Thesis]. North-West University; 2012. Available from: http://hdl.handle.net/10394/15665

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

7. Han, Lu. Indicators of Compromise of Vehicular Systems .

Degree: Chalmers tekniska högskola / Institutionen för data och informationsteknik, 2019, Chalmers University of Technology

URL: http://hdl.handle.net/20.500.12380/300607

► Modern vehicles are no longer mere mechanical devices; they are equipped with plenty of sensors and Electronic Control Units (ECUs) for their primary functions such… (more)

▼ Modern vehicles are no longer mere mechanical devices; they are equipped with plenty of sensors and Electronic Control Units (ECUs) for their primary functions such as powertrain and brake systems. Some legislation mandates the use of ECUs in the modern vehicles because the pure mechanical solutions such as legacy carburetors or hydraulic brake systems can neither comply with the safety and emission regulations nor achieve the consumers’ demands. The number of ECUs in most modern vehicles goes beyond one hundred. To achieve higher consumer satisfaction, vehicle manufacturers also implement plenty of built-in advanced entertainment and navigation systems which in most cases require an Internet connection. By connecting to the Internet, to other vehicles, and to infrastructures, as well as having hundred of millions of lines of code, vehicles have emerged as drivable computers. Similar to ordinary computers, modern vehicles are also exposed to different types of cyber-attacks which can cause safety issues for the driver, the passengers, and other properties. Nonetheless, there has been much research within this area; especially on Intrusion Detection Systems (IDS). However, there are still some issues with the IDSs, and the most significant one is the high rate of false alarms considering the massive number of vehicles deployed in the market. In this thesis project, we introduced many Indicators of Compromise (IOC) in vehicular systems. Indicators of Compromise are simple artifacts whose presence in a system is a sign of intrusion or infection by malicious software. The IOCs trigger if the legitimate behavior of the system is violated; thus can mitigate the number of false positives if implemented and deployed on the system. Also, we have defined a set of criteria and methodologies in order to conduct a qualitative evaluation of the IOCs in order to determine their quality. Additionally, we have identified where in the overall architecture of a vehicle an indicator would fit. We have also proposed a centralized IDS with logic for the central node to combine the IOCs that one of them might not achieve the desired degree of confidence for raising an alarm. As part of the research, we have studied previous work in the field as well as interviewed industry experts. From this point

Subjects/Keywords: IDS; Intrusion; Detection; ECU; IOC

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Han, L. (2019). Indicators of Compromise of Vehicular Systems . (Thesis). Chalmers University of Technology. Retrieved from http://hdl.handle.net/20.500.12380/300607

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Han, Lu. “Indicators of Compromise of Vehicular Systems .” 2019. Thesis, Chalmers University of Technology. Accessed January 23, 2021. http://hdl.handle.net/20.500.12380/300607.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Han, Lu. “Indicators of Compromise of Vehicular Systems .” 2019. Web. 23 Jan 2021.

Vancouver:

Han L. Indicators of Compromise of Vehicular Systems . [Internet] [Thesis]. Chalmers University of Technology; 2019. [cited 2021 Jan 23]. Available from: http://hdl.handle.net/20.500.12380/300607.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Han L. Indicators of Compromise of Vehicular Systems . [Thesis]. Chalmers University of Technology; 2019. Available from: http://hdl.handle.net/20.500.12380/300607

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Virginia Tech

8. DeFreeuw, Jonathan Daniel. Embedding Network Information for Machine Learning-based Intrusion Detection.

Degree: MS, Computer Engineering, 2019, Virginia Tech

URL: http://hdl.handle.net/10919/99342

► As computer networks grow and demonstrate more complicated and intricate behaviors, traditional intrusion detections systems have fallen behind in their ability to protect network resources.… (more)

Subjects/Keywords: word embeddings; intrusion detection

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

DeFreeuw, J. D. (2019). Embedding Network Information for Machine Learning-based Intrusion Detection. (Masters Thesis). Virginia Tech. Retrieved from http://hdl.handle.net/10919/99342

Chicago Manual of Style (16^th Edition):

DeFreeuw, Jonathan Daniel. “Embedding Network Information for Machine Learning-based Intrusion Detection.” 2019. Masters Thesis, Virginia Tech. Accessed January 23, 2021. http://hdl.handle.net/10919/99342.

MLA Handbook (7^th Edition):

DeFreeuw, Jonathan Daniel. “Embedding Network Information for Machine Learning-based Intrusion Detection.” 2019. Web. 23 Jan 2021.

Vancouver:

DeFreeuw JD. Embedding Network Information for Machine Learning-based Intrusion Detection. [Internet] [Masters thesis]. Virginia Tech; 2019. [cited 2021 Jan 23]. Available from: http://hdl.handle.net/10919/99342.

Council of Science Editors:

DeFreeuw JD. Embedding Network Information for Machine Learning-based Intrusion Detection. [Masters Thesis]. Virginia Tech; 2019. Available from: http://hdl.handle.net/10919/99342

Oklahoma State University

9. Koskei, Jordan Kiprop. Attacker Intention Discovery Layer for Intrusion Detection Systems Using Hidden Markov Models.

Degree: Computer Science Department, 2011, Oklahoma State University

URL: http://hdl.handle.net/11244/8184

► Currently deployed intrusion detection systems (IDS) have no capacity to discover attacker high level intentions. Understanding an intruder's intention greatly enhances network security as it… (more)

Subjects/Keywords: intrusion detection; network security

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Koskei, J. K. (2011). Attacker Intention Discovery Layer for Intrusion Detection Systems Using Hidden Markov Models. (Thesis). Oklahoma State University. Retrieved from http://hdl.handle.net/11244/8184

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Koskei, Jordan Kiprop. “Attacker Intention Discovery Layer for Intrusion Detection Systems Using Hidden Markov Models.” 2011. Thesis, Oklahoma State University. Accessed January 23, 2021. http://hdl.handle.net/11244/8184.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Koskei, Jordan Kiprop. “Attacker Intention Discovery Layer for Intrusion Detection Systems Using Hidden Markov Models.” 2011. Web. 23 Jan 2021.

Vancouver:

Koskei JK. Attacker Intention Discovery Layer for Intrusion Detection Systems Using Hidden Markov Models. [Internet] [Thesis]. Oklahoma State University; 2011. [cited 2021 Jan 23]. Available from: http://hdl.handle.net/11244/8184.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Koskei JK. Attacker Intention Discovery Layer for Intrusion Detection Systems Using Hidden Markov Models. [Thesis]. Oklahoma State University; 2011. Available from: http://hdl.handle.net/11244/8184

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Penn State University

10. Celik, Zeynel Berkay. Salting Public Traces with Attack Traffic to Test Flow Classifiers .

Degree: 2011, Penn State University

URL: https://submit-etda.libraries.psu.edu/catalog/12196

► We consider the problem of using flow-level data for detection of botnet command and control (C&C) activity. We find that current approaches do not consider… (more)

Subjects/Keywords: security; classification; botnet detection; netflow; intrusion detection

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Celik, Z. B. (2011). Salting Public Traces with Attack Traffic to Test Flow Classifiers . (Thesis). Penn State University. Retrieved from https://submit-etda.libraries.psu.edu/catalog/12196

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Celik, Zeynel Berkay. “Salting Public Traces with Attack Traffic to Test Flow Classifiers .” 2011. Thesis, Penn State University. Accessed January 23, 2021. https://submit-etda.libraries.psu.edu/catalog/12196.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Celik, Zeynel Berkay. “Salting Public Traces with Attack Traffic to Test Flow Classifiers .” 2011. Web. 23 Jan 2021.

Vancouver:

Celik ZB. Salting Public Traces with Attack Traffic to Test Flow Classifiers . [Internet] [Thesis]. Penn State University; 2011. [cited 2021 Jan 23]. Available from: https://submit-etda.libraries.psu.edu/catalog/12196.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Celik ZB. Salting Public Traces with Attack Traffic to Test Flow Classifiers . [Thesis]. Penn State University; 2011. Available from: https://submit-etda.libraries.psu.edu/catalog/12196

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

University of Houston

11. Ding, Wei 1983-. Detecting Network Intruders Connected Through Long Stepping-stone Chains.

Degree: PhD, Computer Science, 2014, University of Houston

URL: http://hdl.handle.net/10657/4747

► A common technique hackers use to avoid being detected is to route their network connections through a chain of stepping-stone hosts. There is no valid… (more)

▼ A common technique hackers use to avoid being detected is to route their network connections through a chain of stepping-stone hosts. There is no valid reason to use a long connection chain for remote login such as SSH connection. In this dissertation, we focus on protecting hosts from being attacked via stepping-stone connection chains. Our objective is to detect intruders at a stepping-stone host in the middle of the connection chain and at the target host at the end of the chain. Along with the developing of correlation-based stepping-stone detection algorithms, hackers also developed new techniques to evade being detected. Hackers can add chaff packets or jitter the original packets to decrease the detection rate of these correlation algorithms. Dealing with chaff packet-added intrusions has already been studied, while the jittering part hasn't been touched. Our jittering detection algorithm utilizes statistical distributions to fit the inter-arrival time gaps of traffic flows, extracting features from fitting, and separates jittered ones from normal ones by using support vector machines. The algorithm does not work well for light jittering. Hence, we further propose a hybrid stepping-stone detection algorithm to employ both correlation and jitter detection algorithms to detect intrusions. Experiment results show that our hybrid stepping-stone detection algorithm can successfully detect more than 90% stepping-stone intrusions in most cases with a 0% false positive rate. It is always important for a host to protect itself from being a victim. To detect long connection chain intrusions at the target host, we propose two detection algorithms: a nearest neighbor-based algorithm and an anomaly detection-based algorithm. The first algorithm centers around analyzing the delay between the time a user presses ``enter" to finish a command and the time that the user types the next character, and uses an approximated upstream round-trip time to separate a long connection chain from short ones. Experiment results show that our method can correctly identify long chains from short ones with good accuracy. Besides, based on the idea of anomaly behavior detection, a novel method to identify long connection chains from short chains using a pre-defined short chain profile has been proposed. Each new connection will be compared to the profile. Any connection that differs significantly from the profile will be considered as a suspicious long connection. In addition, several methods are proposed to increase the detection rate by adapting to a user's different typing speed. This algorithm can get better detection accuracy compared to the first one. With the algorithms proposed in this dissertation, we can detect stepping-stones in the middle of the chain in a robust way, and we can further and more effectively protect victim hosts from stepping-stone intrusions at the end of the chain. Advisors/Committee Members: Huang, Stephen (advisor), Leiss, Ernst L. (committee member), Cheng, Kam-Hoi (committee member), Vilalta, Ricardo (committee member), Pan, Tsorng-Whay (committee member).

Subjects/Keywords: Intrusion detection; Network Security; Stepping-stone Detection

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Ding, W. 1. (2014). Detecting Network Intruders Connected Through Long Stepping-stone Chains. (Doctoral Dissertation). University of Houston. Retrieved from http://hdl.handle.net/10657/4747

Chicago Manual of Style (16^th Edition):

Ding, Wei 1983-. “Detecting Network Intruders Connected Through Long Stepping-stone Chains.” 2014. Doctoral Dissertation, University of Houston. Accessed January 23, 2021. http://hdl.handle.net/10657/4747.

MLA Handbook (7^th Edition):

Ding, Wei 1983-. “Detecting Network Intruders Connected Through Long Stepping-stone Chains.” 2014. Web. 23 Jan 2021.

Vancouver:

Ding W1. Detecting Network Intruders Connected Through Long Stepping-stone Chains. [Internet] [Doctoral dissertation]. University of Houston; 2014. [cited 2021 Jan 23]. Available from: http://hdl.handle.net/10657/4747.

Council of Science Editors:

Ding W1. Detecting Network Intruders Connected Through Long Stepping-stone Chains. [Doctoral Dissertation]. University of Houston; 2014. Available from: http://hdl.handle.net/10657/4747

12. Chevalier, Ronny. Detecting and Surviving Intrusions : Exploring New Host-Based Intrusion Detection, Recovery, and Response Approaches : Détecter et survivre aux intrusions : exploration de nouvelles approches de détection, de restauration, et de réponse aux intrusions.

Degree: Docteur es, Informatique (STIC), 2019, CentraleSupélec

URL: http://www.theses.fr/2019CSUP0003

►

Les systèmes informatiques, tels que les ordinateurs portables ou les systèmes embarqués, sont construits avec des couches de mécanismes de sécurité préventifs afin de réduire… (more)

▼

Les systèmes informatiques, tels que les ordinateurs portables ou les systèmes embarqués, sont construits avec des couches de mécanismes de sécurité préventifs afin de réduire la probabilité qu’un attaquant les compromettent. Néanmoins, malgré des décennies d’avancées dans ce domaine, des intrusions surviennent toujours. Par conséquent, nous devons supposer que des intrusions auront lieu et nous devons construire nos systèmes afin qu’ils puissent les détecter et y survivre.Les systèmes d’exploitation généralistes sont déployés avec des mécanismes de détection d’intrusion, mais leur capacité à survivre à une intrusion est limitée. Les solutions de l’état de l’art nécessitent des procédures manuelles, comportent des pertes de disponibilité, ou font subir un fort coût en performance. De plus, les composants de bas niveau tels que le BIOS sont de plus en plus la cible d’attaquants cherchant à implanter des logiciels malveillants, furtifs, et résilients. Bien que des solutions de l’état de l’art garantissent l’intégrité de ces composants au démarrage, peu s’intéressent à la sécurité des services fournis par le BIOS qui sont exécutés au sein du System Management Mode (SMM).Ce manuscrit montre que nous pouvons construire des systèmes capables de détecter des intrusions au niveau du BIOS et y survivre au niveau du système d’exploitation. Tout d’abord, nous démontrons qu'une approche de survivabilité aux intrusions est viable et praticable pour des systèmes d’exploitation généralistes. Ensuite, nous démontrons qu'il est possible de détecter des intrusions au niveau du BIOS avec une solution basée sur du matériel.

Computing platforms, such as embedded systems or laptops, are built with layers of preventive security mechanisms to reduce the likelihood of attackers successfully compromising them. Nevertheless, given time and despite decades of improvements in preventive security, intrusions still happen. Therefore, systems should expect intrusions to occur, thus they should be built to detect and to survive them.Commodity Operating Systems (OSs) are deployed with intrusion detection solutions, but their ability to survive them is limited. State-of-the-art approaches from industry or academia either involve manual procedures, loss of availability, coarse-grained responses, or non-negligible performance overhead. Moreover, low-level components, such as the BIOS, are increasingly targeted by sophisticated attackers to implant stealthy and resilient malware. State-of-the-art solutions, however, mainly focus on boot time integrity, leaving the runtime part of the BIOS—known as the System Management Mode (SMM)—a prime target.This dissertation shows that we can build platforms that detect intrusions at the BIOS level and survive intrusions at the OS level. First, by demonstrating that intrusion survivability is a viable approach for commodity OSs. We develop a new approach that address various limitations from the literature, and we evaluate its security and performance. Second, by developing a hardware-based approach that detects…

Advisors/Committee Members: Mé, Ludovic (thesis director).

Subjects/Keywords: Sécurité; Détection d’intrusion; Réponse aux intrusions; Survivabilité; Security; Intrusion detection; Intrusion response; Intrusion recovery; Survivability

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Chevalier, R. (2019). Detecting and Surviving Intrusions : Exploring New Host-Based Intrusion Detection, Recovery, and Response Approaches : Détecter et survivre aux intrusions : exploration de nouvelles approches de détection, de restauration, et de réponse aux intrusions. (Doctoral Dissertation). CentraleSupélec. Retrieved from http://www.theses.fr/2019CSUP0003

Chicago Manual of Style (16^th Edition):

Chevalier, Ronny. “Detecting and Surviving Intrusions : Exploring New Host-Based Intrusion Detection, Recovery, and Response Approaches : Détecter et survivre aux intrusions : exploration de nouvelles approches de détection, de restauration, et de réponse aux intrusions.” 2019. Doctoral Dissertation, CentraleSupélec. Accessed January 23, 2021. http://www.theses.fr/2019CSUP0003.

MLA Handbook (7^th Edition):

Chevalier, Ronny. “Detecting and Surviving Intrusions : Exploring New Host-Based Intrusion Detection, Recovery, and Response Approaches : Détecter et survivre aux intrusions : exploration de nouvelles approches de détection, de restauration, et de réponse aux intrusions.” 2019. Web. 23 Jan 2021.

Vancouver:

Chevalier R. Detecting and Surviving Intrusions : Exploring New Host-Based Intrusion Detection, Recovery, and Response Approaches : Détecter et survivre aux intrusions : exploration de nouvelles approches de détection, de restauration, et de réponse aux intrusions. [Internet] [Doctoral dissertation]. CentraleSupélec; 2019. [cited 2021 Jan 23]. Available from: http://www.theses.fr/2019CSUP0003.

Council of Science Editors:

Chevalier R. Detecting and Surviving Intrusions : Exploring New Host-Based Intrusion Detection, Recovery, and Response Approaches : Détecter et survivre aux intrusions : exploration de nouvelles approches de détection, de restauration, et de réponse aux intrusions. [Doctoral Dissertation]. CentraleSupélec; 2019. Available from: http://www.theses.fr/2019CSUP0003

University of Western Ontario

13. Miriya Thanthrige, Udaya Sampath Karunathilaka Perera. Hidden Markov Model Based Intrusion Alert Prediction.

Degree: 2016, University of Western Ontario

URL: https://ir.lib.uwo.ca/etd/4044

► Intrusion detection is only a starting step in securing IT infrastructure. Prediction of intrusions is the next step to provide an active defense against incoming… (more)

Subjects/Keywords: Feature Reduction; HMM; Intrusion Alerts; Intrusion Detection; Intrusion Prediction; Other Electrical and Computer Engineering

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Miriya Thanthrige, U. S. K. P. (2016). Hidden Markov Model Based Intrusion Alert Prediction. (Thesis). University of Western Ontario. Retrieved from https://ir.lib.uwo.ca/etd/4044

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Miriya Thanthrige, Udaya Sampath Karunathilaka Perera. “Hidden Markov Model Based Intrusion Alert Prediction.” 2016. Thesis, University of Western Ontario. Accessed January 23, 2021. https://ir.lib.uwo.ca/etd/4044.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Miriya Thanthrige, Udaya Sampath Karunathilaka Perera. “Hidden Markov Model Based Intrusion Alert Prediction.” 2016. Web. 23 Jan 2021.

Vancouver:

Miriya Thanthrige USKP. Hidden Markov Model Based Intrusion Alert Prediction. [Internet] [Thesis]. University of Western Ontario; 2016. [cited 2021 Jan 23]. Available from: https://ir.lib.uwo.ca/etd/4044.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Miriya Thanthrige USKP. Hidden Markov Model Based Intrusion Alert Prediction. [Thesis]. University of Western Ontario; 2016. Available from: https://ir.lib.uwo.ca/etd/4044

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

North Carolina State University

14. Yadav, Meeta. Hardware Architecture of a Behavior Modeling Coprocessor for Network Intrusion Detection System.

Degree: PhD, Computer Engineering, 2009, North Carolina State University

URL: http://www.lib.ncsu.edu/resolver/1840.16/5601

► YADAV, MEETA. Hardware Architecture of a Behavior Modeling Coprocessor for Network Intrusion Detection. (Under the direction of Professor Paul D. Franzon). Intrusion detection systems protect… (more)

▼ YADAV, MEETA. Hardware Architecture of a Behavior Modeling Coprocessor for Network Intrusion Detection. (Under the direction of Professor Paul D. Franzon). Intrusion detection systems protect a network against exploitation and manipulation by monitoring the incoming and outgoing traffic and classifying it as normal or malicious. The task of classifying network traffic is difficult and is made more complex by growing performance pressures of increasing traffic rates, the need to detect stealthy attacks by performing sophisticated analysis, the requirement of in-line processing and the inability of software based systems to keep up with the line-speeds. Most current intrusion detection systems make trade-offs between one or more performance requirements. For instance, software based systems are scalable and can perform more complex algorithmic analysis on the network traffic but are incapable of keeping up with the line speeds. Hardware based systems can process packets in real-time but are not scalable or configurable, and they are limited to rule based packet filtering. These growing performance pressures on network security devices have redefined the issues to be addressed in the design of a security system, underlining the need for a scalable and configurable hardware system that has the ability to effectively detect intrusions by performing sophisticated analysis at line-speeds while keeping up with the increasing traffic rate and attack sophistication. The focus of this dissertation is to design a hardware based intrusion detection system that is scalable, configurable, and capable of analyzing traffic to detect various categories of attacks at linespeeds. Specifically, we address four important issues with the design of hardware based systems: - A behavior based technique was implemented in hardware to detect attacks embedded in the different protocol layers, across layers and in the payload of the packet. The technique monitors the traffic deeply, recovers-higher layer semantics, understands the flow of commands, requests, responses and detect attacks embedded across packets and across connections. The technique checks the network traffic for behavioral compliance using configurable, parametric data structures called theories that can model simple as well as complex behavior. Theories translate themselves into hardware using configurable functional units called assertion blocks. - Theories and assertion blocks are parametric and configurable in nature and can be configured to translate any behavior description to hardware. The ability of individual theories and assertion blocks to be configured lends the configurability aspect to the entire system. To enable the system to scale with an increase in behavior modules a configurable fabric of assertion blocks has been developed. The configurable assertion block fabric contains pre-synthesized assertion modules that are triggered by theories to perform the operation specified by the theories. - A Multi-Level Fractional Hash Algorithm was developed to… Advisors/Committee Members: Paul D. Franzon, Committee Chair (advisor), Michael A Rappa, Committee Member (advisor), Yannis Viniotis, Committee Member (advisor), Gregory T. Byrd, Committee Member (advisor).

Subjects/Keywords: Network Intrusion Prevention; Hardware Architecture; Security; Network Intrusion Detection

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Yadav, M. (2009). Hardware Architecture of a Behavior Modeling Coprocessor for Network Intrusion Detection System. (Doctoral Dissertation). North Carolina State University. Retrieved from http://www.lib.ncsu.edu/resolver/1840.16/5601

Chicago Manual of Style (16^th Edition):

Yadav, Meeta. “Hardware Architecture of a Behavior Modeling Coprocessor for Network Intrusion Detection System.” 2009. Doctoral Dissertation, North Carolina State University. Accessed January 23, 2021. http://www.lib.ncsu.edu/resolver/1840.16/5601.

MLA Handbook (7^th Edition):

Yadav, Meeta. “Hardware Architecture of a Behavior Modeling Coprocessor for Network Intrusion Detection System.” 2009. Web. 23 Jan 2021.

Vancouver:

Yadav M. Hardware Architecture of a Behavior Modeling Coprocessor for Network Intrusion Detection System. [Internet] [Doctoral dissertation]. North Carolina State University; 2009. [cited 2021 Jan 23]. Available from: http://www.lib.ncsu.edu/resolver/1840.16/5601.

Council of Science Editors:

Yadav M. Hardware Architecture of a Behavior Modeling Coprocessor for Network Intrusion Detection System. [Doctoral Dissertation]. North Carolina State University; 2009. Available from: http://www.lib.ncsu.edu/resolver/1840.16/5601

NSYSU

15. Yu Yang, Peng. Detecting Botnet-based Joint Attacks by Hidden Markov Model.

Degree: Master, Information Management, 2012, NSYSU

URL: http://etd.lib.nsysu.edu.tw/ETD-db/ETD-search/view_etd?URN=etd-0906112-214543

► We present a new detection model include monitoring network perimeter and hosts logs to counter the new method of attacking involve different hosts source during… (more)

Subjects/Keywords: Intrusion Detection System; Botnet; Hidden Markov Chain

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Yu Yang, P. (2012). Detecting Botnet-based Joint Attacks by Hidden Markov Model. (Thesis). NSYSU. Retrieved from http://etd.lib.nsysu.edu.tw/ETD-db/ETD-search/view_etd?URN=etd-0906112-214543

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Yu Yang, Peng. “Detecting Botnet-based Joint Attacks by Hidden Markov Model.” 2012. Thesis, NSYSU. Accessed January 23, 2021. http://etd.lib.nsysu.edu.tw/ETD-db/ETD-search/view_etd?URN=etd-0906112-214543.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Yu Yang, Peng. “Detecting Botnet-based Joint Attacks by Hidden Markov Model.” 2012. Web. 23 Jan 2021.

Vancouver:

Yu Yang P. Detecting Botnet-based Joint Attacks by Hidden Markov Model. [Internet] [Thesis]. NSYSU; 2012. [cited 2021 Jan 23]. Available from: http://etd.lib.nsysu.edu.tw/ETD-db/ETD-search/view_etd?URN=etd-0906112-214543.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Yu Yang P. Detecting Botnet-based Joint Attacks by Hidden Markov Model. [Thesis]. NSYSU; 2012. Available from: http://etd.lib.nsysu.edu.tw/ETD-db/ETD-search/view_etd?URN=etd-0906112-214543

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Penn State University

16. Sridhar, Srikumar. Testbed Design For Evaluation Of Active Cyber Defense Systems.

Degree: 2018, Penn State University

URL: https://submit-etda.libraries.psu.edu/catalog/15730sus511

► As with any system, often times, an attacker only needs to know a single vulnerability to compromise the entire system. To ensure a system is… (more)

▼ As with any system, often times, an attacker only needs to know a single vulnerability to compromise the entire system. To ensure a system is free of vulnerability is extremely difficult, if not impossible, especially for large systems with over millions of lines of code. Hence, we focus on a cyber security methodology called Moving Target Defense (MTD). The philosophy of MTD is that instead of attempting to build flawless systems to prevent attacks, one may continually change the attack surface (certain system dimensions) over time in order to increase complexity and cost for attackers to probe the system and launch the attack. The approach taken for implementing MTD in this thesis involves a naive checkpoint and restore methodology. If either an application has come under attack or the application hasn’t been switched for a while (a user-defined period), the container that it was running in will be killed and a new instance would be spawned (application switching). This would help prevent a single software vulnerability from compromising the whole system. The new instance of the application will begin its execution from the latest checkpoint available to it. We demonstrate this approach using checkpoint and restore in user space with docker containers. Additionally, we present the design of a complete, open-source, testbed for systems that utilize docker containers. Tools such as OSSEC (Open Source Host Based Intrusion Detection System Security), Snort (Network intrusion prevention and network intrusion detection system), Bro (Network intrusion detection system), Sysdig Falco (Runtime container monitoring tool) etc., are utilized to detect intrusions or anomalous behavior in a containerized environment. Multiple intrusion detection tools are enforced in the system while various exploits are carried out. We perform application switching along with IP mutation once an intrusion has been detected and evaluate the downtime associated with this process. We find that the process of checkpointing and restoring docker containers on the same host takes roughly 2.5 seconds. Advisors/Committee Members: Sencun Zhu, Thesis Advisor/Co-Advisor, Gang Tan, Committee Member.

Subjects/Keywords: Moving Target Defense; Container Migration; Intrusion Detection

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Sridhar, S. (2018). Testbed Design For Evaluation Of Active Cyber Defense Systems. (Thesis). Penn State University. Retrieved from https://submit-etda.libraries.psu.edu/catalog/15730sus511

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Sridhar, Srikumar. “Testbed Design For Evaluation Of Active Cyber Defense Systems.” 2018. Thesis, Penn State University. Accessed January 23, 2021. https://submit-etda.libraries.psu.edu/catalog/15730sus511.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Sridhar, Srikumar. “Testbed Design For Evaluation Of Active Cyber Defense Systems.” 2018. Web. 23 Jan 2021.

Vancouver:

Sridhar S. Testbed Design For Evaluation Of Active Cyber Defense Systems. [Internet] [Thesis]. Penn State University; 2018. [cited 2021 Jan 23]. Available from: https://submit-etda.libraries.psu.edu/catalog/15730sus511.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Sridhar S. Testbed Design For Evaluation Of Active Cyber Defense Systems. [Thesis]. Penn State University; 2018. Available from: https://submit-etda.libraries.psu.edu/catalog/15730sus511

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Penn State University

17. Cole, Robert James. Multi-step Attack Detection via Bayesian Modeling Under Model Parameter Uncertainty.

Degree: 2013, Penn State University

URL: https://submit-etda.libraries.psu.edu/catalog/17035

► Organizations in all sectors of business have become highly dependent upon information systems for the conduct of business operations. Of necessity, these information systems are… (more)

▼ Organizations in all sectors of business have become highly dependent upon information systems for the conduct of business operations. Of necessity, these information systems are designed with many points of ingress, points of exposure that can be leveraged by a motivated attacker seeking to compromise the confidentiality, integrity or availability of an organization’s information assets. To protect its assets, an organization needs to implement information security controls that mitigate the risks associated with these techniques. One of the key controls available to an organization today is the intrusion detection system (IDS), which is used to detect specific events associated with unauthorized or suspicious activity. Traditional IDS systems have two limitations that this research addresses. First, most IDS systems are tuned to detect specific attacks, but do not attempt to automatically reason across multiple attacks. Such emphasis on “single-step” attacks, as opposed to “multi-step” attacks puts the entire burden of reasoning across multiple steps of a potential attack on the security analyst. Second, traditional IDS systems do not explicitly consider uncertainty, which limits the analyst’s ability to model situations in which uncertainty might be a significant factor. This research examines the issue of multi-step attack detection in the presence of uncertainty in order to provide guidance to practitioners regarding the design and implementation of intrusion detection systems. First, we consider the bounding of uncertainty in a linear Bayesian model of multi-step attacks. In this work we outline a tradeoff between uncertainty and latency in the multi-step case: low inference uncertainty can be achieved but only at the price of latency in terms of the attack stage at which uncertainty levels become small. Next, we consider the problem of detection in a general attack topology. In this work, we show how to formulate queries for general definitions of intrusion and how to propagate parameter uncertainty through the model to a query result. In the case of zero parameter uncertainty, we provide an efficient algorithm to enumerate useful operating points within the 2-dimensional design space of detection rate x false positive rate. For the uncertain parameter case, we show how operating points become 2-dimensional operating boxes and show that the general problem of operating box enumeration is highly computationally complex, necessitating heuristic solutions. Next, we return our focus to the linear attack topology and theoretically show specific cases under which model parameter uncertainty cannot produce output uncertainty. Finally, we conduct experiments evaluating two heuristic solutions to the general detection problem under uncertainty, heuristics based on our theoretical results. We show that a heuristic solution based on our operating point enumeration algorithm provides results very close to those of full enumeration. Additionally, our experimental results show the significance of uncertainty in the… Advisors/Committee Members: Peng Liu, Dissertation Advisor/Co-Advisor, William Benjamin Gill, Committee Member, Sencun Zhu, Committee Member, George Kesidis, Special Member.

Subjects/Keywords: intrusion detection; IDS; uncertainty; Bayesian modeling; security

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Cole, R. J. (2013). Multi-step Attack Detection via Bayesian Modeling Under Model Parameter Uncertainty. (Thesis). Penn State University. Retrieved from https://submit-etda.libraries.psu.edu/catalog/17035

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Cole, Robert James. “Multi-step Attack Detection via Bayesian Modeling Under Model Parameter Uncertainty.” 2013. Thesis, Penn State University. Accessed January 23, 2021. https://submit-etda.libraries.psu.edu/catalog/17035.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Cole, Robert James. “Multi-step Attack Detection via Bayesian Modeling Under Model Parameter Uncertainty.” 2013. Web. 23 Jan 2021.

Vancouver:

Cole RJ. Multi-step Attack Detection via Bayesian Modeling Under Model Parameter Uncertainty. [Internet] [Thesis]. Penn State University; 2013. [cited 2021 Jan 23]. Available from: https://submit-etda.libraries.psu.edu/catalog/17035.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Cole RJ. Multi-step Attack Detection via Bayesian Modeling Under Model Parameter Uncertainty. [Thesis]. Penn State University; 2013. Available from: https://submit-etda.libraries.psu.edu/catalog/17035

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Penn State University

18. Chen, Po-Chun. Experience-Based Cyber Security Analytics.

Degree: 2011, Penn State University

URL: https://submit-etda.libraries.psu.edu/catalog/11363

► As the demand for computational resources and connectivity increases and contemporary computer network systems become more complex, the management of cyber security is progressively becoming… (more)

▼ As the demand for computational resources and connectivity increases and contemporary computer network systems become more complex, the management of cyber security is progressively becoming a serious issue. Cyber situation recognition is a challenging problem, particularly when the network size is large. The amount of data produced by existing intrusion detection tools and sensors usually significantly exceeds the cognition throughput of a human analyst. In attempting to align a huge amount of information and the limited human cognitive load, a critical disconnection between human cognition and cyber security tools has been identified. Although the problem of cyber intrusion detection has been studied from several perspectives using various approaches, the key component to bridging the gap between existing tools and human analysts' experiences is missing. A method to capture and leverage cyber security expertise for situation recognition from a high-level viewpoint on the entire network is important, but it is rarely mentioned in the literature. The goal of this research is to address the problem of cyber intrusion recognition from the viewpoint of leveraging cyber experts' experiences and reflections. We developed a systematic approach to capture and utilize experiences and reflections of security analysts to enhance cyber situation awareness. The contributions of the research include: 1) proposing an approach to enable systematic capture of experience and reflection of cyber security analysts; 2) enhancing the recognition of cyber situations using the captured experiences of cyber security analysts; 3) providing a knowledge-based strategy for relaxing the constraints of Horn logic-based experience patterns to enhance their utilization; and 4) demonstrating the benefit of experience-based cyber situation recognition through simulations. Advisors/Committee Members: John Yen, Dissertation Advisor/Co-Advisor, John Yen, Committee Chair/Co-Chair, Peng Liu, Committee Member, C Lee Giles, Committee Member, Prasenjit Mitra, Committee Member, Runze Li, Committee Member.

Subjects/Keywords: Cyber Situation Awareness; Intrusion Detection; Situation Recognition

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Chen, P. (2011). Experience-Based Cyber Security Analytics. (Thesis). Penn State University. Retrieved from https://submit-etda.libraries.psu.edu/catalog/11363

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Chen, Po-Chun. “Experience-Based Cyber Security Analytics.” 2011. Thesis, Penn State University. Accessed January 23, 2021. https://submit-etda.libraries.psu.edu/catalog/11363.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Chen, Po-Chun. “Experience-Based Cyber Security Analytics.” 2011. Web. 23 Jan 2021.

Vancouver:

Chen P. Experience-Based Cyber Security Analytics. [Internet] [Thesis]. Penn State University; 2011. [cited 2021 Jan 23]. Available from: https://submit-etda.libraries.psu.edu/catalog/11363.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Chen P. Experience-Based Cyber Security Analytics. [Thesis]. Penn State University; 2011. Available from: https://submit-etda.libraries.psu.edu/catalog/11363

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

University of KwaZulu-Natal

19. Naidoo, Tyrone. Unsupervised feature selection for anomaly-based network intrusion detection using cluster validity indices.

Degree: 2016, University of KwaZulu-Natal

URL: http://hdl.handle.net/10413/14171

► In recent years, there has been a rapid increase in Internet usage, which has in turn led to a rise in malicious network activity. Network… (more)

▼ In recent years, there has been a rapid increase in Internet usage, which has in turn led to a rise in malicious network activity. Network Intrusion Detection Systems (NIDS) are tools that monitor network traffic with the purpose of rapidly and accurately detecting malicious activity. These systems provide a time window for responding to emerging threats and attacks aimed at exploiting vulnerabilities that arise from issues such as misconfigured firewalls and outdated software. Anomaly-based network intrusion detection systems construct a profile of legitimate or normal traffic patterns using machine learning techniques, and monitor network traffic for deviations from the profile, which are subsequently classified as threats or intrusions. Due to the richness of information contained in network traffic, it is possible to define large feature vectors from network packets. This often leads to redundant or irrelevant features being used in network intrusion detection systems, which typically reduces the detection performance of the system. The purpose of feature selection is to remove unnecessary or redundant features in a feature space, thereby improving the performance of learning algorithms and as a result the classification accuracy. Previous approaches have performed feature selection via optimization techniques, using the classification accuracy of the NIDS on a subset of the data as an objective function. While this approach has been shown to improve the performance of the system, it is unrealistic to assume that labelled training data is available in operational networks, which precludes the use of classification accuracy as an objective function in a practical system. This research proposes a method for feature selection in network intrusion detection that does not require any access to labelled data. The algorithm uses normalized cluster validity indices as an objective function that is optimized over the search space of candidate feature subsets via a genetic algorithm. Feature subsets produced by the algorithm are shown to improve the classification performance of an anomaly{based network intrusion detection system over the NSL-KDD dataset. Despite not requiring access to labelled data, the classification performance of the proposed system approaches that of efective feature subsets that were derived using labelled training data. Advisors/Committee Members: Tapamo, Jules-Raymond. (advisor), McDonald, A. M. (advisor).

Subjects/Keywords: Computer engineering.; Network Intrusion Detection Systems (NIDS).

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Naidoo, T. (2016). Unsupervised feature selection for anomaly-based network intrusion detection using cluster validity indices. (Thesis). University of KwaZulu-Natal. Retrieved from http://hdl.handle.net/10413/14171

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Naidoo, Tyrone. “Unsupervised feature selection for anomaly-based network intrusion detection using cluster validity indices.” 2016. Thesis, University of KwaZulu-Natal. Accessed January 23, 2021. http://hdl.handle.net/10413/14171.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Naidoo, Tyrone. “Unsupervised feature selection for anomaly-based network intrusion detection using cluster validity indices.” 2016. Web. 23 Jan 2021.

Vancouver:

Naidoo T. Unsupervised feature selection for anomaly-based network intrusion detection using cluster validity indices. [Internet] [Thesis]. University of KwaZulu-Natal; 2016. [cited 2021 Jan 23]. Available from: http://hdl.handle.net/10413/14171.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Naidoo T. Unsupervised feature selection for anomaly-based network intrusion detection using cluster validity indices. [Thesis]. University of KwaZulu-Natal; 2016. Available from: http://hdl.handle.net/10413/14171

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

University of Houston

20. Zhang, Hongyang 1988-. Detecting Network Intruders by Examining Packet Crossovers in Connections.

Degree: MS, Computer Science, 2014, University of Houston

URL: http://hdl.handle.net/10657/867

► Routing packet traffic through a chain of hosts is a common technique for hackers to attack a victim machine without exposing themselves. Generally, a long… (more)

Subjects/Keywords: Intrusion detection; Stepping-stone; Computer science

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Zhang, H. 1. (2014). Detecting Network Intruders by Examining Packet Crossovers in Connections. (Masters Thesis). University of Houston. Retrieved from http://hdl.handle.net/10657/867

Chicago Manual of Style (16^th Edition):

Zhang, Hongyang 1988-. “Detecting Network Intruders by Examining Packet Crossovers in Connections.” 2014. Masters Thesis, University of Houston. Accessed January 23, 2021. http://hdl.handle.net/10657/867.

MLA Handbook (7^th Edition):

Zhang, Hongyang 1988-. “Detecting Network Intruders by Examining Packet Crossovers in Connections.” 2014. Web. 23 Jan 2021.

Vancouver:

Zhang H1. Detecting Network Intruders by Examining Packet Crossovers in Connections. [Internet] [Masters thesis]. University of Houston; 2014. [cited 2021 Jan 23]. Available from: http://hdl.handle.net/10657/867.

Council of Science Editors:

Zhang H1. Detecting Network Intruders by Examining Packet Crossovers in Connections. [Masters Thesis]. University of Houston; 2014. Available from: http://hdl.handle.net/10657/867

Florida International University

21. Jing, Xueyan. Innovative Two-Stage Fuzzy Classification for Unknown Intrusion Detection.

Degree: PhD, Electrical Engineering, 2016, Florida International University

URL: https://digitalcommons.fiu.edu/etd/2436 ; 10.25148/etd.FIDC000288 ; FIDC000288

► Intrusion detection is the essential part of network security in combating against illegal network access or malicious cyberattacks. Due to the constantly evolving nature… (more)

▼ Intrusion detection is the essential part of network security in combating against illegal network access or malicious cyberattacks. Due to the constantly evolving nature of cyber attacks, it has been a technical challenge for an intrusion detection system (IDS) to effectively recognize unknown attacks or known attacks with inadequate training data. Therefore in this dissertation work, an innovative two-stage classifier is developed for accurately and efficiently detecting both unknown attacks and known attacks with insufficient or inaccurate training information. The novel two-stage fuzzy classification scheme is based on advanced machine learning techniques specifically for handling the ambiguity of traffic connections and network data. In the first stage of the classification, a fuzzy C-means (FCM) algorithm is employed to softly compute and optimize clustering centers of the training datasets with some degree of fuzziness counting for feature inaccuracy and ambiguity in the training data. Subsequently, a distance-weighted k-NN (k-nearest neighbors) classifier, combined with the Dempster-Shafer Theory (DST), is introduced to assess the belief functions and pignistic probabilities of the incoming data associated with each of known classes to further address the data uncertainty issue in the cyberattack data. In the second stage of the proposed classification algorithm, a subsequent classification scheme is implemented based on the obtained pignistic probabilities and their entropy functions to determine if the input data are normal, one of the known attacks or an unknown attack. Secondly, to strengthen the robustness to attacks, we form the three-layer hierarchy ensemble classifier based on the FCM weighted k-NN DST classifier to have more precise inferences than those made by a single classifier. The proposed intrusion detection algorithm is evaluated through the application of the KDD’99 datasets and their variants containing known and unknown attacks. The experimental results show that the new two-stage fuzzy KNN-DST classifier outperforms other well-known classifiers in intrusion detection and is especially effective in detecting unknown attacks. Advisors/Committee Members: Hai Deng, Frank Urban, Jean Andrian, Deng Pan.

Subjects/Keywords: intrusion detection; classification; fuzzy; Dempster-shafer theory

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Jing, X. (2016). Innovative Two-Stage Fuzzy Classification for Unknown Intrusion Detection. (Doctoral Dissertation). Florida International University. Retrieved from https://digitalcommons.fiu.edu/etd/2436 ; 10.25148/etd.FIDC000288 ; FIDC000288

Chicago Manual of Style (16^th Edition):

Jing, Xueyan. “Innovative Two-Stage Fuzzy Classification for Unknown Intrusion Detection.” 2016. Doctoral Dissertation, Florida International University. Accessed January 23, 2021. https://digitalcommons.fiu.edu/etd/2436 ; 10.25148/etd.FIDC000288 ; FIDC000288.

MLA Handbook (7^th Edition):

Jing, Xueyan. “Innovative Two-Stage Fuzzy Classification for Unknown Intrusion Detection.” 2016. Web. 23 Jan 2021.

Vancouver:

Jing X. Innovative Two-Stage Fuzzy Classification for Unknown Intrusion Detection. [Internet] [Doctoral dissertation]. Florida International University; 2016. [cited 2021 Jan 23]. Available from: https://digitalcommons.fiu.edu/etd/2436 ; 10.25148/etd.FIDC000288 ; FIDC000288.

Council of Science Editors:

Jing X. Innovative Two-Stage Fuzzy Classification for Unknown Intrusion Detection. [Doctoral Dissertation]. Florida International University; 2016. Available from: https://digitalcommons.fiu.edu/etd/2436 ; 10.25148/etd.FIDC000288 ; FIDC000288

University of Victoria

22. Wang, Hongrui. Online intrusion detection design and implementation for SCADA networks.

Degree: Department of Electrical and Computer Engineering, 2017, University of Victoria

URL: http://hdl.handle.net/1828/7984

► The standardization and interconnection of supervisory control and data acquisition (SCADA) systems has exposed the systems to cyber attacks. To improve the security of the… (more)

▼ The standardization and interconnection of supervisory control and data acquisition (SCADA) systems has exposed the systems to cyber attacks. To improve the security of the SCADA systems, intrusion detection system (IDS) design is an effective method. However, traditional IDS design in the industrial networks mainly exploits the prede fined rules, which needs to be complemented and developed to adapt to the big data scenario. Therefore, this thesis aims to design an anomaly-based novel hierarchical online intrusion detection system (HOIDS) for SCADA networks based on machine learning algorithms theoretically and implement the theoretical idea of the anomaly-based intrusion detection on a testbed. The theoretical design of HOIDS by utilizing the server-client topology while keeping clients distributed for global protection, high detection rate is achieved with minimum network impact. We implement accurate models of normal-abnormal binary detection and multi-attack identification based on logistic regression and quasi-Newton optimization algorithm using the Broyden-Fletcher-Goldfarb-Shanno approach. The detection system is capable of accelerating detection by information gain based feature selection or principle component analysis based dimension reduction. By evaluating our system using the KDD99 dataset and the industrial control system datasets, we demonstrate that our design is highly scalable, e fficient and cost effective for securing SCADA infrastructures. Besides the theoretical IDS design, a testbed is modi ed and implemented for SCADA network security research. It simulates the working environment of SCADA systems with the functions of data collection and analysis for intrusion detection. The testbed is implemented to be more flexible and extensible compared to the existing related work on the testbeds. In the testbed, Bro network analyzer is introduced to support the research of anomaly-based intrusion detection. The procedures of both signature-based intrusion detection and anomaly-based intrusion detection using Bro analyzer are also presented. Besides, a generic Linux-based host is used as the container of different network functions and a human machine interface (HMI) together with the supervising network is set up to simulate the control center. The testbed does not implement a large number of traffic generation methods, but still provides useful examples of generating normal and abnormal traffic. Besides, the testbed can be modi ed or expanded in the future work about SCADA network security. Advisors/Committee Members: Dong, Xiaodai (supervisor), Lu, Tao (supervisor).

Subjects/Keywords: Intrusion detection; SCADA networks; Machine learning

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Wang, H. (2017). Online intrusion detection design and implementation for SCADA networks. (Masters Thesis). University of Victoria. Retrieved from http://hdl.handle.net/1828/7984

Chicago Manual of Style (16^th Edition):

Wang, Hongrui. “Online intrusion detection design and implementation for SCADA networks.” 2017. Masters Thesis, University of Victoria. Accessed January 23, 2021. http://hdl.handle.net/1828/7984.

MLA Handbook (7^th Edition):

Wang, Hongrui. “Online intrusion detection design and implementation for SCADA networks.” 2017. Web. 23 Jan 2021.

Vancouver:

Wang H. Online intrusion detection design and implementation for SCADA networks. [Internet] [Masters thesis]. University of Victoria; 2017. [cited 2021 Jan 23]. Available from: http://hdl.handle.net/1828/7984.

Council of Science Editors:

Wang H. Online intrusion detection design and implementation for SCADA networks. [Masters Thesis]. University of Victoria; 2017. Available from: http://hdl.handle.net/1828/7984

23. Chuluundorj, Zorigtbaatar. Augmenting Network Flows with User Interface Context to Inform Access Control Decisions.

Degree: MS, 2019, Worcester Polytechnic Institute

URL: etd-3101 ; https://digitalcommons.wpi.edu/etd-theses/1331

► Whitelisting IP addresses and hostnames allow organizations to employ a default-deny approach to network traffic. Organizations employing a default-deny approach can stop many malicious… (more)

Subjects/Keywords: Cybersecurity; Intrusion Detection System; Dynamic Whitelists

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Chuluundorj, Z. (2019). Augmenting Network Flows with User Interface Context to Inform Access Control Decisions. (Thesis). Worcester Polytechnic Institute. Retrieved from etd-3101 ; https://digitalcommons.wpi.edu/etd-theses/1331

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Chuluundorj, Zorigtbaatar. “Augmenting Network Flows with User Interface Context to Inform Access Control Decisions.” 2019. Thesis, Worcester Polytechnic Institute. Accessed January 23, 2021. etd-3101 ; https://digitalcommons.wpi.edu/etd-theses/1331.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Chuluundorj, Zorigtbaatar. “Augmenting Network Flows with User Interface Context to Inform Access Control Decisions.” 2019. Web. 23 Jan 2021.

Vancouver:

Chuluundorj Z. Augmenting Network Flows with User Interface Context to Inform Access Control Decisions. [Internet] [Thesis]. Worcester Polytechnic Institute; 2019. [cited 2021 Jan 23]. Available from: etd-3101 ; https://digitalcommons.wpi.edu/etd-theses/1331.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Chuluundorj Z. Augmenting Network Flows with User Interface Context to Inform Access Control Decisions. [Thesis]. Worcester Polytechnic Institute; 2019. Available from: etd-3101 ; https://digitalcommons.wpi.edu/etd-theses/1331

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

University of Victoria

24. Bin Aftab, Muhammad Usama. A Hybrid Framework for Intrusion Detection in Wireless Mesh Networks.

Degree: Department of Electrical and Computer Engineering, 2015, University of Victoria

URL: http://hdl.handle.net/1828/6984

► Network security is an important domain in the field of computer engineering. Sensitive information flowing across computer networks is vulnerable to potential threats, therefore it… (more)

Subjects/Keywords: wireless; mesh networks; intrusion detection; network security

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Bin Aftab, M. U. (2015). A Hybrid Framework for Intrusion Detection in Wireless Mesh Networks. (Masters Thesis). University of Victoria. Retrieved from http://hdl.handle.net/1828/6984

Chicago Manual of Style (16^th Edition):

Bin Aftab, Muhammad Usama. “A Hybrid Framework for Intrusion Detection in Wireless Mesh Networks.” 2015. Masters Thesis, University of Victoria. Accessed January 23, 2021. http://hdl.handle.net/1828/6984.

MLA Handbook (7^th Edition):

Bin Aftab, Muhammad Usama. “A Hybrid Framework for Intrusion Detection in Wireless Mesh Networks.” 2015. Web. 23 Jan 2021.

Vancouver:

Bin Aftab MU. A Hybrid Framework for Intrusion Detection in Wireless Mesh Networks. [Internet] [Masters thesis]. University of Victoria; 2015. [cited 2021 Jan 23]. Available from: http://hdl.handle.net/1828/6984.

Council of Science Editors:

Bin Aftab MU. A Hybrid Framework for Intrusion Detection in Wireless Mesh Networks. [Masters Thesis]. University of Victoria; 2015. Available from: http://hdl.handle.net/1828/6984

University of New Mexico

25. Fugate, Sunny. Methods for speculatively bootstrapping better intrusion detection system performance.

Degree: Department of Computer Science, 2012, University of New Mexico

URL: http://hdl.handle.net/1928/22040

► During the last three decades, the designers of computer IDSs have been continuously challenged with performance bottlenecks and scalability issues. The number of threats is… (more)

▼ During the last three decades, the designers of computer IDSs have been continuously challenged with performance bottlenecks and scalability issues. The number of threats is enormous. The performance of ID systems depends primarily on the quantity of input data and complexity of detected patterns. During noisy attacks, system load tends to increase proportional to increasing data rates, making ID systems vulnerable to flooding and denial-of-service attacks. Unfortunately, the number, type, and sophistication of threats is quickly increasing, outpacing our ability to detect them. The more we try to detect, the more computing and economic resources must be reserved solely for the task of detection, whittling away at what remains for performing useful computations. This dissertation describes methods for assessing the current scaling performance of signature-based IDSs and presents models for speculatively bootstrapping better IDS performance. Using measurements of the coverage and scaling performance of a modern signature-based IDS in the context of an anticipatory model, arguments are presented that maintaining compact, low-coverage signature-sets does not provide optimal protection for modern heterogeneous computing environments. The primary contribution is an analysis of how mechanisms of anticipatory bias can be used to achieve performance improvements. To support the theoretical models, two principal approaches have been implemented. The first uses a combination of anticipation and feedback in an attempt to decrease per-signature costs by (counter-intuitively) increasing system coverage. The approach uses learned sequence statistics to make predictions of future events. Each prediction above a chosen threshold is used to decrease per-stream detection cost by shunting traffic to smaller detectors (at the risk of increased error rates). The new approach promises decreasing per-signature costs as new detection signatures are added. The design and performance of a prototype anticipatory IDS, 'Packet Wrangler', demonstrates the feasibility of the basic approach. The second approach applies primarily to improving the performance of IDSs when under stress. When overburdened, an IDS will drop input data (often arbitrarily). A probabilistic signature activation approach is described which improves error rates by decreasing the total amount of input data lost by probabilistically dropping signature activations based on learned event statistics and system load. A theoretical analysis is presented which shows that a policy which drops signatures instead of packets can outperform the default policy of dropping packets in terms of total error rates. A rudimentary prototype based on the Snort IDS, 'Probabilistic Flowbits', is described. Experimental results are then given which show substantially decreased error rates while simultaneously decreasing system overhead. In conclusion, a case is made for expanding IDS coverage and implementation fast-feedback and anticipatory optimizations. It can be… Advisors/Committee Members: Luger, George, Crandall, Jedidiah, Hayes, Thomas, LorRaine, Duffy, Caudell, Thomas.

Subjects/Keywords: intrusion detection; performance optimization; speculative optimization

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Fugate, S. (2012). Methods for speculatively bootstrapping better intrusion detection system performance. (Doctoral Dissertation). University of New Mexico. Retrieved from http://hdl.handle.net/1928/22040

Chicago Manual of Style (16^th Edition):

Fugate, Sunny. “Methods for speculatively bootstrapping better intrusion detection system performance.” 2012. Doctoral Dissertation, University of New Mexico. Accessed January 23, 2021. http://hdl.handle.net/1928/22040.

MLA Handbook (7^th Edition):

Fugate, Sunny. “Methods for speculatively bootstrapping better intrusion detection system performance.” 2012. Web. 23 Jan 2021.

Vancouver:

Fugate S. Methods for speculatively bootstrapping better intrusion detection system performance. [Internet] [Doctoral dissertation]. University of New Mexico; 2012. [cited 2021 Jan 23]. Available from: http://hdl.handle.net/1928/22040.

Council of Science Editors:

Fugate S. Methods for speculatively bootstrapping better intrusion detection system performance. [Doctoral Dissertation]. University of New Mexico; 2012. Available from: http://hdl.handle.net/1928/22040

26. Badger, Eric C. Scalable data analytics pipeline for real-time attack detection: design, validation, and deployment in a honeypot environment.

Degree: MS, Electrical & Computer Engineering, 2015, University of Illinois – Urbana-Champaign

URL: http://hdl.handle.net/2142/89057

► This work explores a scalable data analytics pipeline for real-time attack detection through the use of customized honeypots at the National Center for Supercomputing Applications… (more)

Subjects/Keywords: Intrusion Detection

…Detection System ICSI International Computer Science Institute IDS Intrusion Detection System… …Network-based Intrusion Detection System (NIDS). Unlike OSSEC, Bro is running directly… …Comma-separated Values DDoS Distributed Denial of Service HIDS Host-based Intrusion… …Registry NCSA National Center for Supercomputing Applications NIDS Network-based Intrusion… …Detection System NSF National Science Foundation OS Operating System OSSEC Open Source…

11 more images…

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Badger, E. C. (2015). Scalable data analytics pipeline for real-time attack detection: design, validation, and deployment in a honeypot environment. (Thesis). University of Illinois – Urbana-Champaign. Retrieved from http://hdl.handle.net/2142/89057

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Badger, Eric C. “Scalable data analytics pipeline for real-time attack detection: design, validation, and deployment in a honeypot environment.” 2015. Thesis, University of Illinois – Urbana-Champaign. Accessed January 23, 2021. http://hdl.handle.net/2142/89057.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Badger, Eric C. “Scalable data analytics pipeline for real-time attack detection: design, validation, and deployment in a honeypot environment.” 2015. Web. 23 Jan 2021.

Vancouver:

Badger EC. Scalable data analytics pipeline for real-time attack detection: design, validation, and deployment in a honeypot environment. [Internet] [Thesis]. University of Illinois – Urbana-Champaign; 2015. [cited 2021 Jan 23]. Available from: http://hdl.handle.net/2142/89057.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Badger EC. Scalable data analytics pipeline for real-time attack detection: design, validation, and deployment in a honeypot environment. [Thesis]. University of Illinois – Urbana-Champaign; 2015. Available from: http://hdl.handle.net/2142/89057

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

University of Melbourne

27. WAHID, ALIF. Estimating the Internet malicious host population while preserving privacy.

Degree: 2013, University of Melbourne

URL: http://hdl.handle.net/11343/38139

► The Internet is a globally significant infrastructure that attracts a large number of threats posed by the population of malicious hosts within it. These threats… (more)

▼ The Internet is a globally significant infrastructure that attracts a large number of threats posed by the population of malicious hosts within it. These threats scale with the size of the malicious host population, which makes the accurate estimation of this population an important challenge. The difficulty of this challenge is further compounded by the conflicting requirements of preserving the privacy of bystanders associated with malicious host behaviour while accurately identifying malicious host instances across the Internet. In this thesis, we address this challenge of estimating the Internet malicious host population while preserving privacy. We begin by identifying four major research problems that have not been addressed in the literature. First is the lack of a model for host-to-address bindings. Second is the characterisation of malicious address properties. Third is the correlation of independent measurements. And fourth is the development of dynamic countermeasures. We subsequently proceed to develop novel solutions corresponding to the first three problems, while the fourth remains to be addressed in the future. Our first contribution is the development of a probabilistic model for host-to-address bindings, which allows the number of hosts that attached to an observed address to be inferred based on privacy preserving data sets and a publicly accessible ground truth. We demonstrate the properties of this model in terms of preferential attachment and point out its primary benefit in terms of enabling the inference of host behaviour based only on address characteristics, which is a necessary condition for privacy preservation. However, this leads to the need for an understanding of various address characteristics in order to draw reliable and robust inferences. Our second contribution is the analysis of a large repository of intrusion alerts from globally distributed vantage points that provide access to various characteristics of malicious addresses. We find that alerted addresses are active for very short periods in the order of a few minutes and that they rarely appear more than once. We also find that there are statistically self-similar properties corresponding to these addresses in terms of non-existent temporal and spatial clusters. The main implication is that intrusion alerts contain the necessary information for use with our model of host-to-address bindings but lack sufficient robustness for reliably estimating the number of malicious hosts corresponding to an address due to the presence of spoofed and inactive sources. Our third contribution is the combined analysis of passive measurements in the form of intrusion alerts with active measurements in the form of ping responses in order to identify those addresses that are active, attached, allocated and malicious simultaneously across two different data sets…

Subjects/Keywords: intrusion detection; privacy protection; network security

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

WAHID, A. (2013). Estimating the Internet malicious host population while preserving privacy. (Doctoral Dissertation). University of Melbourne. Retrieved from http://hdl.handle.net/11343/38139

Chicago Manual of Style (16^th Edition):

WAHID, ALIF. “Estimating the Internet malicious host population while preserving privacy.” 2013. Doctoral Dissertation, University of Melbourne. Accessed January 23, 2021. http://hdl.handle.net/11343/38139.

MLA Handbook (7^th Edition):

WAHID, ALIF. “Estimating the Internet malicious host population while preserving privacy.” 2013. Web. 23 Jan 2021.

Vancouver:

WAHID A. Estimating the Internet malicious host population while preserving privacy. [Internet] [Doctoral dissertation]. University of Melbourne; 2013. [cited 2021 Jan 23]. Available from: http://hdl.handle.net/11343/38139.

Council of Science Editors:

WAHID A. Estimating the Internet malicious host population while preserving privacy. [Doctoral Dissertation]. University of Melbourne; 2013. Available from: http://hdl.handle.net/11343/38139

28. Wang, Zhuo. Using Neural Networks in Intrusion Detection System for Cloud Computing .

Degree: 2014, California State University – San Marcos

URL: http://hdl.handle.net/10211.3/131348

► Information security is an issue of global concern nowadays. The complexity, accessibility, and extensiveness of the Internet have led to tremendous increase of security risk… (more)

▼ Information security is an issue of global concern nowadays. The complexity, accessibility, and extensiveness of the Internet have led to tremendous increase of security risk of information systems. The situation hasn't been improved and the harm and loss an intruder or a malicious attack can cause to an information system are known by more and more people, especially when the term "cloud computing" appeared in people's sights. Because of the grid distribution of cloud computing users, and their lack of knowledge on managing the cloud services, these users and their systems are always regarded as easy targets for intruders looking for possible vulnerabilities. In this case, an intrusion detection system (IDS) which collects user behaviors in the network and detects malicious activities can protect our systems from the attacks. Neural networks are widely applied in designing IDSs, because of their adaptation and qualifications in dealing with large scale of data, in our case, the dramatically large quantities of user behaviors through the Internet. Recently, in the area of artificial neural networks, the concept of combining multiple networks has been proposed as a fresh direction for the design and development of highly reliable IDS. An intrusion detection system built based on Multilayer perceptron (MLP) neural network and k-means neural network is presented in this thesis; the system combines both supervised learning and unsupervised learning methods and outperforms the intrusion detecting accuracy rate from systems based on either of them. The key idea of this system is to discover useful patterns or features that describe user behavior on a system, and this set of relevant features is used to build classifiers that can distinguish anomalies and known intrusions with normal user behaviors. Using a set of benchmark data from a KDD (Knowledge Discovery and Data Mining) competition supported by DARPA (Defense Advanced Research Projects Agency), the efficiency and accuracy this proposed system can achieve is demonstrated and the comparison between the performances of proposed system and other IDSs using only MLP, K-means and other neural networks or techniques like SOM (Self-organized Maps) and Radial Basis Function (RBF) are presented. Keywords: Cloud Computing, Intrusion Detection System (IDS), Artificial Neural Network (ANN), Supervised Learning, Unsupervised Learning, Multilayer Perceptron (MLP), K-means Algorithm Advisors/Committee Members: Wu, Shaun-inn (advisor).

Subjects/Keywords: Neural Networks; Intrusion Detection System; Cloud Computing

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Wang, Z. (2014). Using Neural Networks in Intrusion Detection System for Cloud Computing . (Thesis). California State University – San Marcos. Retrieved from http://hdl.handle.net/10211.3/131348

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Wang, Zhuo. “Using Neural Networks in Intrusion Detection System for Cloud Computing .” 2014. Thesis, California State University – San Marcos. Accessed January 23, 2021. http://hdl.handle.net/10211.3/131348.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Wang, Zhuo. “Using Neural Networks in Intrusion Detection System for Cloud Computing .” 2014. Web. 23 Jan 2021.

Vancouver:

Wang Z. Using Neural Networks in Intrusion Detection System for Cloud Computing . [Internet] [Thesis]. California State University – San Marcos; 2014. [cited 2021 Jan 23]. Available from: http://hdl.handle.net/10211.3/131348.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Wang Z. Using Neural Networks in Intrusion Detection System for Cloud Computing . [Thesis]. California State University – San Marcos; 2014. Available from: http://hdl.handle.net/10211.3/131348

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

University of Waterloo

29. Zaman, Safaa. A Collaborative Architecture for Distributed Intrusion Detection System based on Lightweight Modules.

Degree: 2009, University of Waterloo

URL: http://hdl.handle.net/10012/4505

► A variety of intrusion prevention techniques, such as user authentication (e.g.: using passwords), avoidance of programming errors, and information protection, have been used to protect… (more)

▼ A variety of intrusion prevention techniques, such as user authentication (e.g.: using passwords), avoidance of programming errors, and information protection, have been used to protect computer systems. However, intrusion prevention alone is not sufficient to protect our systems, as those systems become ever more complex with the rapid growth and expansion of Internet technology and local network systems. Moreover, programming errors, firewall configuration errors, and ambiguous or undefined security policies add to the system’s complexity. An Intrusion Detection System (IDS) is therefore needed as another layer to protect computer systems. The IDS is one of the most important techniques of information dynamic security technology. It is defined as a process of monitoring the events occurring in a computer system or network and analyzing them to differentiate between normal activities of the system and behaviours that can be classified as suspicious or intrusive. Current Intrusion Detection Systems have several known shortcomings, such as: low accuracy (registering high False Positives and False Negatives); low real-time performance (processing a large amount of traffic in real time); limited scalability (storing a large number of user profiles and attack signatures); an inability to detect new attacks (recognizing new attacks when they are launched for the first time); and weak system-reactive capabilities (efficiency of response). This makes the area of IDS an attractive research field. In recent years, researchers have investigated techniques such as artificial intelligence, autonomous agents, and distributed systems for detecting intrusion in network environments. This thesis presents a novel IDS distributed architecture – Collaborative Distributed Intrusion Detection System (C-dIDS), based on lightweight IDS modules – that integrates two main concepts in order to improve IDS performance and the scalability: lightweight IDS and collaborative architecture. To accomplish the first concept, lightweight IDS, we apply two different approaches: a features selection approach and an IDS classification scheme. In the first approach, each detector (IDS module) uses smaller amounts of data in the detection process by applying a novel features selection approach called the Fuzzy Enhanced Support Vector Decision Function (Fuzzy ESVDF). This approach improves the system scalability in terms of reducing the number of needed features without degrading the overall system performance. The second approach uses a new IDS classification scheme. The proposed IDS classification scheme employs multiple specialized detectors in each layer of the TCP/IP network model. This helps collecting efficient and useful information for dIDS, increasing the system’s ability to detect different attack types and reducing the system’s scalability. The second concept uses a novel architecture for dIDS called Collaborative Distributed Intrusion Detection System (C-dIDS) to integrate these different specialized detectors (IDS modules) that…

Subjects/Keywords: Intrusion Detection Systems

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Zaman, S. (2009). A Collaborative Architecture for Distributed Intrusion Detection System based on Lightweight Modules. (Thesis). University of Waterloo. Retrieved from http://hdl.handle.net/10012/4505

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Zaman, Safaa. “A Collaborative Architecture for Distributed Intrusion Detection System based on Lightweight Modules.” 2009. Thesis, University of Waterloo. Accessed January 23, 2021. http://hdl.handle.net/10012/4505.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Zaman, Safaa. “A Collaborative Architecture for Distributed Intrusion Detection System based on Lightweight Modules.” 2009. Web. 23 Jan 2021.

Vancouver:

Zaman S. A Collaborative Architecture for Distributed Intrusion Detection System based on Lightweight Modules. [Internet] [Thesis]. University of Waterloo; 2009. [cited 2021 Jan 23]. Available from: http://hdl.handle.net/10012/4505.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Zaman S. A Collaborative Architecture for Distributed Intrusion Detection System based on Lightweight Modules. [Thesis]. University of Waterloo; 2009. Available from: http://hdl.handle.net/10012/4505

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Colorado State University

30. Zhang, Han. Detecting advanced botnets in enterprise networks.

Degree: PhD, Computer Science, 2017, Colorado State University

URL: http://hdl.handle.net/10217/181362

► A botnet is a network composed of compromised computers that are controlled by a botmaster through command and control (C&C) channel. Botnets are more destructive… (more)

▼ A botnet is a network composed of compromised computers that are controlled by a botmaster through command and control (C&C) channel. Botnets are more destructive compared to common virus and malware, because they control the resources from many compromised computers. Botnets provide a very important platform for attacks, such as Distributed Denial-of-Service (DDoS), spamming, scanning, and many more. To foil detection systems, botnets began to use various evasion techniques, including encrypted communications, dynamically generated C&C domains, and more. We call such botnets that use evasion techniques as advanced botnets. In this dissertation, we introduce various algorithms and systems to detect advanced botnets in enterprise-like network environment. Encrypted botnets introduce several problems to detection. First, to enable research in detecting encrypted botnets, researchers need samples of encrypted botnet traces with ground truth, which are very hard to get. Traces that are available are not customizable, which prevents testing under various controlled scenarios. To address this problem we introduce BotTalker, a tool that can be used to generate customized encrypted botnet communication traffic. BotTalker emulates the actions a bot would take to encrypt communication. To the best of our knowledge, BotTalker is the first work that provides users customized encrypted botnet traffic. The second problem introduced by encrypted botnets is that Deep Packet Inspection (DPI)-based security systems are foiled. We measure the effects of encryption on three security systems, including Snort, Suricata and BotHunter (BH) using the encrypted botnet traffic generated by BotTalker. The results show that encryption foils these systems greatly. Then, we introduce a method to detect encrypted botnet traffic based on the fact that encryption increases data's entropy. In particular, we present two high-entropy (HE) classifiers and add one of them to enhance BH by utilizing the other detectors it provides. By doing this HE classifier restores BH's ability to detect bots, even when they use encryption. Entropy calculation at line speed is expensive, especially when the flows are very long. To deal with this issue, we introduce two algorithms to classify flows as HE by looking at only part of a flow. In particular, we classify a flow as HE or low entropy (LE) by only considering the first M packets of the flow. These early HE classifiers are used in two ways: (a) to improve the speed of bot detection tools, and (b) as a filter to reduce the load on an Intrusion Detection System (IDS). We implement the filter as a preprocessor in Snort. The results show that by using the first 15 packets of a flow the traffic delivered to IDS is reduced by more than 50% while maintaining more than 99.9% of the original alerts. Comparing our traffic reduction scheme with other work we find that they need to inspect at least 13 times more packets than ours or they miss about 70 times of the alerts. To improve the resiliency of communication between… Advisors/Committee Members: Papadopoulos, Christos (advisor), Ray, Indrakshi (committee member), Pallickara, Shrideep (committee member), Hayne, Stephen C. (committee member).

Subjects/Keywords: DNS; network security; intrusion detection system; Botnet

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Zhang, H. (2017). Detecting advanced botnets in enterprise networks. (Doctoral Dissertation). Colorado State University. Retrieved from http://hdl.handle.net/10217/181362

Chicago Manual of Style (16^th Edition):

Zhang, Han. “Detecting advanced botnets in enterprise networks.” 2017. Doctoral Dissertation, Colorado State University. Accessed January 23, 2021. http://hdl.handle.net/10217/181362.

MLA Handbook (7^th Edition):

Zhang, Han. “Detecting advanced botnets in enterprise networks.” 2017. Web. 23 Jan 2021.

Vancouver:

Zhang H. Detecting advanced botnets in enterprise networks. [Internet] [Doctoral dissertation]. Colorado State University; 2017. [cited 2021 Jan 23]. Available from: http://hdl.handle.net/10217/181362.

Council of Science Editors:

Zhang H. Detecting advanced botnets in enterprise networks. [Doctoral Dissertation]. Colorado State University; 2017. Available from: http://hdl.handle.net/10217/181362

Open Access Theses and Dissertations