Sharif Digital Repository

In the last decade, Intrusion Detection Systems has attracted attention due to their importance in network security, but still they've shortcomings. Generating a lot of low level alerts is the main problem. Many of these alerts are actually false positives. One suggested solution is Alert Correlation Analysis. Because of false positives alert correlation techniques are not able to build accurate scenarios, but the accuracy of alerts can be verified with the aid of the information logged in the host systems. In this dissertation after surveying the current alert correlation techniques, a model will be introduced to effectively verify the generated alerts and to apply correlation techniques to... 

Wireless Sensor Networks (WSNs) are rapidly emerging as an important area in mobile computing research. Applications of WSNs are numerous and growing, some of them are even highly critical, like military or safety applications. Security measures must be applied to protect the network from a variety of attacks. Since no intrusion prevention measure is perfect, intrusion detection becomes an important second wall to protect the network. WSNs have unique nature which is different from other kinds of networks. In this project, we examine the characteristics and vulnerabilities of WSNs and propose a new intrusion detection model to protect the network security. In this work we have not only... 

The growth of intelligent attacks has prompted the designers to envision the intrusion detection as a built-in process in operating systems. This thesis investigates a novel anomaly-based intrusion detection mechanism which utilizes the manner of interactions between users and kernel processes to bring functionality to this notion. In fact, this mechanism is inspired by homeostatic behavior of an organism. Homeostatic is the property of an open system or a closed system, particularly a living organism, which regulates its internal environment to maintain a stable, constant condition. Such a developed mechanism can provide the computer system with a high level of protection from artificial... 

Existing Intrusion Detection Systems (IDSs) are not designed to deal with all categories of processing environments. This thesis focuses on IDSs for the Grid computing environment, and concentrates on feature selection and performance. An existing framework, Globus, is used as the basis for the consideration and development of the research issue in Grid computing. The system is based on two engine designs: (a) Signature and (b) Support Vector Machine; SVM has been selected for pattern discovery in traffic analysis. We found that the performance of the system greatly depends on the efficiency of the underlying framework and the number of Intrusion Detection System instances. We demonstrate... 

In recent decades, Securing mobile ad hoc networks has attracted much attention. Today, several security tools, such as intrusion detection systems are used in the network. Methods based IDS works on pattern recognition and anomaly detection are divided into two categories. Pattern recognition methods based on known attack patterns work with high detection rate, but do not have the ability to detect new attacks. Anomaly detection techniques have the ability to detect new attacks, but they have high false alarm rate.
In this thesis, an anomaly detection system based on artificial immune designed, implemented and evaluated.For example, an anomaly detection methods such cases, a variety of... 

Wireless technology can now be seen almost everywhere. This technology has recently become very popular, and with the convenience that comes with its use, it will probably be the most commonly used technology among computer networks in the near future. Unfortunately, new technology is always under fire when it comes to security.So that this type of network security has become a big challenge for them.
The researchers approach to security in wireless networks that have a lot of attention is the use of intrusion detection systems. An intrusion detection system (IDS) monitors network traffic and monitors for suspicious activity and alerts the system or network administrator. In some cases... 

The rapid growth and increase in complexity of modern network and communication systems have made a demand for protecting organizations’ sensitive data and resources from malicious intrusions. Attackers and intruders perform malicious attacks by exploiting vulnerabilities, weaknesses, and flaws in computer systems using novel and advanced techniques. Traditional security mechanisms, such as authentication, access control, and firewall cannot prevent these attacks. Therefore, Intrusion detection systems (IDSs) are employed to detect abnormal activities and monitor network traffic and hosts’ events. These systems suffer from several limitations, including generating a huge amount of alerts and... 

Intrusion Detection Systems (IDSs) are among the mostly used security tools in computer networks. While they are promising technologies, they pose some serious drawbacks: When utilized in large and high traffic networks, IDSs generate high volumes of low level alerts which are hardly manageable. In addition, IDSs usually generate redundant or even irrelevant (false) alerts. One technique proposed to circumvent such drawbacks is alert correlation, which extracts useful and high-level alerts, and helps in making timely decisions when a security breach occurs. This thesis will survey current alert correlation techniques, and introduces a real-time and data-mining–based algorithm for alert... 

In this thesis we propose a two-layer hybrid fuzzy genetic algorithm for designing anomaly based an Intrusion Detection System. Our proposed algorithm is based on two basic Genetic Based Machine Learning Styles (i.e. Pittsburgh and Michigan). The Algorithm supports multiple attack classifications; it means that the algorithm is able to detect five classes of network patterns consisting of Denial of Service, Remote to Local, User to Root, Probing and Normal class.
Our proposed algorithm has two approaches. In the first approach we choose Pittsburgh style as the base of the algorithm that provides a global search. Then combine it with Michigan style to support local search. In this... 

Flash Crowd traffic generation can be used as a metrics for measuring the resiliency and performance of a server. Also, it can provide a framework for verification and test of Intrusion detection systems (IDS) and Intrusion protection systems (IPS). Common traffic generation methods mimic timing and content of input traffic or regenerate input traffic by extracting its statistic distribution. So all of them need input traffic, while properties of Flash Crowd are different in the various servers and situations and there is no guaranty in existence of such samples of traffic for all servers. In this thesis, we introduce and use a new method for traffic generation without the need for input... 

While intrusion detection systems (IDSs) are widely used, large number of alerts as well as high rate of false positive events make such a security mechanism insufficient. Accordingly, a track of recent security research, focused on alert correlation. This thesis proposes a Hidden Markov Model (HMM) based correlation method of intrusion alerts which have been fired from different IDS sensors across an enterprise. We used HMM to predict the next attack class of the intruder that is also known as plan recognition. Our method has two advantages. Firstly, it does not require any usage or modeling of network topology, system vulnerabilities, and system configurations. Secondly, as we perform high... 

With the growing deployment of host and network intrusion detection systems, analyzing generated alerts from these systems becomes critically important and challenging due to its complexity and high amount of data. A perfect intrusion detection system would be able to identify all the attacks without raising any false and non-relevant alarms. Unfortunately, false alarms are commonplace in intrusion detection systems. Non-relevant alerts, which are associated with attacks that were not successful, are also common. The process of identifying false and non-relevant alerts is called alert verification. Also nowadays, web applications are widely used in critical and important roles (e.g.,... 

Smart grids are the new generation of power grids that combine the power distribution grid with the communications network. The purpose of these networks is to create a secure, two-way infrastructure for the transmission of power and information. The complex structure of smart grids, along with the inherent vulnerabilities of physical systems, old devices and protocols on the network and the need for backward compatibility, have created serious cyber risks to critical assets and infrastructures. The difference between these types of networks and conventional computer networks has made the security mechanisms developed in conventional computer networks not very suitable for these types of... 

Due to the rapid development of computer networks, security is a major concern. Methods of intruding computer networks are also rapidly developing, and there is a new method every day. These facts corroborate the need for new and more intelligent mechanisms for detecting intrusion. To detect intrusion, one must analyze the network traffic. The most used traditional methods of traffic separation are port-based and payload based detection. The former is not so efficient, and the latter is not only inefficient but also violates the privacy of users. Unsatisfied by such methods, researchers adopted machine learning techniques and tried to develop new solutions for detecting intrusion. Methods... 

The rapid advancement of information technology and computer networks raised concerns of the users and network administrators regarding security. The development of computer networks and the increase in the number of specialists in this field led to the increase in the number of people who seek to abuse these networks, people known as attackers. The attackers look for security defects in a network to penetrate and abuse it proportionate to their needs. Considering the risks of these attacks, it is necessary to have an intrusion detection system (IDS). IDSs are capable of detecting attack traffic or suspected traffic, then, they alert the network administrators, and consequently, stop the... 

Nowadays, by integrating the Internet of Things systems into the daily life of humans, mankind has created a platform for providing numerous and diverse services through which life has become much simpler and more convenient. These systems have gradually become an integral part of today's life. They are used in many areas of production and service provision, such as healthcare, agricultural industry, supply chain, education system, transportation, and many others. Although these achievements have facilitated human life in many aspects, they are also associated with many security risks. Intrusion detection systems (IDS) are methods for predicting possible damage (through security attacks such... 

Today, with the increasing expansion and development of computer networks and information technology, network security has become an important concern for experts and researchers in this field. One of the main elements in the field of information and network security are intrusion detection systems. To maintain the accuracy and quality of these systems, we need to test and evaluate them frequently. The datasets of intrusion detection systems are one of the main tools for evaluating these systems. The quality and accuracy of these systems in detecting anomalies and attacks in the network largely rely on rich and complete data. Also, the main component of this datasets is the traffic data,...