Loading...
| Friend's email | |
| Your name | |
| Your email | |
| enter code | |
This page was sent successfuly
- Type of Document: M.Sc. Thesis
- Language: English
- Document No: 40884 (52)
- University: Sharif University of Technology, International Campus, Kish Island
- Department: Science and Engineering
- Advisor(s): Jalili, Rasool
- Abstract:
- While intrusion detection systems (IDSs) are widely used, large number of alerts as well as high rate of false positive events make such a security mechanism insufficient. Accordingly, a track of recent security research, focused on alert correlation. This thesis proposes a Hidden Markov Model (HMM) based correlation method of intrusion alerts which have been fired from different IDS sensors across an enterprise. We used HMM to predict the next attack class of the intruder that is also known as plan recognition. Our method has two advantages. Firstly, it does not require any usage or modeling of network topology, system vulnerabilities, and system configurations. Secondly, as we perform high level prediction, the model is more robust against over-fitting. This is while, the other published plan recognition methods try to predict exactly the next attacker action. We evaluated our method both with supervised and unsupervised learning techniques using DARPA 2000 dataset. Results illustrate the effectiveness and accuracy of the method.
- Keywords:
- Alert Correlation ; Markov Chain ; Hidden Markov Model ; Intrusion Detection System ; Plan Recognition
Digital Object List-
محتواي پايان نامه - view
Bookmark