Sharif Digital Repository

Today, with the development of technology, cyberattacks are on the rise. Personal and corporate computer systems can be exposed to various threats and dangers of hackers and malware, including information theft, forgery, and denial of service, which can cause great material and moral damage to individuals and organizations. So, it is necessary to take security measures in this regard. Many security mechanisms are available to prevent security vulnerabilities against various threats. In this study, first, after carefully studying network attacks, we identify the criteria for identifying attacks that can be executed in network traffic and explain how to calculate them. The current research... 

With the growing deployment of host and network intrusion detection systems, analyzing generated alerts from these systems becomes critically important and challenging due to its complexity and high amount of data. A perfect intrusion detection system would be able to identify all the attacks without raising any false and non-relevant alarms. Unfortunately, false alarms are commonplace in intrusion detection systems. Non-relevant alerts, which are associated with attacks that were not successful, are also common. The process of identifying false and non-relevant alerts is called alert verification. Also nowadays, web applications are widely used in critical and important roles (e.g.,... 

Existing Intrusion Detection Systems (IDSs) are not designed to deal with all categories of processing environments. This thesis focuses on IDSs for the Grid computing environment, and concentrates on feature selection and performance. An existing framework, Globus, is used as the basis for the consideration and development of the research issue in Grid computing. The system is based on two engine designs: (a) Signature and (b) Support Vector Machine; SVM has been selected for pattern discovery in traffic analysis. We found that the performance of the system greatly depends on the efficiency of the underlying framework and the number of Intrusion Detection System instances. We demonstrate... 

Nowadays, by integrating the Internet of Things systems into the daily life of humans, mankind has created a platform for providing numerous and diverse services through which life has become much simpler and more convenient. These systems have gradually become an integral part of today's life. They are used in many areas of production and service provision, such as healthcare, agricultural industry, supply chain, education system, transportation, and many others. Although these achievements have facilitated human life in many aspects, they are also associated with many security risks. Intrusion detection systems (IDS) are methods for predicting possible damage (through security attacks such... 

Software Defined Networking (SDN) provides a logically centralized view of the state of the network, and as a result opens up new ways to manage and monitor networks. In this dissertation a novel approach to network intrusion detection in SDNs is introduced that takes advantage of these attributes. This approach can detect compromised routers that produce faulty messages, copy or steal traffic or maliciously drop certain types of packets. To identify these attacks and the affected switches, we correlate the forwarding state of network---i.e. installed forwarding rules---with the forwarding status of packets---i.e. the actual route packets take in the network and detect anomaly in routes.... 

While intrusion detection systems (IDSs) are widely used, large number of alerts as well as high rate of false positive events make such a security mechanism insufficient. Accordingly, a track of recent security research, focused on alert correlation. This thesis proposes a Hidden Markov Model (HMM) based correlation method of intrusion alerts which have been fired from different IDS sensors across an enterprise. We used HMM to predict the next attack class of the intruder that is also known as plan recognition. Our method has two advantages. Firstly, it does not require any usage or modeling of network topology, system vulnerabilities, and system configurations. Secondly, as we perform high... 

Intrusion Detection System (IDS) is an equipment destined to provide computer networks security. In recent years, Machine Learning and Deep Neural Network (DNN) methods have been considered as a way to detect new network attacks. Due to the huge amounts of calculations needed for these methods, there is a need for high performance and parallel or specific processors, such as Application Specific Integrated Circuit (ASIC), Graphical Processor Unit (GPU) and Field-Programmable Gate Array (FPGA). The latter seems more suitable than others due to its higher configurability and lesser power consumption. The goal of this study is the acceleration of a DNN-based IDS on FPGA. In this study, which is... 

With the rapid growth of Internet popularity, web applications are growing in usage and complexity, and therefore, are attractive targets for attackers. Increasing number of services and amount of information stored in the Internet, stimulates attackers to focus on these kind of applications. On the other hand, security specialists are deploying different solutions to mitigate such threats. One of these solutions are Honeypot systems. In contrast with other security solutions, honeypots are not designed to defend against attackers directly. Honeypots, rather, are planned to gather data about what attackers do. This information can help security administrators to learn and understand... 

SCADA controls, audits and accesses data but is only attributed for controlling and carrying out measurements on a large scale. In the SCADA, gathering of information starts from the PLC and after interpretation morphs into a format that can be shown to the user of the control room. In the SCADA system, many protocols are used to exchange information amongst logical controller units like DNP3, Profibus and Modbus. Many of the aforementioned protocols have been upgraded and are used in the Internet. The use in the Internet has led to vulnerability of SCADA from Internet hackers. Consequently, securing the SCADA system is essential for nationally sensitive structures. The goal of this thesis... 

In the last decade, Intrusion Detection Systems has attracted attention due to their importance in network security, but still they've shortcomings. Generating a lot of low level alerts is the main problem. Many of these alerts are actually false positives. One suggested solution is Alert Correlation Analysis. Because of false positives alert correlation techniques are not able to build accurate scenarios, but the accuracy of alerts can be verified with the aid of the information logged in the host systems. In this dissertation after surveying the current alert correlation techniques, a model will be introduced to effectively verify the generated alerts and to apply correlation techniques to... 

Wireless technology can now be seen almost everywhere. This technology has recently become very popular, and with the convenience that comes with its use, it will probably be the most commonly used technology among computer networks in the near future. Unfortunately, new technology is always under fire when it comes to security.So that this type of network security has become a big challenge for them.
The researchers approach to security in wireless networks that have a lot of attention is the use of intrusion detection systems. An intrusion detection system (IDS) monitors network traffic and monitors for suspicious activity and alerts the system or network administrator. In some cases... 

With the spread of threats against industrial control systems, preserving the security of these systems faces serious challenges. On the other hand, with the increase of communication between industrial control networks and external communication networks, the entry points of these networks have also increased and this exposes them to IP network threats. Beside that, traditional attacks on these systems, which generally occur by infiltrating the internal network, are also constantly changing and becoming more complex. These attacks mainly have a phase of hiding the attack from the monitoring systems, which eliminates the possibility of identifying the attacker's operations to a great extent... 

Flash Crowd traffic generation can be used as a metrics for measuring the resiliency and performance of a server. Also, it can provide a framework for verification and test of Intrusion detection systems (IDS) and Intrusion protection systems (IPS). Common traffic generation methods mimic timing and content of input traffic or regenerate input traffic by extracting its statistic distribution. So all of them need input traffic, while properties of Flash Crowd are different in the various servers and situations and there is no guaranty in existence of such samples of traffic for all servers. In this thesis, we introduce and use a new method for traffic generation without the need for input... 

The rapid growth of computer networks has increased the importance of analytics and traffic analysis tools for these networks, and the increasing importance of these networks has increased the importance of security of these networks and the intrusion detection in these networks. Many studies aimed at providing a powerful way to quickly and accurately detect computer network intrusions, each of which has addressed this issue.The common point of all these methods is their reliance on the features extracted from network traffic by an expert. This strong dependence has prevented these methods from being flexible against new attacks and methods of intrusion or changes in the current normal... 

Mobile ad hoc networks (MANETs) have been attracting the attention of the researchers in the duration of last years. Because of lack of infrastructure in such networks, all network operations such as routing are done by the nodes themselves. On the other hand, standard MANETs' routing protocols suppose that all nodes are trusted. Thus, these protocols are prone to serious security attack. Wormhole attack is one of the attacks which abuse distributed routing in MANETs. This attack is held between two malicious nodes which are far away from each other. Mentioned nodes introduce themselves as one-hop neighbor of each other. Therefore, they deceive normal nodes and disturb the routing mechanism.... 

The rapid advancement of information technology and computer networks raised concerns of the users and network administrators regarding security. The development of computer networks and the increase in the number of specialists in this field led to the increase in the number of people who seek to abuse these networks, people known as attackers. The attackers look for security defects in a network to penetrate and abuse it proportionate to their needs. Considering the risks of these attacks, it is necessary to have an intrusion detection system (IDS). IDSs are capable of detecting attack traffic or suspected traffic, then, they alert the network administrators, and consequently, stop the... 

The rapid growth and increase in complexity of modern network and communication systems have made a demand for protecting organizations’ sensitive data and resources from malicious intrusions. Attackers and intruders perform malicious attacks by exploiting vulnerabilities, weaknesses, and flaws in computer systems using novel and advanced techniques. Traditional security mechanisms, such as authentication, access control, and firewall cannot prevent these attacks. Therefore, Intrusion detection systems (IDSs) are employed to detect abnormal activities and monitor network traffic and hosts’ events. These systems suffer from several limitations, including generating a huge amount of alerts and... 

We live in the cyber era in which network-based technologies have become omnipresent. Meanwhile, threats and attacks are rapidly growing in cyberspace. Nowadays, some signature-based intrusion detection systems try to detect these malicious traffics. However, as new vulnerabilities and new zero-day attacks appear, there is a growing risk of bypassing the current intrusion detection systems. Many research studies have worked on machine learning algorithms for intrusion detection applications. Their major weakness is to consider the different aspects of network security concurrently. For example, continuous concept drift in normal and abnormal traffic, the permanent appearance of zero-day... 

A Mobile Ad hoc NETwork (MANET) is a self-configuring network that is formed automatically by a collection of mobile nodes without the help of a fixed infrastructure or centralized management. In recent years, the use of MANETs has been widespread in many applications, including some mission critical applications, and as such security has become one of the major concerns in MANETs. Due to some unique characteristics of MANETs, prevention methods alone are not sufficient to make them secure; therefore, detection should be added as another defense before an attacker can breach the system. In this thesis, we have expressed some well-known and related intrusion detection systems. Besides we have... 

Today, with the increasing expansion and development of computer networks and information technology, network security has become an important concern for experts and researchers in this field. One of the main elements in the field of information and network security are intrusion detection systems. To maintain the accuracy and quality of these systems, we need to test and evaluate them frequently. The datasets of intrusion detection systems are one of the main tools for evaluating these systems. The quality and accuracy of these systems in detecting anomalies and attacks in the network largely rely on rich and complete data. Also, the main component of this datasets is the traffic data,...