Loading...
Search for:
intrusion-detection-systems
0.013 seconds
Total 54 records
Web driven alert verification
, Article 2014 11th International ISC Conference on Information Security and Cryptology, ISCISC 2014 ; Sep , 2014 , p. 180-185 ; Sepahi, A ; Jalili, R ; Sharif University of Technology
Abstract
A web attack is an attack against a web server through the HTTP Protocol. By analyzing known web attacks, we find out that each one has its own behavior. Vestiges of their behavior could be detected in non-body parts of the HTTP Protocol. Such information can be used to verify web alerts generated by Web Application Firewalls (WAFs) and Web Intrusion Detection Systems (Web IDSs). In this paper, we propose a method to verify web alerts generated by mentioned sensors. The goal of the alert verification component is to eliminate or tag alerts that do not represent successful attacks. Our approach is based on analyzing HTTP Transaction metadata, including Request method, Request Headers, Status...
Design and analysis of genetic fuzzy systems for intrusion detection in computer networks
, Article Expert Systems with Applications ; Volume 38, Issue 6 , June , 2011 , Pages 7067-7075 ; 09574174 (ISSN) ; Mohamadi, H ; Habibi, J ; Sharif University of Technology
2011
Abstract
The capability of fuzzy systems to solve different kinds of problems has been demonstrated in several previous investigations. Genetic fuzzy systems (GFSs) hybridize the approximate reasoning method of fuzzy systems with the learning capability of evolutionary algorithms. The objective of this paper is to design and analysis of various kinds of genetic fuzzy systems to deal with intrusion detection problem as a new real-world application area which is not previously tackled with GFSs. The resulted intrusion detection system would be capable of detecting normal and abnormal behaviors in computer networks. We have presented three kinds of genetic fuzzy systems based on Michigan, Pittsburgh and...
An Intrusion Detection System for the Grid Environment
, M.Sc. Thesis Sharif University of Technology ; Jalili, Rasool (Supervisor)
Abstract
Existing Intrusion Detection Systems (IDSs) are not designed to deal with all categories of processing environments. This thesis focuses on IDSs for the Grid computing environment, and concentrates on feature selection and performance. An existing framework, Globus, is used as the basis for the consideration and development of the research issue in Grid computing. The system is based on two engine designs: (a) Signature and (b) Support Vector Machine; SVM has been selected for pattern discovery in traffic analysis. We found that the performance of the system greatly depends on the efficiency of the underlying framework and the number of Intrusion Detection System instances. We demonstrate...
Historical Alert Analysis in Host-based Intrusion Detection
, M.Sc. Thesis Sharif University of Technology ; Abolhassani, Hassan (Supervisor)
Abstract
In the last decade, Intrusion Detection Systems has attracted attention due to their importance in network security, but still they've shortcomings. Generating a lot of low level alerts is the main problem. Many of these alerts are actually false positives. One suggested solution is Alert Correlation Analysis. Because of false positives alert correlation techniques are not able to build accurate scenarios, but the accuracy of alerts can be verified with the aid of the information logged in the host systems. In this dissertation after surveying the current alert correlation techniques, a model will be introduced to effectively verify the generated alerts and to apply correlation techniques to...
A novel Intrusion Detection System for Mobile Ad-Hoc Network Based on Clustering
, M.Sc. Thesis Sharif University of Technology ; Movaghar, Ali (Supervisor)
Abstract
A Mobile Ad hoc NETwork (MANET) is a self-configuring network that is formed automatically by a collection of mobile nodes without the help of a fixed infrastructure or centralized management. In recent years, the use of MANETs has been widespread in many applications, including some mission critical applications, and as such security has become one of the major concerns in MANETs. Due to some unique characteristics of MANETs, prevention methods alone are not sufficient to make them secure; therefore, detection should be added as another defense before an attacker can breach the system. In this thesis, we have expressed some well-known and related intrusion detection systems. Besides we have...
Improving Anomaly Detection Methods for Intrusion Detection in MANETS
, M.Sc. Thesis Sharif University of Technology ; Hemmatyar, Ali Mohammad Afshin (Supervisor)
Abstract
In recent decades, Securing mobile ad hoc networks has attracted much attention. Today, several security tools, such as intrusion detection systems are used in the network. Methods based IDS works on pattern recognition and anomaly detection are divided into two categories. Pattern recognition methods based on known attack patterns work with high detection rate, but do not have the ability to detect new attacks. Anomaly detection techniques have the ability to detect new attacks, but they have high false alarm rate.
In this thesis, an anomaly detection system based on artificial immune designed, implemented and evaluated.For example, an anomaly detection methods such cases, a variety of...
In this thesis, an anomaly detection system based on artificial immune designed, implemented and evaluated.For example, an anomaly detection methods such cases, a variety of...
Performance Improvement of Intrusion Detection Systems for Wireless Networks
, M.Sc. Thesis Sharif University of Technology ; Hematyar, Ali Mohammad Afshin (Supervisor)
Abstract
Wireless technology can now be seen almost everywhere. This technology has recently become very popular, and with the convenience that comes with its use, it will probably be the most commonly used technology among computer networks in the near future. Unfortunately, new technology is always under fire when it comes to security.So that this type of network security has become a big challenge for them.
The researchers approach to security in wireless networks that have a lot of attention is the use of intrusion detection systems. An intrusion detection system (IDS) monitors network traffic and monitors for suspicious activity and alerts the system or network administrator. In some cases...
The researchers approach to security in wireless networks that have a lot of attention is the use of intrusion detection systems. An intrusion detection system (IDS) monitors network traffic and monitors for suspicious activity and alerts the system or network administrator. In some cases...
Performance Evaluation of MANET’s IDSs Using Stochastic Activity Networks (SANs)
, M.Sc. Thesis Sharif University of Technology ; Movaghar, Ali (Supervisor)
Abstract
Blackhole and grayhole attacks have been become two of the major security concerns in mobile ad hoc networks (MANET). To achieve security in MANETs, a lot of mechanisms had been proposed by now. Using intrusion detection systems(IDSs) is one of the important mechanism to reach this goal. Thus, a well-known IDS was chosen and analyzed in this thesis. Furthermore, a collaborative bayesian filter approach for this intrusion detection system was proposed to enhance its performance. Then the performance of this approach was considered. This intrusion detection system was analyzed using stochastic modeling like continuous time markov chain(CTMC), stochastic reward net(SRN) and stochastic...
An Intrusion Detection System for Wormhole Attack Detection in MANETs
, M.Sc. Thesis Sharif University of Technology ; Movaghar, Ali (Supervisor)
Abstract
Mobile ad hoc networks (MANETs) have been attracting the attention of the researchers in the duration of last years. Because of lack of infrastructure in such networks, all network operations such as routing are done by the nodes themselves. On the other hand, standard MANETs' routing protocols suppose that all nodes are trusted. Thus, these protocols are prone to serious security attack. Wormhole attack is one of the attacks which abuse distributed routing in MANETs. This attack is held between two malicious nodes which are far away from each other. Mentioned nodes introduce themselves as one-hop neighbor of each other. Therefore, they deceive normal nodes and disturb the routing mechanism....
A Hybrid Approach of Similarity-based and Scenario-based Algorithms in Alert Correlation
, M.Sc. Thesis Sharif University of Technology ; Jalili, Rasoul (Supervisor)
Abstract
The rapid growth and increase in complexity of modern network and communication systems have made a demand for protecting organizations’ sensitive data and resources from malicious intrusions. Attackers and intruders perform malicious attacks by exploiting vulnerabilities, weaknesses, and flaws in computer systems using novel and advanced techniques. Traditional security mechanisms, such as authentication, access control, and firewall cannot prevent these attacks. Therefore, Intrusion detection systems (IDSs) are employed to detect abnormal activities and monitor network traffic and hosts’ events. These systems suffer from several limitations, including generating a huge amount of alerts and...
RTECA: Real time episode correlation algorithm for multi-step attack scenarios detection
, Article Computers and Security ; Volume 49 , March , 2015 , Pages 206-219 ; 01674048 (ISSN) ; Amini, M ; Ebrahimi Atani, R ; Sharif University of Technology
Elsevier Ltd
2015
Abstract
Today, from information security perspective, prevention methods are not enough solely. Early Warning Systems (EWSs) are in the category of reactive methods. These systems are complementing Intrusion Detection Systems (IDSs) where their main goals include early detection of potential malicious behavior in large scale environments such as national level. An important process in EWSs is the analysis and correlation of alerts aggregated from the installed sensors (e.g., IDSs, IP telescopes, and botnet detection systems). In this paper, an efficient framework for alert correlation in EWSs is proposed. The framework includes a correlation scheme based on a combination of statistical and stream...
IDuFG: Introducing an intrusion detection using hybrid fuzzy genetic approach
, Article International Journal of Network Security ; Volume 17, Issue 6 , 2015 , Pages 754-770 ; 1816353X (ISSN) ; Azmi, R ; Sharif University of Technology
Femto Technique Co., Ltd
2015
Abstract
In this paper, we propose a hybrid approach for designing Intrusion Detection Systems. This approach is based on a Fuzzy Genetic Machine Learning Algorithm to generate fuzzy rules. The rules are able to solve the classification problem in designing an anomaly IDS. The proposed approach supports multiple attack classification. It means that, it is able to detect five classes consist of Denial of Service, Remote to Local, User to Root, Probing and normal classes. We present a two-layer optimization approach based on Pittsburgh style and then combine it with Michigan style. To improve the performance of the proposed system, we take advantages of memetic approach and proposed an enhanced version...
Analyzing Alert Correlation in Intrusion Detection Systems
, M.Sc. Thesis Sharif University of Technology ; Jalili, Rasool (Supervisor)
Abstract
Intrusion Detection Systems (IDSs) are among the mostly used security tools in computer networks. While they are promising technologies, they pose some serious drawbacks: When utilized in large and high traffic networks, IDSs generate high volumes of low level alerts which are hardly manageable. In addition, IDSs usually generate redundant or even irrelevant (false) alerts. One technique proposed to circumvent such drawbacks is alert correlation, which extracts useful and high-level alerts, and helps in making timely decisions when a security breach occurs. This thesis will survey current alert correlation techniques, and introduces a real-time and data-mining–based algorithm for alert...
Intrusion Detection in Wireless Sensor Networks Using Incremental Emotional Intelligence Models
, M.Sc. Thesis Sharif University of Technology ; Hashemi Mohammad Abad, Saeid (Supervisor)
Abstract
Wireless Sensor Networks (WSNs) are rapidly emerging as an important area in mobile computing research. Applications of WSNs are numerous and growing, some of them are even highly critical, like military or safety applications. Security measures must be applied to protect the network from a variety of attacks. Since no intrusion prevention measure is perfect, intrusion detection becomes an important second wall to protect the network. WSNs have unique nature which is different from other kinds of networks. In this project, we examine the characteristics and vulnerabilities of WSNs and propose a new intrusion detection model to protect the network security. In this work we have not only...
Web Anomaly Host-Based IDS, Using Computational Intelligence Approach
, M.Sc. Thesis Sharif University of Technology ; Azmi, Reza (Supervisor)
Abstract
In this thesis we propose a two-layer hybrid fuzzy genetic algorithm for designing anomaly based an Intrusion Detection System. Our proposed algorithm is based on two basic Genetic Based Machine Learning Styles (i.e. Pittsburgh and Michigan). The Algorithm supports multiple attack classifications; it means that the algorithm is able to detect five classes of network patterns consisting of Denial of Service, Remote to Local, User to Root, Probing and Normal class.
Our proposed algorithm has two approaches. In the first approach we choose Pittsburgh style as the base of the algorithm that provides a global search. Then combine it with Michigan style to support local search. In this...
Our proposed algorithm has two approaches. In the first approach we choose Pittsburgh style as the base of the algorithm that provides a global search. Then combine it with Michigan style to support local search. In this...
Analysis and Improvement of Intrusion Detection Methods in Data Network Routers
, M.Sc. Thesis Sharif University of Technology ; Aref, Mohammad Reza (Supervisor) ; Pakravan, Mohammad Reza (Co-Advisor)
Abstract
High-quality online services demand reliable and fast packet delivery at the network layer. However, clear evidence documents the existence of compromised routers in the ISP and enterprise networks, threatening network availability and reliability. A compromised router can stealthily drop, modify, inject, or delay packets in the forwarding path to launch Denial-of-Service, surveillance, man-in-the-middle attacks, etc. So researches tried to create intrusion detection methods to identify adversarial routers and switches. To this end, data-plane fault localization (FL) aims to identify faulty links and is an effective means of achieving high network availability. FL protocols use...
Analysis and Evaluation of Intrusion Detection Systems Test Methods
, M.Sc. Thesis Sharif University of Technology ; Jahangir, Amir Hossein (Supervisor)
Abstract
Intrusion detection systems’ test and evaluation is an active research area on which many researchers have been working for years. A complete and comprehensive test methodology that can be applied in reasonable time and cost is important and useful both to evaluate a newly designed system and to compare two or more existing systems to select an appropriate system for a particular network. In this research, we first determine the critical features of an IDS and then inspect methods and effective parameters that may influence the test process and propose a method for testing intrusion detection systems. In the proposed test methodology we only examine critical features which lake of them cause...
Improving SQL Injection Detection Techniques
, M.Sc. Thesis Sharif University of Technology ; Amini, Morteza (Supervisor)
Abstract
SQL injection is one of the most important security threats in web applications with backend SQLbased database. An attacker can abuse an application’s vulnerability to change the queries sent from the application to the database. Many techniques and frameworks have been proposed for detecting and preventing SQL injection. But most of them cannot detect all types of SQL injection such as second-order attacks. In this thesis, we propose a new method to detect and prevent all types of this attack. The proposed method is a kind of anomaly-based intrusion detection methods and could be considered as a proxy between the application server and the database server. The proposed method, can detect...
Network Traffic Generation Focused on Flash Crowd Anomaly
, M.Sc. Thesis Sharif University of Technology ; Jahangir, Amir Hossein (Supervisor)
Abstract
Flash Crowd traffic generation can be used as a metrics for measuring the resiliency and performance of a server. Also, it can provide a framework for verification and test of Intrusion detection systems (IDS) and Intrusion protection systems (IPS). Common traffic generation methods mimic timing and content of input traffic or regenerate input traffic by extracting its statistic distribution. So all of them need input traffic, while properties of Flash Crowd are different in the various servers and situations and there is no guaranty in existence of such samples of traffic for all servers. In this thesis, we introduce and use a new method for traffic generation without the need for input...
An efficient method for identifying IDS agent nodes by discovering compromised nodes in MANET
, Article 2009 International Conference on Computer and Electrical Engineering, ICCEE 2009, 28 December 2009 through 30 December 2009, Dubai ; Volume 1 , 2009 , Pages 625-629 ; 9780769539256 (ISBN) ; Khavasi, A. A ; Movaghar, A ; Sharif University of Technology
Abstract
Intrusion Detection Systems (IDS) for Mobile Ad hoc NETworks (MANETs) are necessary when they are deployed in reality. In This paper, we have presented a combined method of selecting IDS agent nodes in mobile ad hoc networks. Since, the IDS agents in MANET due to more activities need to more battery power. In our method, first, compromised nodes are detected and then the nodes with the highest energy power from among valid nodes as IDS agent nodes are considered. So, with this method, some valid nodes contribute in intrusion detection activities and costs of the network monitoring will be reduced and the network lifetime will be increased. © 2009 IEEE