Sharif Digital Repository

Intrusion detection systems’ test and evaluation is an active research area on which many researchers have been working for years. A complete and comprehensive test methodology that can be applied in reasonable time and cost is important and useful both to evaluate a newly designed system and to compare two or more existing systems to select an appropriate system for a particular network. In this research, we first determine the critical features of an IDS and then inspect methods and effective parameters that may influence the test process and propose a method for testing intrusion detection systems. In the proposed test methodology we only examine critical features which lake of them cause... 

A Mobile Ad hoc NETwork (MANET) is a self-configuring network that is formed automatically by a collection of mobile nodes without the help of a fixed infrastructure or centralized management. In recent years, the use of MANETs has been widespread in many applications, including some mission critical applications, and as such security has become one of the major concerns in MANETs. Due to some unique characteristics of MANETs, prevention methods alone are not sufficient to make them secure; therefore, detection should be added as another defense before an attacker can breach the system. In this thesis, we have expressed some well-known and related intrusion detection systems. Besides we have... 

Blackhole and grayhole attacks have been become two of the major security concerns in mobile ad hoc networks (MANET). To achieve security in MANETs, a lot of mechanisms had been proposed by now. Using intrusion detection systems(IDSs) is one of the important mechanism to reach this goal. Thus, a well-known IDS was chosen and analyzed in this thesis. Furthermore, a collaborative bayesian filter approach for this intrusion detection system was proposed to enhance its performance. Then the performance of this approach was considered. This intrusion detection system was analyzed using stochastic modeling like continuous time markov chain(CTMC), stochastic reward net(SRN) and stochastic... 

Mobile ad hoc networks (MANETs) have been attracting the attention of the researchers in the duration of last years. Because of lack of infrastructure in such networks, all network operations such as routing are done by the nodes themselves. On the other hand, standard MANETs' routing protocols suppose that all nodes are trusted. Thus, these protocols are prone to serious security attack. Wormhole attack is one of the attacks which abuse distributed routing in MANETs. This attack is held between two malicious nodes which are far away from each other. Mentioned nodes introduce themselves as one-hop neighbor of each other. Therefore, they deceive normal nodes and disturb the routing mechanism.... 

High-quality online services demand reliable and fast packet delivery at the network layer. However, clear evidence documents the existence of compromised routers in the ISP and enterprise networks, threatening network availability and reliability. A compromised router can stealthily drop, modify, inject, or delay packets in the forwarding path to launch Denial-of-Service, surveillance, man-in-the-middle attacks, etc. So researches tried to create intrusion detection methods to identify adversarial routers and switches. To this end, data-plane fault localization (FL) aims to identify faulty links and is an effective means of achieving high network availability. FL protocols use... 

With the rapid growth of Internet popularity, web applications are growing in usage and complexity, and therefore, are attractive targets for attackers. Increasing number of services and amount of information stored in the Internet, stimulates attackers to focus on these kind of applications. On the other hand, security specialists are deploying different solutions to mitigate such threats. One of these solutions are Honeypot systems. In contrast with other security solutions, honeypots are not designed to defend against attackers directly. Honeypots, rather, are planned to gather data about what attackers do. This information can help security administrators to learn and understand... 

Web servers and web applications are susceptible to different attacks. In order to detect web-based attacks Intrusion detection systems (IDS) should be equipped with a large number of signatures. Unfortunately various types of web threats are increasingly growing and so detection and prevention of all these new and old attacks is exhaustive and really difficult.This thesis represents a designed system for intrusion detection that uses different techniques to discover vulnerabilities with derived patterns and also some user behavior based attacks against web applications. This was done by using new dataset which was generated by new log file.The primary objective of this thesis shows the... 

Software Defined Networking (SDN) provides a logically centralized view of the state of the network, and as a result opens up new ways to manage and monitor networks. In this dissertation a novel approach to network intrusion detection in SDNs is introduced that takes advantage of these attributes. This approach can detect compromised routers that produce faulty messages, copy or steal traffic or maliciously drop certain types of packets. To identify these attacks and the affected switches, we correlate the forwarding state of network---i.e. installed forwarding rules---with the forwarding status of packets---i.e. the actual route packets take in the network and detect anomaly in routes.... 

Intrusion Detection System (IDS) is an equipment destined to provide computer networks security. In recent years, Machine Learning and Deep Neural Network (DNN) methods have been considered as a way to detect new network attacks. Due to the huge amounts of calculations needed for these methods, there is a need for high performance and parallel or specific processors, such as Application Specific Integrated Circuit (ASIC), Graphical Processor Unit (GPU) and Field-Programmable Gate Array (FPGA). The latter seems more suitable than others due to its higher configurability and lesser power consumption. The goal of this study is the acceleration of a DNN-based IDS on FPGA. In this study, which is... 

The rapid growth of computer networks has increased the importance of analytics and traffic analysis tools for these networks, and the increasing importance of these networks has increased the importance of security of these networks and the intrusion detection in these networks. Many studies aimed at providing a powerful way to quickly and accurately detect computer network intrusions, each of which has addressed this issue.The common point of all these methods is their reliance on the features extracted from network traffic by an expert. This strong dependence has prevented these methods from being flexible against new attacks and methods of intrusion or changes in the current normal... 

With the spread of threats against industrial control systems, preserving the security of these systems faces serious challenges. On the other hand, with the increase of communication between industrial control networks and external communication networks, the entry points of these networks have also increased and this exposes them to IP network threats. Beside that, traditional attacks on these systems, which generally occur by infiltrating the internal network, are also constantly changing and becoming more complex. These attacks mainly have a phase of hiding the attack from the monitoring systems, which eliminates the possibility of identifying the attacker's operations to a great extent... 

We live in the cyber era in which network-based technologies have become omnipresent. Meanwhile, threats and attacks are rapidly growing in cyberspace. Nowadays, some signature-based intrusion detection systems try to detect these malicious traffics. However, as new vulnerabilities and new zero-day attacks appear, there is a growing risk of bypassing the current intrusion detection systems. Many research studies have worked on machine learning algorithms for intrusion detection applications. Their major weakness is to consider the different aspects of network security concurrently. For example, continuous concept drift in normal and abnormal traffic, the permanent appearance of zero-day...