Please use this identifier to cite or link to this item: https://www.um.edu.mt/library/oar/handle/123456789/95150
Full metadata record
DC FieldValueLanguage
dc.date.accessioned2022-05-06T07:07:30Z-
dc.date.available2022-05-06T07:07:30Z-
dc.date.issued2013-
dc.identifier.citationSultana, S. (2013). Detecting malicious computer use (Bachelor's dissertation).en_GB
dc.identifier.urihttps://www.um.edu.mt/library/oar/handle/123456789/95150-
dc.descriptionB.SC.(HONS)COMPUTER ENG.en_GB
dc.description.abstractIn today's world, many personal devices are continuously connected to the Internet. This carries risks with it, because malware (malicious software) can infect these devices with varying degrees of effects, from rendering the device useless to stealing personal data. It is desirable to have a generic system which can detect all types of malicious activity on personal devices. This project aims at researching and adapting Intrusion Detection Systems (IDSs) for personal devices. Two types of IDSs exist: signature-based and anomaly-based. Anomaly-based IDSs detect abnormal behaviour and assume it is malicious, while signature-based IDSs have a set of rules which model how known malware behaves. Since the final system needs to detect any kind of malware, anomaly-based systems are researched. The system also needs to work on different kinds of devices. One thing these devices have in common is that they are connected to the Internet, which means that network packets will be transferred to and from the devices. These packets can be analysed to detect any anomalies. The system that is adapted is called NET AD, created by Mahoney and Chan. NET AD assigns a score to every packet which indicates how anomalous it is compared to other packets. This work improves upon NET AD by considering TCP streams, which consist of a number of packets. If a majority of the packets in a stream is scored as anomalous, the stream is considered malicious. Using the TCP streams gives positive results. 70% of the malicious streams can be detected with the negative effect that 10% of the non-malicious streams also raise an alarm. Nevertheless, more tests need to be conducted in a live environment, or under conditions similar to a live environment to truly assess how well the new system performs.en_GB
dc.language.isoenen_GB
dc.rightsinfo:eu-repo/semantics/restrictedAccessen_GB
dc.subjectIntrusion detection systems (Computer security)en_GB
dc.subjectMalware (Computer software)en_GB
dc.subjectTCP/IP (Computer network protocol)en_GB
dc.titleDetecting malicious computer useen_GB
dc.typebachelorThesisen_GB
dc.rights.holderThe copyright of this work belongs to the author(s)/publisher. The rights of this work are as defined by the appropriate Copyright Legislation or as modified by any successive legislation. Users may access this work and can make use of the information contained in accordance with the Copyright Legislation provided that the author must be properly acknowledged. Further distribution or reproduction in any format is prohibited without the prior permission of the copyright holder.en_GB
dc.publisher.institutionUniversity of Maltaen_GB
dc.publisher.departmentFaculty of Information and Communication Technology. Department of Communications and Computer Engineeringen_GB
dc.description.reviewedN/Aen_GB
dc.contributor.creatorSultana, Steven (2013)-
Appears in Collections:Dissertations - FacICT - 2013
Dissertations - FacICTCCE - 1999-2013

Files in This Item:
File Description SizeFormat 
BSC(HONS)ICT_Sultana, Steven_2013.PDF
  Restricted Access
8.65 MBAdobe PDFView/Open Request a copy


Items in OAR@UM are protected by copyright, with all rights reserved, unless otherwise indicated.