1. OAR@UM
  2. Faculty of Information and Communication Technology
  3. Department of Computer Science
  4. Dissertations - FacICTCS
  5. Dissertations - FacICTCS - 2010-2015
Please use this identifier to cite or link to this item: https://www.um.edu.mt/library/oar/handle/123456789/95229
Full metadata record
DC FieldValueLanguage
dc.date.accessioned2022-05-06T07:41:32Z-
dc.date.available2022-05-06T07:41:32Z-
dc.date.issued2013-
dc.identifier.citationTabone, L. (2013). Autonomous, signals-based intrusion detection (Bachelor's dissertation).en_GB
dc.identifier.urihttps://www.um.edu.mt/library/oar/handle/123456789/95229-
dc.descriptionB.Sc. IT (Hons)(Melit.)en_GB
dc.description.abstractThe two methods for Network Intrusion Detection Systems (NIDS) are misuse detection - that compares network traffic to known attack signatures; and anomaly detection - that compares traffic to expected normal behavior and raises alerts for anomalous traffic. Both approaches require continuous attention from administrators, either in the form of signature creation or the provision of samples of normal traffic. Incidentally, both attack and normal traffic are highly dynamic. The aim of this project is to explore an experimental detection method, signals-based detection, in order to produce a NIDS that is more autonomous. This method focuses on the effects of attacks - the signals, rather than the content, which are expected to be less dynamic. As a consequence this should lead to an increase in the level of autonomy exhibited by the NIDS. The Dendritic Cell Algorithm (DCA) is the most widely explored technique that takes this approach, and therefore the aim is to explore how to build a 'low-maintenance' NIDS based on it. Moreover, the project also aims for a fully autonomous NIDS also based on the DCA, where signals are configured in a fully automated manner from past normal and attack traffic samples. When applied to network intrusion detection, the DCA uses a population of agents to correlate network connections an aggregation of signals. These signals reflect the effect on the system when either normal or attack traffic is processed. The low maintenance approach assists the administrator in selecting the most effective signals configuration. The fully autonomous approach explores how Principal Component Analysis (PCA) can assist in fully automating signal selection based on the intuition that attack traffic produces highly-variable signal levels, identifiable through a PCA-based ranking of traffic features, while normal traffic produces more stable levels. The low-maintenance NIDS returned an 82% true positives rate, while the fully autonomous NIDS produced an 86% rate, both at an accuracy level comparable to typical NIDS. Presently, this approach can be useful in shifting man-power to filter false positives as opposed to waste it on routine NIDS configuration.en_GB
dc.language.isoenen_GB
dc.rightsinfo:eu-repo/semantics/restrictedAccessen_GB
dc.subjectComputer softwareen_GB
dc.subjectIntrusion detection systems (Computer security)en_GB
dc.subjectComputer simulationen_GB
dc.titleAutonomous, signals-based intrusion detectionen_GB
dc.typebachelorThesisen_GB
dc.rights.holderThe copyright of this work belongs to the author(s)/publisher. The rights of this work are as defined by the appropriate Copyright Legislation or as modified by any successive legislation. Users may access this work and can make use of the information contained in accordance with the Copyright Legislation provided that the author must be properly acknowledged. Further distribution or reproduction in any format is prohibited without the prior permission of the copyright holder.en_GB
dc.publisher.institutionUniversity of Maltaen_GB
dc.publisher.departmentFaculty of Information and Communication Technology. Department of Computer Scienceen_GB
dc.description.reviewedN/Aen_GB
dc.contributor.creatorTabone, Liam (2013)-
Appears in Collections:Dissertations - FacICT - 2013
Dissertations - FacICTCS - 2010-2015

Files in This Item:
File Description SizeFormat 
BSC(HONS)ICT_Tabone, Liam_2013.pdf
  Restricted Access		3.76 MBAdobe PDFView/Open Request a copy
Show simple item record Statistics


Items in OAR@UM are protected by copyright, with all rights reserved, unless otherwise indicated.