Please use this identifier to cite or link to this item:
https://www.um.edu.mt/library/oar/handle/123456789/95229
Full metadata record
DC Field | Value | Language |
---|---|---|
dc.date.accessioned | 2022-05-06T07:41:32Z | - |
dc.date.available | 2022-05-06T07:41:32Z | - |
dc.date.issued | 2013 | - |
dc.identifier.citation | Tabone, L. (2013). Autonomous, signals-based intrusion detection (Bachelor's dissertation). | en_GB |
dc.identifier.uri | https://www.um.edu.mt/library/oar/handle/123456789/95229 | - |
dc.description | B.Sc. IT (Hons)(Melit.) | en_GB |
dc.description.abstract | The two methods for Network Intrusion Detection Systems (NIDS) are misuse detection - that compares network traffic to known attack signatures; and anomaly detection - that compares traffic to expected normal behavior and raises alerts for anomalous traffic. Both approaches require continuous attention from administrators, either in the form of signature creation or the provision of samples of normal traffic. Incidentally, both attack and normal traffic are highly dynamic. The aim of this project is to explore an experimental detection method, signals-based detection, in order to produce a NIDS that is more autonomous. This method focuses on the effects of attacks - the signals, rather than the content, which are expected to be less dynamic. As a consequence this should lead to an increase in the level of autonomy exhibited by the NIDS. The Dendritic Cell Algorithm (DCA) is the most widely explored technique that takes this approach, and therefore the aim is to explore how to build a 'low-maintenance' NIDS based on it. Moreover, the project also aims for a fully autonomous NIDS also based on the DCA, where signals are configured in a fully automated manner from past normal and attack traffic samples. When applied to network intrusion detection, the DCA uses a population of agents to correlate network connections an aggregation of signals. These signals reflect the effect on the system when either normal or attack traffic is processed. The low maintenance approach assists the administrator in selecting the most effective signals configuration. The fully autonomous approach explores how Principal Component Analysis (PCA) can assist in fully automating signal selection based on the intuition that attack traffic produces highly-variable signal levels, identifiable through a PCA-based ranking of traffic features, while normal traffic produces more stable levels. The low-maintenance NIDS returned an 82% true positives rate, while the fully autonomous NIDS produced an 86% rate, both at an accuracy level comparable to typical NIDS. Presently, this approach can be useful in shifting man-power to filter false positives as opposed to waste it on routine NIDS configuration. | en_GB |
dc.language.iso | en | en_GB |
dc.rights | info:eu-repo/semantics/restrictedAccess | en_GB |
dc.subject | Computer software | en_GB |
dc.subject | Intrusion detection systems (Computer security) | en_GB |
dc.subject | Computer simulation | en_GB |
dc.title | Autonomous, signals-based intrusion detection | en_GB |
dc.type | bachelorThesis | en_GB |
dc.rights.holder | The copyright of this work belongs to the author(s)/publisher. The rights of this work are as defined by the appropriate Copyright Legislation or as modified by any successive legislation. Users may access this work and can make use of the information contained in accordance with the Copyright Legislation provided that the author must be properly acknowledged. Further distribution or reproduction in any format is prohibited without the prior permission of the copyright holder. | en_GB |
dc.publisher.institution | University of Malta | en_GB |
dc.publisher.department | Faculty of Information and Communication Technology. Department of Computer Science | en_GB |
dc.description.reviewed | N/A | en_GB |
dc.contributor.creator | Tabone, Liam (2013) | - |
Appears in Collections: | Dissertations - FacICT - 2013 Dissertations - FacICTCS - 2010-2015 |
Files in This Item:
File | Description | Size | Format | |
---|---|---|---|---|
BSC(HONS)ICT_Tabone, Liam_2013.pdf Restricted Access | 3.76 MB | Adobe PDF | View/Open Request a copy |
Items in OAR@UM are protected by copyright, with all rights reserved, unless otherwise indicated.