Vis enkel innførsel

dc.contributor.authorKokorina, Liubov
dc.date.accessioned2009-09-09T09:39:24Z
dc.date.issued2009
dc.identifier.urihttp://hdl.handle.net/11250/143783
dc.description.abstractIn today’s intrusion detection systems (IDSs), a trade-off between efficiency and accuracy must be achieved. Because of that, the decision on structures for representing patterns of normal and intrusive behavior are of crucial importance as well as pattern discovery techniques relevant for the detection of as many current attacks as possible. In this thesis we evaluate compatibility of so-called frequent episodes to intrusion detection by studying various attacks and episodes constructed of the attacks’ events. We also describe several possibilities of the episode structure discovered under our experiment. In the thesis, we discuss architecture issues of episode-based hybrid IDSs, combining misuse and anomaly approaches to take advantages of both of them. In addition, we propose a model for a new IDS on episodes. The model is built on episode discovery with sliding window and new episode analysis techniques, which we designed for intrusion detection. The first one is a modification of a frequent episode discovery technique, which is widely used in anomaly detection. The new techniques deal with rare episode discovery and event distribution analysis, which are supposed to characterize event series. The experiment demontstrates some results of the techniques in findnig similarities and regularities of automated (generated by computer programs) attacksen
dc.format.extent2918540 bytes
dc.format.mimetypeapplication/pdf
dc.language.isoengen
dc.subjectdetection systemsen
dc.subjectIDSen
dc.titleThe Use of Frequent Episodes in Intrusion Detectionen
dc.typeMaster thesisen
dc.subject.nsiVDP::Mathematics and natural science: 400::Information and communication science: 420::Security and vulnerability: 424en


Tilhørende fil(er)

Thumbnail

Denne innførselen finnes i følgende samling(er)

Vis enkel innførsel