dc.description.abstract | In today’s intrusion detection systems (IDSs), a trade-off between efficiency and accuracy must
be achieved. Because of that, the decision on structures for representing patterns of normal and
intrusive behavior are of crucial importance as well as pattern discovery techniques relevant for
the detection of as many current attacks as possible. In this thesis we evaluate compatibility
of so-called frequent episodes to intrusion detection by studying various attacks and episodes
constructed of the attacks’ events. We also describe several possibilities of the episode structure
discovered under our experiment.
In the thesis, we discuss architecture issues of episode-based hybrid IDSs, combining misuse
and anomaly approaches to take advantages of both of them. In addition, we propose a model
for a new IDS on episodes. The model is built on episode discovery with sliding window and new
episode analysis techniques, which we designed for intrusion detection. The first one is a modification
of a frequent episode discovery technique, which is widely used in anomaly detection.
The new techniques deal with rare episode discovery and event distribution analysis, which are
supposed to characterize event series. The experiment demontstrates some results of the techniques
in findnig similarities and regularities of automated (generated by computer programs)
attacks | en |