Vis enkel innførsel

dc.contributor.authorSeger, Mark M.
dc.date.accessioned2012-08-17T20:48:03Z
dc.date.available2012-08-21T23:00:42Z
dc.date.issued2012-08-17
dc.identifier.isbn978-82-91313-94-8
dc.identifier.issn1893-1227
dc.identifier.urihttp://hdl.handle.net/11250/144364
dc.description.abstractThe ever-rising importance of communication services and devices emphasizes the significance of intrusion detection. Besides general network attacks, private hosts in particular are within the focus of cyber criminals. Private data theft and the integration of individual hosts into large-scale botnets are two common purposes successfully subverted systems are used for. In order to detect any attack, intrusion detection mechanisms need to probe the data in question. Therefore, the acquisition of sensor data is one of the fundamental steps in any intrusion detection system, as the execution of a detection algorithm – be it anomaly- or signature-based – relies on the integrity of the assessed data. In cases where the intrusion detection system (and the sensor data acquisition component, in particular) is installed on the very same host it is supposed to protect, attacks against its preventive and detective safeguards are rather simple and supported by potential vulnerabilities of the host’s operating system. Detection speed plays a vital role in keeping the damage caused by subversion attempts as small as possible. Dispatching the data acquisition and detection mechanisms from the host is desirable, as a higher degree of independence allows high-speed execution even in cases where the host has already been infected, or where its central processing units work to capacity. The history of computer science, with cryptography being an excellent example, has taught us that the level of security can be increased by outsourcing certain operations to additional, special-purpose hardware. Here, a positive side effect is that the increase in security is often accompanied by an increased speed at which the corresponding operations can be executed. The present thesis seizes upon the idea of outsourcing, but rather than employing additional special-purpose hardware, it proposes the execution of relevant operations on commodity hardware. While the application of coprocessors for network intrusion detection is common practice, and approaches using PCI add-in cards, as well as external cryptographic coprocessors exist, we propose the application of commodity coprocessors for host intrusion detection, i.e., modern graphics processing cards (GPU) found in current laptop and desktop computers. Our focus was on validating the assumption that modern GPUs are, in general, applicable in the task of acquiring host sensor data for intrusion detection purposes. Thus, we propose their application as independent auditors, and present research results regarding their feasibility to function as such. We detail abstract cost models and their practical validation, as well as a proof of concept implementation of an autonomous GPU kernel. This allows us to conclude that – leaving aside their programming and runtime frameworks – commodity, off-the-shelf coprocessors (i.e., modern GPUs) are able to perform host observation tasks in an unintrusive manner.no_NO
dc.language.isoengno_NO
dc.relation.ispartofseriesDoktorgradsavhandlinger ved Høgskolen i Gjøvik;1/2012
dc.relation.ispartofseriesDoctoral dissertations at Gjøvik University College;1/2012
dc.subjectIntrusion detectionno_NO
dc.titleUsing Commodity Coprocessors for Host Intrusion Detectionno_NO
dc.typeDoctoral thesisno_NO
dc.subject.nsiVDP::Mathematics and natural science: 400::Information and communication science: 420::Security and vulnerability: 424no_NO
dc.source.pagenumber134no_NO


Tilhørende fil(er)

Thumbnail

Denne innførselen finnes i følgende samling(er)

Vis enkel innførsel