Vis enkel innførsel

dc.contributor.advisorKnapskog, Svein Johannb_NO
dc.contributor.authorHaslum, Kjetilnb_NO
dc.date.accessioned2014-12-19T14:13:51Z
dc.date.available2014-12-19T14:13:51Z
dc.date.created2010-09-28nb_NO
dc.date.issued2010nb_NO
dc.identifier353676nb_NO
dc.identifier.isbn978-82-471-2309-6nb_NO
dc.identifier.isbn978-82-471-238-9nb_NO
dc.identifier.urihttp://hdl.handle.net/11250/262315
dc.description.abstractIt is not economically or technically feasible to make complex computersystems that are completely secure. New attacks are constantly developedby attackers and the security situation can therefore rapidly change. In orderto detect and stop attackers before any damage is done, automated toolshave to be deployed because there is not enough time for manual intervention.Therefore there is a need for online risk assessment and proactive defensemechanisms like Intrusion Prevention System (IPS). In the area of computersecurity there have been only a few quantitative security measures until now,and there are few published cases for methods and tools based on such measures.The main areas of this thesis are: Quantitative characterization of riskand security in computer systems or networks; and dynamic risk and securityassessment based on network monitoring. During our research, the focus hasbeen narrowed down to look for answers to the following problems:Is it possible (and practical) to reuse some of the stochastic modelingtechniques used to model dependable systems?Can Hidden Markov Models (HMMs) be successfully used in real timerisk assessment?Is it feasible to prevent attacks against systems and networks based onrisk assessment?For these problems a Markov model describing the interaction between thesystem and attackers in a quantitative manner is proposed. The Markov modeldescribes the different security states of a network, and the transitions betweenthem.Based on the initial Markov model, a HMM modeling the trustworthinessof sensors collecting security relevant information in a computer network isproposed. The sensor model is used for online risk assessment based on observationsfrom sensors in a network. A security measure called intrusionfrequency is used. The intrusion frequency is estimated from the state distributionestimated by the HMM. The sensor model has been validated throughsimulations, and through experiment with synthetic and real network traffic. Two different approaches to online risk assessment are proposed: one basedon costs associated width states and one based on a hierarchical fuzzy inferencesystem. Three different methods for aggregation of alerts from multiplenetwork sensors are discussed. The first method was to use the average of therisk estimated by each sensor, this solution have some obvious drawbacks e.g.when the risk from two sensors are aggregated where one is very trustworthyand one is very little trustworthy, in this case we would have been better offusing only the risk from the most trustworthy sensor instead of the average.The second method produces a minimum variance estimator of the risk. Thissolution is based on a strict assumption on independence between sensors. Inthe third proposal, one common distribution over the security state space ismaintained. The distribution is updated when an observation is received, usingthe sensors of the corresponding HMM. The fine tuning of the fuzzy logicbased risk assessment is achieved using a neural network learning technique. ADistributed Intrusion Prevention System (DIPS) architecture based on fuzzyonline risk assessment is presented as a practical application of the modelsdeveloped in thesis.nb_NO
dc.languageengnb_NO
dc.publisherTapir Uttrykknb_NO
dc.relation.ispartofseriesDoctoral Theses at NTNU, 1503-8181; 168nb_NO
dc.relation.haspartÅrnes, André; Sallhammar, Karin; Haslum, Kjetil; Brekne, Tønnes; Moe, Marie E. G.; Knapskog, Svein J.. Real-time Risk Assessment with Network Sensors and Intrusion Detection Systems. In Proceedings of the 2005 International Conference on Computational Intelligence and Security Springer. Xian, China. December 15-19, 2005. - Lecture Notes in Computer Science, 2005, Volume 3802/2005,: 388-397, 2005. 10.1007/11596981_57.nb_NO
dc.relation.haspartÅrnes, André; Sallhammar, Karin; Haslum, Kjetil; Knapskog, Svein Johan. Real-time Risk Assessment with Network Sensors and Hidden Markov Models. Proceedings of the 11th Nordic Workshop on Secure IT Systems, 2006.nb_NO
dc.relation.haspartHaslum, Kjetil; Arnes, A. Multisensor Real-time Risk Assessment using Continuous-time Hidden Markov Models. Proceedings of the International Conference on Computational Intelligence and Security, 2006: 1536-1540, 2006. 10.1109/ICCIAS.2006.295318.nb_NO
dc.relation.haspartHaslum, Kjetil; Abraham, A.; Knapskog, S.. DIPS: A Framework for Distributed Intrusion Prediction and Prevention Using Hidden Markov Models and Online Fuzzy Risk Assessment. Proceedings of the Third International Symposium on Information Assurance and Security, 2007.  : 183-190, 2007. 10.1109/IAS.2007.67.nb_NO
dc.relation.haspartHaslum, Kjetil; Abraham, Ajith; Knapskog, Svein. Fuzzy Online Risk Assessment for Distributed Intrusion Prediction and Prevention Systems.  Proceedings of EUROSIM/UKSIM 2008 : 216-223, 2008. 10.1109/UKSIM.2008.30.nb_NO
dc.relation.haspartHaslum, Kjetil; Abraham, A.; Knapskog, S.. HiNFRA: Hierarchical Neuro-Fuzzy Learning for Online Risk Assessment. Proceedings of the Second Asia International  Conference on Modeling & Simulation, 2008.: 631-636, 2008. 10.1109/AMS.2008.120.nb_NO
dc.relation.haspartHaslum, Kjetil; Moe, Marie E. G.; Knapskog, Svein J.. Real-time Intrusion Prevention and Security Analysis of Networks using HMMs.. In Proceedings of the Fourth IEEE LCN Workshop on Network Security (WNS 2008). IEEE. Montreal, Canada. October 17, 2008., 2008. 10.1109/LCN.2008.4664305.nb_NO
dc.titleREAL-TIME NETWORK INTRUSIONPREVENTIONnb_NO
dc.typeDoctoral thesisnb_NO
dc.contributor.departmentNorges teknisk-naturvitenskapelige universitet, Fakultet for informasjonsteknologi, matematikk og elektroteknikk, Institutt for telematikknb_NO
dc.contributor.departmentNorges teknisk-naturvitenskapelige universitet, Senter for fremragende forskning, Centre for Quantifiable Quality of Service in Communication Systemsnb_NO
dc.description.degreePhD i informasjons- og kommunikasjonsteknologinb_NO
dc.description.degreePhD in Information and Communications Technologyen_GB


Tilhørende fil(er)

Thumbnail
Thumbnail

Denne innførselen finnes i følgende samling(er)

Vis enkel innførsel