Online Anomaly Analysis And Self Protection Against Network Attacks

Persistent Link:
http://hdl.handle.net/10150/194388
Title:
Online Anomaly Analysis And Self Protection Against Network Attacks
Author:
Qu, Guangzhi
Issue Date:
2005
Publisher:
The University of Arizona.
Rights:
Copyright © is held by the author. Digital access to this material is made possible by the University Libraries, University of Arizona. Further transmission, reproduction or presentation (such as public display or performance) of protected items is prohibited except with permission of the author.
Abstract:
The objective of this research is to develop a theoretical framework and a general methodology for anomaly analysis and protection against network attacks to achieve (a) online monitoring, and analysis of network attacks; (b) automatically identifying critical vulnerable resources; and (c) proactive self-protection of network systems and their applications from a wide range of network attacks.The proposed methodology uses a unified framework to deploy online monitoring and analysis software modules that collect online measurement attributes and analyze the abnormal behavior of networks and their services. In addition, it evaluates the impact of component attacks on the overall operation of network systems and their services. This analysis also helps us determine the most critical components in the network that can lead to massive network outage or performance degradation.Based on Information Theory, we evaluate all network measurement attributes at each level of protocol to identify the features that can be measured efficiently in real time and can be used to detect abnormal behavior. A single feature (measurement attribute) is not sufficient in accurately detecting network attacks. To remedy this problem, we developed an efficient Genetic algorithm to compute a linear classification function of several features with different weights. We validated our approach on DARPA KDD99 benchmark dataset and the results showed higher accuracy in detecting DoS and Probe attacks and a significant improvement in the detection rates for the most difficult to detect attacks (e.g., U2R and R2L). For example, for DoS and Probe attacks, we have achieved 99.93% and 99.91% detection rate with a false alarm of 1.55%, respectively. For U2R and R2L attacks, our approach can achieve a 92.5% detection rate with false alarm of 0.7587%, and a 92.47% detection rate with false alarm of 8.35%, respectively.Quality of Protection (QoP) based routing protocol is developed to automatically adjust network traffic priorities according to the feedback of anomaly metrics. QoP can be integrated with any existing Quality of Service (QoS) protocols that will give high priority to normal traffic and low priority to abnormal traffic in order to minimize the impact of network attacks on various network services.
Type:
text; Electronic Dissertation
Keywords:
Electrical & Computer Engineering
Degree Name:
PhD
Degree Level:
doctoral
Degree Program:
Electrical & Computer Engineering; Graduate College
Degree Grantor:
University of Arizona
Advisor:
Hariri, Salim
Committee Chair:
Hariri, Salim

Full metadata record

DC FieldValue Language
dc.language.isoENen_US
dc.titleOnline Anomaly Analysis And Self Protection Against Network Attacksen_US
dc.creatorQu, Guangzhien_US
dc.contributor.authorQu, Guangzhien_US
dc.date.issued2005en_US
dc.publisherThe University of Arizona.en_US
dc.rightsCopyright © is held by the author. Digital access to this material is made possible by the University Libraries, University of Arizona. Further transmission, reproduction or presentation (such as public display or performance) of protected items is prohibited except with permission of the author.en_US
dc.description.abstractThe objective of this research is to develop a theoretical framework and a general methodology for anomaly analysis and protection against network attacks to achieve (a) online monitoring, and analysis of network attacks; (b) automatically identifying critical vulnerable resources; and (c) proactive self-protection of network systems and their applications from a wide range of network attacks.The proposed methodology uses a unified framework to deploy online monitoring and analysis software modules that collect online measurement attributes and analyze the abnormal behavior of networks and their services. In addition, it evaluates the impact of component attacks on the overall operation of network systems and their services. This analysis also helps us determine the most critical components in the network that can lead to massive network outage or performance degradation.Based on Information Theory, we evaluate all network measurement attributes at each level of protocol to identify the features that can be measured efficiently in real time and can be used to detect abnormal behavior. A single feature (measurement attribute) is not sufficient in accurately detecting network attacks. To remedy this problem, we developed an efficient Genetic algorithm to compute a linear classification function of several features with different weights. We validated our approach on DARPA KDD99 benchmark dataset and the results showed higher accuracy in detecting DoS and Probe attacks and a significant improvement in the detection rates for the most difficult to detect attacks (e.g., U2R and R2L). For example, for DoS and Probe attacks, we have achieved 99.93% and 99.91% detection rate with a false alarm of 1.55%, respectively. For U2R and R2L attacks, our approach can achieve a 92.5% detection rate with false alarm of 0.7587%, and a 92.47% detection rate with false alarm of 8.35%, respectively.Quality of Protection (QoP) based routing protocol is developed to automatically adjust network traffic priorities according to the feedback of anomaly metrics. QoP can be integrated with any existing Quality of Service (QoS) protocols that will give high priority to normal traffic and low priority to abnormal traffic in order to minimize the impact of network attacks on various network services.en_US
dc.typetexten_US
dc.typeElectronic Dissertationen_US
dc.subjectElectrical & Computer Engineeringen_US
thesis.degree.namePhDen_US
thesis.degree.leveldoctoralen_US
thesis.degree.disciplineElectrical & Computer Engineeringen_US
thesis.degree.disciplineGraduate Collegeen_US
thesis.degree.grantorUniversity of Arizonaen_US
dc.contributor.advisorHariri, Salimen_US
dc.contributor.chairHariri, Salimen_US
dc.contributor.committeememberRozenblit, Jerzyen_US
dc.contributor.committeememberZeigler, Bernarden_US
dc.identifier.proquest1273en_US
dc.identifier.oclc137354747en_US
All Items in UA Campus Repository are protected by copyright, with all rights reserved, unless otherwise indicated.