Persistent Link:
http://hdl.handle.net/10150/195504
Title:
MULTI-LEVEL ANOMALY BASED AUTONOMIC INTRUSION DETECTION SYSTEM
Author:
Al-Nashif, Youssif
Issue Date:
2008
Publisher:
The University of Arizona.
Rights:
Copyright © is held by the author. Digital access to this material is made possible by the University Libraries, University of Arizona. Further transmission, reproduction or presentation (such as public display or performance) of protected items is prohibited except with permission of the author.
Abstract:
The rapid growth and deployment of network technologies and Internet services has made security and management of networks a challenging research problem. This growth is accompanied by an exponential growth in the number of network attacks, which have become more complex, more organized, more dynamic, and more severe than ever. Current network protection techniques are static, slow in responding to attacks, and inefficient due to the large number of false alarms. Attack detection systems can be broadly classified as being signature-based, classification-based, or anomaly-based. In this dissertation, I present a multi-level anomaly based autonomic network defense system which can efficiently detect both known and unknown types of network attacks with a high detection rate and low false alarms. The system uses autonomic computing to automate the control and management of multi-level intrusion detection system and integrate the different components of the system. The system defends the network by detecting anomalies in network operations that may have been caused by network attacks. Like other anomaly detection systems, AND captures a profile of normal network behavior.In this dissertation, I introduce experimental results that evaluate the effectiveness and performance of the multi-level anomaly based autonomic network intrusion detection system in detecting network attacks. The system consist of monitoring modules, feature aggregation and correlation modules, behavior analysis modules, decision fusion module, global visualization module, risk and impact analysis module, action module, attack classification module, and the adaptive learning module. I have successfully implemented a prototype system based on my multi-level anomaly based approach. The experimental results and evaluation of our prototype show that our multi-level intrusion detection system can efficiently and effectively detect and protect against any type of network attacks known or unknown in real-time. Furthermore, the overhead of our approach is insignificant on the normal network operations and services.
Type:
text; Electronic Dissertation
Keywords:
Autonomic; Intrusion Detection System; Multi-Level Anomay Based
Degree Name:
Ph.D.
Degree Level:
doctoral
Degree Program:
Electrical & Computer Engineering; Graduate College
Degree Grantor:
University of Arizona
Advisor:
Hariri, Salim
Committee Chair:
Hariri, Salim

Full metadata record

DC FieldValue Language
dc.language.isoenen_US
dc.titleMULTI-LEVEL ANOMALY BASED AUTONOMIC INTRUSION DETECTION SYSTEMen_US
dc.creatorAl-Nashif, Youssifen_US
dc.contributor.authorAl-Nashif, Youssifen_US
dc.date.issued2008en_US
dc.publisherThe University of Arizona.en_US
dc.rightsCopyright © is held by the author. Digital access to this material is made possible by the University Libraries, University of Arizona. Further transmission, reproduction or presentation (such as public display or performance) of protected items is prohibited except with permission of the author.en_US
dc.description.abstractThe rapid growth and deployment of network technologies and Internet services has made security and management of networks a challenging research problem. This growth is accompanied by an exponential growth in the number of network attacks, which have become more complex, more organized, more dynamic, and more severe than ever. Current network protection techniques are static, slow in responding to attacks, and inefficient due to the large number of false alarms. Attack detection systems can be broadly classified as being signature-based, classification-based, or anomaly-based. In this dissertation, I present a multi-level anomaly based autonomic network defense system which can efficiently detect both known and unknown types of network attacks with a high detection rate and low false alarms. The system uses autonomic computing to automate the control and management of multi-level intrusion detection system and integrate the different components of the system. The system defends the network by detecting anomalies in network operations that may have been caused by network attacks. Like other anomaly detection systems, AND captures a profile of normal network behavior.In this dissertation, I introduce experimental results that evaluate the effectiveness and performance of the multi-level anomaly based autonomic network intrusion detection system in detecting network attacks. The system consist of monitoring modules, feature aggregation and correlation modules, behavior analysis modules, decision fusion module, global visualization module, risk and impact analysis module, action module, attack classification module, and the adaptive learning module. I have successfully implemented a prototype system based on my multi-level anomaly based approach. The experimental results and evaluation of our prototype show that our multi-level intrusion detection system can efficiently and effectively detect and protect against any type of network attacks known or unknown in real-time. Furthermore, the overhead of our approach is insignificant on the normal network operations and services.en_US
dc.typetexten_US
dc.typeElectronic Dissertationen_US
dc.subjectAutonomicen_US
dc.subjectIntrusion Detection Systemen_US
dc.subjectMulti-Level Anomay Baseden_US
thesis.degree.namePh.D.en_US
thesis.degree.leveldoctoralen_US
thesis.degree.disciplineElectrical & Computer Engineeringen_US
thesis.degree.disciplineGraduate Collegeen_US
thesis.degree.grantorUniversity of Arizonaen_US
dc.contributor.advisorHariri, Salimen_US
dc.contributor.chairHariri, Salimen_US
dc.contributor.committeememberRozenblit, Jerzyen_US
dc.contributor.committeememberAkoglu, Alien_US
dc.identifier.proquest10151en_US
dc.identifier.oclc659750724en_US
All Items in UA Campus Repository are protected by copyright, with all rights reserved, unless otherwise indicated.