Articles via Databases
Articles via Journals
Online Catalog
E-books
Research & Information Literacy
Interlibrary loan
Theses & Dissertations
Collections
Policies
Services
About / Contact Us
Administration
Littman Architecture Library
This site will be removed in January 2019, please change your bookmarks.
This page will redirect to https://digitalcommons.njit.edu/dissertations/716 in 5 seconds

The New Jersey Institute of Technology's
Electronic Theses & Dissertations Project

Title: Security information management with frame-based attack presentation and first-order reasoning
Author: Yan, Wei
View Online: njit-etd2005-089
(xi, 81 pages ~ 6.6 MB pdf)
Department: Department of Electrical and Computer Engineering
Degree: Doctor of Philosophy
Program: Computer Engineering
Document Type: Dissertation
Advisory Committee: Hou, Edwin (Committee co-chair)
Ansari, Nirwan (Committee co-chair)
Rojas-Cessa, Roberto (Committee member)
De, Swades K. (Committee member)
Hung, Daochuan (Committee member)
Date: 2005-05
Keywords: Network security
Semantics
Intrusion detection
Reasoning
Availability: Unrestricted
Abstract:

Internet has grown by several orders of magnitude in recent years, and this growth has escalated the importance of computer security. Intrusion Detection System (IDS) is used to protect computer networks. However, the overwhelming flow of log data generated by IDS hamper security administrators from uncovering new insights and hidden attack scenarios. Security Information Management (SIM) is a new growing area of interest for intrusion detection. The research work in this dissertation explores the semantics of attack behaviors and designs Frame-based Attack Representation and First-order logic Automatic Reasoning (FAR-FAR) using linguistics and First-order Logic (FOL) based approaches. Techniques based on linguistics can provide efficient solutions to acquire semantic information from alert contexts, while FOL can tackle a wide variety of problems in attack scenario reasoning and querying. In FAR-FAR, the modified case grammar PCTCG is used to convert raw alerts into frame-structured alert streams and the alert semantic network 2-AASN is used to generate the attack scenarios, which can then inform the security administrator. Based on the alert contexts and attack ontology, Space Vector Model (SVM) is applied to categorize the intrusion stages. Furthermore, a robust Variant Packet Sending-interval Link Padding algorithm (VPSLP) is proposed to prevent links between the IDS sensors and the FAR-FAR agents from traffic analysis attacks. Recent measurements and studies demonstrated that real network traffic exhibits statistical self-similarity over several time scales. The bursty traffic anomaly detection method, Multi-Time scaling Detection (MTD), is proposed to statistically analyze network traffic's Histogram Feature Vector to detect traffic anomalies.


If you have any questions please contact the ETD Team, libetd@njit.edu.

 
ETD Information
Digital Commons @ NJIT
Theses and DIssertations
ETD Policies & Procedures
ETD FAQ's
ETD home

Request a Scan
NDLTD

NJIT's ETD project was given an ACRL/NJ Technology Innovation Honorable Mention Award in spring 2003