Utilize este identificador para referenciar este registo: http://hdl.handle.net/10400.6/3752
Título: Intrusion detection based on behavioral rules for the bytes of the headers of the data units in IP networks
Autor: Pinho, Pedro Miguel Pinto e
Orientador: Inácio, Pedro Ricardo Morais
Palavras-chave: Informática - Aprendizagem automática
Informática - Captura de tráfego
Informática - Deteção de intrusões
Informática - Tráfego de rede
Informática - Ficheiros de captura etiquetados
Data de Defesa: 2012
Resumo: Nowadays, communications through computer networks are of utmost importance for the normal functioning of organizations, worldwide transactions and content delivery. These networks are threatened by all kinds of attacks, leading to traffic anomalies that will eventually disrupt the normal behaviour of the networks, exploring specific breaches on a system component or exhausting network resources. Automatic detection of these network anomalies comprises one of the most important resources for network administration, and Intrusion Detection Systems(IDSs) are amongst the systems responsible for this automatic detection. This dissertation starts from the assumption that it is possible to use machine learning to, consistently and automatically, produce rules for an intrusion detector based on statistics for the first 64 bytes of the headers of Internet Protocol (IP) packets. The survey on the state of the art on related works and currently available IDSs shows that the specific approach taken here is worth to be explored. The decision tree learning algorithm known as C4.5 is identified as a suitable means to produce the aforementioned rules, due to the similarity between their syntax and the tree structure. Several rules are then devised using the ML approach for several attacks. The attacks were the same used in a previous work, in which the rules were devised manually. Both rule sets are then compared to show that, in fact, it is possible to construct rules using the approach taken herein, and that the rules created resorting to the C4.5 algorithm are superior to the ones devised after thorough human analysis of several statistics calculated for the bytes of the headers of the packets. To compare them, each rule set was used to detect intrusions in third party traces containing attacks and in live traffic during simulation of attacks. Most of the attacks producing noticeable impact on the headers were detected by both rule sets, but the results for the third party traces were better in the case of the ML devised rules, providing a clear evidence for the aforementioned assumptions.
URI: http://hdl.handle.net/10400.6/3752
Designação: Dissertação apresentada à Universidade da Beira Interior para a obtenção do grau de mestre em Engenharia Informática
Aparece nas colecções:FE - DI | Dissertações de Mestrado e Teses de Doutoramento

Ficheiros deste registo:
Ficheiro Descrição TamanhoFormato 
dissertation.pdf998,89 kBAdobe PDFVer/Abrir


FacebookTwitterDeliciousLinkedInDiggGoogle BookmarksMySpace
Formato BibTex MendeleyEndnote Degois 

Todos os registos no repositório estão protegidos por leis de copyright, com todos os direitos reservados.