Use this URL to cite or link to this record in EThOS: http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.554400
Title: Analysis and evaluation of network intrusion detection methods to uncover data theft
Author: Corsini, Julien
Awarding Body: Edinburgh Napier University
Current Institution: Edinburgh Napier University
Date of Award: 2009
Availability of Full Text:
Access from EThOS:
Access from Institution:
Abstract:
Nowadays, the majority of corporations mainly use signature-based intrusion detection. This trend is partly due to the fact that signature detection is a well-known technology, as opposed to anomaly detection which is one of the hot topics in network security research. A second reason for this fact may be that anomaly detectors are known to generate many alerts, the majority of which being false alarms. Corporations need concrete comparisons between different tools in order to choose which is best suited for their needs. This thesis aims at comparing an anomaly detector with a signature detector in order to establish which is best suited to detect a data theft threat. The second aim of this thesis is to establish the influence of the training period length of an anomaly Intrusion Detection System (IDS) on its detection rate. This thesis presents a Network-based Intrusion Detection System (NIDS) evaluation testbed setup. It shows the setup of two IDSes, the signature detector Snort and the anomaly detector Statistical Packet Anomaly Detection Engine (SPADE). The evaluation testbed also includes the setup of a data theft scenario (reconnaissance, brute force attack on server and data theft). The results from the experiments carried out in this thesis proved inconclusive, mainly due to the fact that the anomaly detector SPADE requires a configuration adapted to the network monitored. Despite the fact that the experimental results proved inconclusive, this thesis could act as documentation for setting up a NIDS evaluation testbed. It could also be considered as documentation for the anomaly detector SPADE. This statement is made from the observation that there is no centralised documentation about SPADE, and not a single research paper documents the setup of an evaluation testbed.
Supervisor: Not available Sponsor: Not available
Qualification Name: Thesis (D.Eng.) Qualification Level: Doctoral
EThOS ID: uk.bl.ethos.554400  DOI: Not available
Keywords: QA75 Electronic computers. Computer science
Share: