Network-based intrusion detection system using parallel misuse and anomaly detection: Master's Thesis

Marko Määttä

Research output: ThesisMaster's thesisTheses

Abstract

The evolving Internet and other network technologies have dramatically increased the amount of security incidents in the past two decades. Intrusion detection has become an important aspect in the field of network security. When a firewall is broken, an effective intrusion detection system is a second line of defence. There are many commercial and open-source solutions available for network-based intrusion detection. However, the ultimate solution is still undiscovered. This thesis presents a new solution for network-based intrusion detection. The developed application uses the commonly known misuse detection and anomaly detection in a parallel way, so that known and unknown intrusions can be detected efficiently. The malicious and legitimate network activities are modelled using a new modelling scheme that combines the Extensible Markup Language and the Message Sequence Charts. The thesis also provides a brief overview for network security, description for known network attacks and for intrusion detection systems. The experimental test results will show that the developed application is capable of detecting simulated intrusions in a test network environment with a detection rate of close to 100 %. In addition, the amount of false alarms will stay on an acceptable rate of 3 - 5 %.
Original languageEnglish
QualificationMaster Degree
Awarding Institution
  • University of Oulu
Place of PublicationOulu
Publisher
Publication statusPublished - 2009
MoE publication typeG2 Master's thesis, polytechnic Master's thesis

Fingerprint

Intrusion detection
Network security
XML
Internet

Keywords

  • NIDS
  • intrusion modelling

Cite this

@phdthesis{b10ead2b8d334ad1a56151a11f7f1b38,
title = "Network-based intrusion detection system using parallel misuse and anomaly detection: Master's Thesis",
abstract = "The evolving Internet and other network technologies have dramatically increased the amount of security incidents in the past two decades. Intrusion detection has become an important aspect in the field of network security. When a firewall is broken, an effective intrusion detection system is a second line of defence. There are many commercial and open-source solutions available for network-based intrusion detection. However, the ultimate solution is still undiscovered. This thesis presents a new solution for network-based intrusion detection. The developed application uses the commonly known misuse detection and anomaly detection in a parallel way, so that known and unknown intrusions can be detected efficiently. The malicious and legitimate network activities are modelled using a new modelling scheme that combines the Extensible Markup Language and the Message Sequence Charts. The thesis also provides a brief overview for network security, description for known network attacks and for intrusion detection systems. The experimental test results will show that the developed application is capable of detecting simulated intrusions in a test network environment with a detection rate of close to 100 {\%}. In addition, the amount of false alarms will stay on an acceptable rate of 3 - 5 {\%}.",
keywords = "NIDS, intrusion modelling",
author = "Marko M{\"a}{\"a}tt{\"a}",
note = "CA2: TK805 University of Oulu: Department of Electrical and Information Engineering",
year = "2009",
language = "English",
publisher = "University of Oulu",
address = "Finland",
school = "University of Oulu",

}

Network-based intrusion detection system using parallel misuse and anomaly detection : Master's Thesis. / Määttä, Marko.

Oulu : University of Oulu, 2009. 65 p.

Research output: ThesisMaster's thesisTheses

TY - THES

T1 - Network-based intrusion detection system using parallel misuse and anomaly detection

T2 - Master's Thesis

AU - Määttä, Marko

N1 - CA2: TK805 University of Oulu: Department of Electrical and Information Engineering

PY - 2009

Y1 - 2009

N2 - The evolving Internet and other network technologies have dramatically increased the amount of security incidents in the past two decades. Intrusion detection has become an important aspect in the field of network security. When a firewall is broken, an effective intrusion detection system is a second line of defence. There are many commercial and open-source solutions available for network-based intrusion detection. However, the ultimate solution is still undiscovered. This thesis presents a new solution for network-based intrusion detection. The developed application uses the commonly known misuse detection and anomaly detection in a parallel way, so that known and unknown intrusions can be detected efficiently. The malicious and legitimate network activities are modelled using a new modelling scheme that combines the Extensible Markup Language and the Message Sequence Charts. The thesis also provides a brief overview for network security, description for known network attacks and for intrusion detection systems. The experimental test results will show that the developed application is capable of detecting simulated intrusions in a test network environment with a detection rate of close to 100 %. In addition, the amount of false alarms will stay on an acceptable rate of 3 - 5 %.

AB - The evolving Internet and other network technologies have dramatically increased the amount of security incidents in the past two decades. Intrusion detection has become an important aspect in the field of network security. When a firewall is broken, an effective intrusion detection system is a second line of defence. There are many commercial and open-source solutions available for network-based intrusion detection. However, the ultimate solution is still undiscovered. This thesis presents a new solution for network-based intrusion detection. The developed application uses the commonly known misuse detection and anomaly detection in a parallel way, so that known and unknown intrusions can be detected efficiently. The malicious and legitimate network activities are modelled using a new modelling scheme that combines the Extensible Markup Language and the Message Sequence Charts. The thesis also provides a brief overview for network security, description for known network attacks and for intrusion detection systems. The experimental test results will show that the developed application is capable of detecting simulated intrusions in a test network environment with a detection rate of close to 100 %. In addition, the amount of false alarms will stay on an acceptable rate of 3 - 5 %.

KW - NIDS

KW - intrusion modelling

M3 - Master's thesis

PB - University of Oulu

CY - Oulu

ER -