Network-based intrusion detection system using parallel misuse and anomaly detection: Master's Thesis

Marko Määttä

Research output: ThesisMaster's thesis


The evolving Internet and other network technologies have dramatically increased the amount of security incidents in the past two decades. Intrusion detection has become an important aspect in the field of network security. When a firewall is broken, an effective intrusion detection system is a second line of defence. There are many commercial and open-source solutions available for network-based intrusion detection. However, the ultimate solution is still undiscovered. This thesis presents a new solution for network-based intrusion detection. The developed application uses the commonly known misuse detection and anomaly detection in a parallel way, so that known and unknown intrusions can be detected efficiently. The malicious and legitimate network activities are modelled using a new modelling scheme that combines the Extensible Markup Language and the Message Sequence Charts. The thesis also provides a brief overview for network security, description for known network attacks and for intrusion detection systems. The experimental test results will show that the developed application is capable of detecting simulated intrusions in a test network environment with a detection rate of close to 100 %. In addition, the amount of false alarms will stay on an acceptable rate of 3 - 5 %.
Original languageEnglish
QualificationMaster Degree
Awarding Institution
  • University of Oulu
Place of PublicationOulu
Publication statusPublished - 2009
MoE publication typeG2 Master's thesis, polytechnic Master's thesis


  • NIDS
  • intrusion modelling


Dive into the research topics of 'Network-based intrusion detection system using parallel misuse and anomaly detection: Master's Thesis'. Together they form a unique fingerprint.

Cite this