The evolving Internet and other network technologies have dramatically increased the amount of security incidents in the past two decades. Intrusion detection has become an important aspect in the field of network security. When a firewall is broken, an effective intrusion detection system is a second line of defence. There are many commercial and open-source solutions available for network-based intrusion detection. However, the ultimate solution is still undiscovered. This thesis presents a new solution for network-based intrusion detection. The developed application uses the commonly known misuse detection and anomaly detection in a parallel way, so that known and unknown intrusions can be detected efficiently. The malicious and legitimate network activities are modelled using a new modelling scheme that combines the Extensible Markup Language and the Message Sequence Charts. The thesis also provides a brief overview for network security, description for known network attacks and for intrusion detection systems. The experimental test results will show that the developed application is capable of detecting simulated intrusions in a test network environment with a detection rate of close to 100 %. In addition, the amount of false alarms will stay on an acceptable rate of 3 - 5 %.
|Place of Publication
|Published - 2009
|MoE publication type
|G2 Master's thesis, polytechnic Master's thesis
- intrusion modelling