Abstract
The evolving Internet and other network technologies have dramatically
increased the amount of security incidents in the past two decades. Intrusion
detection has become an important aspect in the field of network security.
When a firewall is broken, an effective intrusion detection system is a second
line of defence. There are many commercial and open-source solutions
available for network-based intrusion detection. However, the ultimate
solution is still undiscovered.
This thesis presents a new solution for network-based intrusion detection. The
developed application uses the commonly known misuse detection and anomaly
detection in a parallel way, so that known and unknown intrusions can be
detected efficiently. The malicious and legitimate network activities are
modelled using a new modelling scheme that combines the Extensible Markup
Language and the Message Sequence Charts. The thesis also provides a brief
overview for network security, description for known network attacks and for
intrusion detection systems.
The experimental test results will show that the developed application is
capable of detecting simulated intrusions in a test network environment with a
detection rate of close to 100 %. In addition, the amount of false alarms
will stay on an acceptable rate of 3 - 5 %.
Original language | English |
---|---|
Qualification | Master Degree |
Awarding Institution |
|
Place of Publication | Oulu |
Publisher | |
Publication status | Published - 2009 |
MoE publication type | G2 Master's thesis, polytechnic Master's thesis |
Keywords
- NIDS
- intrusion modelling