Therminator : configuring the underlying statistical mechanics model
Loading...
Authors
Ettlich, Daniel W.
Subjects
Advisors
McEachen, John C.
Eagle, Chris S.
Date of Issue
2003-12
Date
Publisher
Monterey, California. Naval Postgraduate School
Language
Abstract
The rapid increase in sophisticated Internet attacks has left the security industry lagging far behind. In an attempt to im-prove network security, Therminator, a patternless intrusion detection system, was developed in 2001 by NPS in conjunction with NSA. The Therminator model uses statistical mechanics to analyze network traffic as a system of exchanges. Being highly configurable enables Therminator to be adapted for any network configuration. Until now, however, no exploration had been conducted on the configuration parameters of the underlying statistical mechanics model. It is important to understand the effects of these parameters to optimize anomaly detection. Thus the current study explored these parameters using HTTP traffic generated in a controlled test environment. Results were as follows: equations were developed for state counting to determine bucket state space sizes; bucket state space size was found to be symmetrical about the midpoint of the boundary conditions; proper display period was based on traffic rate; and lastly, the more orthogonal anomalous traffic was to the normal traffic, the larger the perturbation was in the state graph. These results provide needed insight into properly configuring Ther-minator for optimal anomaly detection, ultimately affording the Department of Defense greater network security.
Type
Thesis
Description
Series/Report No
Department
Electrical Engineering
Computer Science
Organization
Naval Postgraduate School
Identifiers
NPS Report Number
Sponsors
Funding
Format
xxii, 73 p. : col. ill.
Citation
Distribution Statement
Approved for public release; distribution is unlimited.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.