Modeling and analyzing intrusion attempts to a computer network operating in a defense-in-depth posture

Thumbnail Image
Files
04Sep_Givens.pdf (3.28 MB)
Authors
Givens, Mark Allen
Subjects
Advisors
Bordetsky, Alex
Roth, Joe
Date of Issue
2004-09
Date
Publisher
Monterey, CA; Naval Postgraduate School
Language
Abstract
In order to ensure the confidentially, integrity, and availability of networked resources operating on the Global Information Grid, the Department of Defense has incorporated a "Defense-in-Depth" posture. This posture includes the use of network security mechanisms and does not rely on a single defense for protection. Firewalls, Intrusion Detection Systems (IDS's), Anti-Virus (AV) software, and routers are such tools used. In recent years, computer security discussion groups have included IDS's as one of their most relevant issues. These systems help identify intruders that exploit vulnerabilities associated with operating systems, application software, and computing hardware. When IDS's are utilized on a host computer or network, there are two primary approaches to detecting and / or preventing attacks. Traditional IDS's, like most AV software, rely on known "signatures" to detect attacks. This thesis will focus on the secondary approach: Anomaly or "behavioral based" IDS's look for abnormal patterns of activity on a network to identify suspicious behavior.
Type
Thesis
Description
URI
https://hdl.handle.net/10945/1421
Series/Report No
Department
Organization
Identifiers
NPS Report Number
Sponsors
Funding
Format
xvi, 91 p. : ill. (some col.) ;
Citation
Distribution Statement
Approved for public release; distribution is unlimited.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Collections
Theses