Correlation analysis of fleet information warfare center network incidents

Download
Author
Ginn, Patrick W.
Date
2001-09Advisor
Buettner, Raymond
Boger, Dan C.
Metadata
Show full item recordAbstract
The Navy's Intrusion Detection process is currently reactive in nature. It is designed and programmed to detect and provide alerts to the Fleet Information Warfare Center (FlWC) of suspicious network activity while it is in progress, as well as to record/store data for future reference. However, the majority of activity taking place within and across Naval networks is legitimate and not an unauthorized activity. To allow for efficient access and utilization of the information systems sharing the network the Intrusion Detection Systems must be set at a level that filters out activity deemed as normal or non%hostile, while still providing an appropriate level of security. With this filtering in place an IDS system will not register all suspicious activity, and may not detect mild and seemingly harmless activity. When increasing security, limits must be imposed upon access. This thesis examines FIWC network incident data from 1999 to see if a correlation can be drawn between United States visibility in the foreign media during 1999 and the occurrence of suspicious network incidents. A positive correlation may provide advance-warning indicators that could lead to the development of a procedure for increasing security posture based on the current environment. These indicators would provide a more proactive method of defense, significantly reduce potential damage caused by hostile network incidents and provide for more efficient network activity.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.Collections
Related items
Showing items related by title, author, creator and subject.
-
Test and evaluation of the Malicious Activity Simulation Tool (MAST) in a Local Area Network (LAN) running the Common PC Operating System Environment (COMPOSE)
Littlejohn, Aaron M.; Makhlouf, Ehab (Monterey, California: Naval Postgraduate School, 2013-09);In the Department of the Navys layered defense approach to protecting a computer network, it is the networks administrators who provide the last layer of defense before the end user. Training network administrators is a ... -
Embedded efficiency: a social networks approach to popular support and dark network structure
Raabe, Leopele S.; Blount, Gary S. (Monterey, California: Naval Postgraduate School, 2016-03);This thesis poses the question, What is the nature of the relationships between social embeddedness, structural efficiency, and organizational behavior within dark networks? The objectives of this thesis are twofold. The ... -
Cyber System Assurance through Improved Network Anomaly Modeling and Detection
Bollmann, Chad A. (Monterey, California: Naval Postgraduate SchoolMonterey, California. Naval Postgraduate School, 2019-12); NPS-19-N039-AThe objectives of this work were to investigate the source of the dual natures of network traffic (i.e., Gaussian and alpha-stable) in order prove the merit of further development, improvement, and application of non-parametric ...