Distributed deployment of Therminators in the network
Cheng, Kah Wai
McEachen, John C.
MetadataShow full item record
The idea of deploying a distributed network intrusion system using Therminator is explored in this thesis. There are many advantages in having a distributed system compared to a standalone network intrusion system. The underlying principle of Therminator is modeling network traffic on conversation exchange models. Using Zippo, a new implementation of Therminator, the experimental setup consisted of multiple sensors reporting individual findings to a central server for aggregated analysis. Different scenarios of network attacks and intrusions were planned to investigate the effectiveness of the distributed system. The network attacks were taken from the M.I.T Lincoln Lab 1999 Data Sets. The distributed system was subjected to different combinations of network attacks in various parts of the network. The results were then analyzed to understand the behavior of the distributed system in response to the different attacks. In general, the distributed system detected all attacks under each scenario. Some surprising observations also indicated attack responses occurring in unanticipated scenarios. These results are subject to further investigation.
Approved for public release; distribution in unlimited.
Showing items related by title, author, creator and subject.
Mitigating distributed denial of service attacks with Multiprotocol Label Switching--Traffic Engineering (MPLS-TE) Vordos, Ioannis (Monterey, California. Naval Postgraduate School, 2009-03);A Denial of Service (DoS) occurs when legitimate users are prevented from using a service over a computer network. A Distributed Denial of Service (DDoS) attack is a more serious form of DoS in which an attacker uses the ...
Puri, Vinay (Monterey, California. Naval Postgraduate School, 2007-09);Distributed/Denial of Service (D/DoS) attacks are the most common and easy-tolaunch attacks against a computer or network. Once a D/DoS attack is recognized, there are several methods available to mitigate its impact. ...
Barrus, Joseph D. (Monterey, California. Naval Postgraduate School, 1997-09);While there exist many tools and methods used to recognize intrusions into single system environments, there are few that can recognize and handle attacks in real time. This group is further reduced when adding the complexity ...