Distributed deployment of Therminators in the network

Download
Author
Cheng, Kah Wai
Date
2004-12Advisor
McEachen, John C.
Second Reader
Wen, Su
Metadata
Show full item recordAbstract
The idea of deploying a distributed network intrusion system using Therminator is explored in this thesis. There are many advantages in having a distributed system compared to a standalone network intrusion system. The underlying principle of Therminator is modeling network traffic on conversation exchange models. Using Zippo, a new implementation of Therminator, the experimental setup consisted of multiple sensors reporting individual findings to a central server for aggregated analysis. Different scenarios of network attacks and intrusions were planned to investigate the effectiveness of the distributed system. The network attacks were taken from the M.I.T Lincoln Lab 1999 Data Sets. The distributed system was subjected to different combinations of network attacks in various parts of the network. The results were then analyzed to understand the behavior of the distributed system in response to the different attacks. In general, the distributed system detected all attacks under each scenario. Some surprising observations also indicated attack responses occurring in unanticipated scenarios. These results are subject to further investigation.
Rights
Copyright is reserved by the copyright owner.Collections
Related items
Showing items related by title, author, creator and subject.
-
SPECTRAL GRAPH-BASED CYBER DETECTION AND CLASSIFICATION SYSTEM WITH PHANTOM COMPONENTS
Safar, Jamie L. (Monterey, CA; Naval Postgraduate School, 2020-12);With cyber attacks on the rise, cyber defenders require new, innovative solutions to provide network protection. We propose a spectral graph-based cyber detection and classification (SGCDC) system using phantom components, ... -
Mitigating distributed denial of service attacks with Multiprotocol Label Switching--Traffic Engineering (MPLS-TE)
Vordos, Ioannis (Monterey, California. Naval Postgraduate School, 2009-03);A Denial of Service (DoS) occurs when legitimate users are prevented from using a service over a computer network. A Distributed Denial of Service (DDoS) attack is a more serious form of DoS in which an attacker uses the ... -
Automated alerting for black hole routing
Puri, Vinay (Monterey, California. Naval Postgraduate School, 2007-09);Distributed/Denial of Service (D/DoS) attacks are the most common and easy-tolaunch attacks against a computer or network. Once a D/DoS attack is recognized, there are several methods available to mitigate its impact. ...