Implementing a patternless intrusion detection system a methodology for Zippo
Olsavsky, Vonda L.
MetadataShow full item record
A methodology for the implementation of Zippo, a patternless intrusion detection system is presented in this thesis. This methodology approaches the implementation in a holistic manner to include the administrative and operational tasks necessary for ensuring proper preparation for Zippo's use. Prior to implementing and using Zippo, a basic understanding of TCP/IP and intrusion detection systems is needed and these topics are presented in broad detail. The origin of Zippo starts with the creation of Therminator, which is discussed in detail. The architecture and configuration of Zippo are based on those of Therminator and understanding the ideas of buckets and balls, thermal canyons and towers, decision trees, slidelength and windowlength and initial and boundary conditions are paramount to understanding the Zippo application. To successfully implement Zippo, other network factors must be attended to including the topology, organizational policies and the security plan. Once these factors are addressed, Zippo can be optimally configured to successfully be installed on a network. Finally, previous research done on Zippo yielded decision trees and thermal canyons pertaining to protocol specific threats that are presented to familiarize the reader with Zippo's visual representation of malicious or anomalous behavior.
Showing items related by title, author, creator and subject.
Naiser, Donald David (1997);Damage to lightly loaded structures, paving and service piping in areas of expansive clay soils has occurred throughout the world. The cause of this damage has been the inability to accurately model expansive soil movement ...
Naval Postgraduate School Center for Homeland Defense and Security (CHDS) (Monterey, California. Naval Postgraduate SchoolCenter for Homeland Defense and Security, 2009-05);May 2009. This issue of Homeland Security Affairs opens on a sad note: Rich Cooper’s memoriam to Inspector Matthew Simeone, who passed away in March of this year. Co-president of cohort 0601-0602, Matt graduated from the ...
Brown, John R.; Mitton, Stephen G. (1985-06);Relational programming is a methodology which combines the advantages of functional programming with the relatively simple laws which govern relations. The goal is to give the programmer an environment which allows a ...