Implementing a patternless intrusion detection system a methodology for Zippo

Download
Author
Olsavsky, Vonda L.
Date
2005-09Advisor
McEachen, John
Bordetsky, Alex
Metadata
Show full item recordAbstract
A methodology for the implementation of Zippo, a patternless intrusion detection system is presented in this thesis. This methodology approaches the implementation in a holistic manner to include the administrative and operational tasks necessary for ensuring proper preparation for Zippo's use. Prior to implementing and using Zippo, a basic understanding of TCP/IP and intrusion detection systems is needed and these topics are presented in broad detail. The origin of Zippo starts with the creation of Therminator, which is discussed in detail. The architecture and configuration of Zippo are based on those of Therminator and understanding the ideas of buckets and balls, thermal canyons and towers, decision trees, slidelength and windowlength and initial and boundary conditions are paramount to understanding the Zippo application. To successfully implement Zippo, other network factors must be attended to including the topology, organizational policies and the security plan. Once these factors are addressed, Zippo can be optimally configured to successfully be installed on a network. Finally, previous research done on Zippo yielded decision trees and thermal canyons pertaining to protocol specific threats that are presented to familiarize the reader with Zippo's visual representation of malicious or anomalous behavior.
Collections
Related items
Showing items related by title, author, creator and subject.
-
SYSTEM ANALYSIS OF COUNTER UNMANNED AERIAL SYSTEMS' KILL CHAIN IN AN OPERATIONAL ENVIRONMENT
Tan, Choon S. (Monterey, CA; Naval Postgraduate School, 2021-09);The proliferation of unmanned aerial system (UAS) capabilities in the commercial sector is posing potentially significant threats to the traditional perimeter defense of civilian and military facilities. In particular, ... -
Relational programming: design and implementation of a prototype interpreter
Brown, John R.; Mitton, Stephen G. (1985-06);Relational programming is a methodology which combines the advantages of functional programming with the relatively simple laws which govern relations. The goal is to give the programmer an environment which allows a ... -
An approach to the application of life cycle cost concept in weapon system acquisition for the Venezulan Navy
Gil Rojas, Jose G. (1981-12); NPS-54-81-018This thesis presents a review of the Life Cycle Cost (LCC) concept as it is applied in weapon system acquisition. A methodology is developed for preparing estimates of the Support Investment (SI) and Operating and Support ...