Therminator : configuring the underlying statistical mechanics model
Ettlich, Daniel W.
McEachen, John C.
Eagle, Chris S.
MetadataShow full item record
The rapid increase in sophisticated Internet attacks has left the security industry lagging far behind. In an attempt to im-prove network security, Therminator, a patternless intrusion detection system, was developed in 2001 by NPS in conjunction with NSA. The Therminator model uses statistical mechanics to analyze network traffic as a system of exchanges. Being highly configurable enables Therminator to be adapted for any network configuration. Until now, however, no exploration had been conducted on the configuration parameters of the underlying statistical mechanics model. It is important to understand the effects of these parameters to optimize anomaly detection. Thus the current study explored these parameters using HTTP traffic generated in a controlled test environment. Results were as follows: equations were developed for state counting to determine bucket state space sizes; bucket state space size was found to be symmetrical about the midpoint of the boundary conditions; proper display period was based on traffic rate; and lastly, the more orthogonal anomalous traffic was to the normal traffic, the larger the perturbation was in the state graph. These results provide needed insight into properly configuring Ther-minator for optimal anomaly detection, ultimately affording the Department of Defense greater network security.
Approved for public release; distribution is unlimited
Showing items related by title, author, creator and subject.
Wang, Beng Wei (Monterey, California. Naval Postgraduate School, 2007-03);Wireless sensor networks have been widely researched for use in both military and commercial applications. They are especially of interest to the military planners as they can be deployed in hostile environments to collect ...
Gallup, Shelley P.; Anderson, Tom; Garza, Victor (Bob); Irvine, Nelson; Wood, Brian (Woodie) (Monterey, California. Naval Postgraduate School, 2016);There is no process or system capable of detecting obfuscated network traffic on DOD networks, and the quantity of obfuscated traffic on DOD networks is unknown. The presence of obfuscated traffic on a DOD network creates ...
Turksoyu, Faith (2001-03);Traffic modeling is an important component of the design of any communication network. This is even more crucial emerging networks, which are expected to operate in high speed and high bandwidth environments. As the design ...