Intrusion detection in real-time in a multi-node, multi-host environment
Barrus, Joseph D.
MetadataShow full item record
While there exist many tools and methods used to recognize intrusions into single system environments, there are few that can recognize and handle attacks in real time. This group is further reduced when adding the complexity of recognizing and handling intrusions occurring in a heterogeneous networked environments. The results of the thesis are an open architecture design for a real-time intrusion detection system to handle intrusions in a heterogeneous network and the system requirements, specifications, protocols and software module design to support an implementation of a system using this architecture. The architecture presented herein comprises a distributed system of autonomous agents that reside on the various hosts in a network. These agents communicate with each other in a coordinated effort to identify and respond to intrusions into the network by sending messages to each other detailing the identity and threat level of a potential or imminent attack. To quantify the threat level of an ongoing attack, this thesis also presents an alert level hierarchy based on the danger level and transferability of the threat to the various hosts within the network
Approved for public release; distribution is unlimited
Showing items related by title, author, creator and subject.
Naval Postgraduate School Center for Homeland Defense and Security (CHDS) (Monterey, California. Naval Postgraduate SchoolCenter for Homeland Defense and Security, 2006-07);July 2006. The July 2006 issue of Homeland Security Affairs offers articles about risk perception, domestic right wing extremist groups, social network analysis, and the impact of foreign policy on homeland security. It ...
Cheng, Kah Wai (Monterey, California. Naval Postgraduate School, 2004-12);The idea of deploying a distributed network intrusion system using Therminator is explored in this thesis. There are many advantages in having a distributed system compared to a standalone network intrusion system. The ...
Julian, Donald P. (Monterey, California. Naval Postgraduate School, 2002-09);Modern intrusion detection systems have become highly reliable in identifying a malicious user on a computer system. Their limitations, though, are increasing the need for an intelligent response to an intrusion. In contrast, ...