Stream splitting in support of intrusion detection
| dc.contributor.advisor | Michael, James Bret | |
| dc.contributor.advisor | McEachen, John | |
| dc.contributor.author | Judd, John David | |
| dc.date | June 2003 | |
| dc.date.accessioned | 2012-03-14T17:30:07Z | |
| dc.date.available | 2012-03-14T17:30:07Z | |
| dc.date.issued | 2003-06 | |
| dc.identifier.uri | http://hdl.handle.net/10945/967 | |
| dc.description.abstract | One of the most significant challenges with modern intrusion detection systems is the high rate of false alarms that they generate. In order to lower this rate, we propose to reduce the amount of traffic sent a given intrusion detection system via a filtering process termed stream splitting. Each packet arriving at the system is treated as belonging to a connection. Each connection is then assigned to a network stream. A network stream can then be sent to an analysis engine tailored specifically for that type of data. To demonstrate a stream-splitting capability, both an extendable multi-threaded architecture and prototype were developed. This system was tested to ensure the ability to capture traffic and found to be able to do so with minimal loss at network speeds up to 20 Mb/s, comparable to several open-source analysis programs. The stream splitter was also shown to be able to correctly implement a traffic separation scheme. | en_US |
| dc.description.uri | http://archive.org/details/streamsplittingi10945967 | |
| dc.format.extent | xviii, 166 p. : ill. (some col.) | en_US |
| dc.publisher | Monterey, California. Naval Postgraduate School | en_US |
| dc.rights | This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States. | en_US |
| dc.subject.lcsh | Electronic alarm systems | en_US |
| dc.subject.lcsh | Computer networks | en_US |
| dc.subject.lcsh | Security measures | en_US |
| dc.title | Stream splitting in support of intrusion detection | en_US |
| dc.type | Thesis | en_US |
| dc.contributor.department | Computer Science (CS) | |
| dc.subject.author | Intrusion detection system | en_US |
| dc.subject.author | Stream splitting | en_US |
| dc.subject.author | Fuzzy logic | en_US |
| dc.description.service | Ensign, United States Navy | en_US |
| etd.thesisdegree.name | M.S. in Computer Science | en_US |
| etd.thesisdegree.level | Masters | en_US |
| etd.thesisdegree.discipline | Computer Science | en_US |
| etd.thesisdegree.grantor | Naval Postgraduate School | en_US |
| etd.verified | no | en_US |
| dc.description.distributionstatement | Approved for public release; distribution is unlimited. |
Files in this item
This item appears in the following Collection(s)
-
1. Thesis and Dissertation Collection, all items
Publicly releasable NPS Theses, Dissertations, MBA Professional Reports, Joint Applied Projects, Systems Engineering Project Reports and other NPS degree-earning written works.
Related items
Showing items related by title, author, creator and subject.
-
Cyber System Assurance through Improved Network Anomaly Modeling and Detection
(Monterey, California: Naval Postgraduate SchoolMonterey, California. Naval Postgraduate School, 2019-12); NPS-19-N039-AThe objectives of this work were to investigate the source of the dual natures of network traffic (i.e., Gaussian and alpha-stable) in order prove the merit of further development, improvement, and application of non-parametric ... -
Cyber System Assurance through Improved Network Anomaly Modeling and Detection
(Monterey, California: Naval Postgraduate SchoolMonterey, California. Naval Postgraduate School, 2019-12); NPS-19-N039-AThe objectives of this work were to investigate the source of the dual natures of network traffic (i.e., Gaussian and alpha-stable) in order prove the merit of further development, improvement, and application of non-parametric ... -
Behavioral analysis of network flow traffic
(Monterey, California. Naval Postgraduate School, 2010-09);Network Behavior Analysis (NBA) is a technique to enhance network security by passively monitoring aggregate traffic patterns and noting unusual action or departures from normal operations. The analysis is typically ...
