Browsing by Subject "Intrusion Detection Systems"
Now showing 1 - 2 of 2
Results Per Page
Sort Options
Item Algorithms for Large-Scale Internet Measurements(2012-02-14) Leonard, Derek AnthonyAs the Internet has grown in size and importance to society, it has become increasingly difficult to generate global metrics of interest that can be used to verify proposed algorithms or monitor performance. This dissertation tackles the problem by proposing several novel algorithms designed to perform Internet-wide measurements using existing or inexpensive resources. We initially address distance estimation in the Internet, which is used by many distributed applications. We propose a new end-to-end measurement framework called Turbo King (T-King) that uses the existing DNS infrastructure and, when compared to its predecessor King, obtains delay samples without bias in the presence of distant authoritative servers and forwarders, consumes half the bandwidth, and reduces the impact on caches at remote servers by several orders of magnitude. Motivated by recent interest in the literature and our need to find remote DNS nameservers, we next address Internet-wide service discovery by developing IRLscanner, whose main design objectives have been to maximize politeness at remote networks, allow scanning rates that achieve coverage of the Internet in minutes/hours (rather than weeks/months), and significantly reduce administrator complaints. Using IRLscanner and 24-hour scan durations, we perform 20 Internet-wide experiments using 6 different protocols (i.e., DNS, HTTP, SMTP, EPMAP, ICMP and UDP ECHO). We analyze the feedback generated and suggest novel approaches for reducing the amount of blowback during similar studies, which should enable researchers to collect valuable experimental data in the future with significantly fewer hurdles. We finally turn our attention to Intrusion Detection Systems (IDS), which are often tasked with detecting scans and preventing them; however, it is currently unknown how likely an IDS is to detect a given Internet-wide scan pattern and whether there exist sufficiently fast stealth techniques that can remain virtually undetectable at large-scale. To address these questions, we propose a novel model for the windowexpiration rules of popular IDS tools (i.e., Snort and Bro), derive the probability that existing scan patterns (i.e., uniform and sequential) are detected by each of these tools, and prove the existence of stealth-optimal patterns.Item Challenges and Solutions for Intrusion Detection in Wireless Mesh Networks(2014-05-03) Hassanzadeh, AminThe problem of intrusion detection in wireless mesh networks (WMN) is challenging, primarily because of lack of single vantage points where traffic can be analyzed and the limited resources available to participating nodes. Although the problem has received some attention from the research community, little is known about the tradeoffs among different objectives, such as high network performance, low energy consumption, and high security effectiveness. In this research, we show how accurate intrusion detection can be achieved in such resource constrained environments. The major challenges that hinder the performance of intrusion detection systems (IDS) in WMN are resources (e.g., energy, processing, and storage capabilities) accompanied by the adhoc-dynamic communication flows. In light of these challenges, we classify the proposed solutions into four classes: 1) Resourceless Traffic Aware (RL-TW) IDS, 2) Resourceless Traffic Agnostic (RLTG) IDS, 3) Resourceful Traffic Agnostic (RF-TG) IDS, and 4) Resourceful Traffic Aware (RF-TW) IDS. To achieve a desirable level of intrusion detection in WMN, we propose a research program encompassing five thrusts. First we show how traffic-awareness helps IDS solutions achieving high detection rates in resource-constrained WMN. Next, we propose two RL-TG (i.e., cooperative and non-cooperative) IDS solutions that can optimally monitor the entire WMN traffic without relying on WMN traffic information. The third (RF-TG) and fourth (RF-TW) IDS solutions propose energy-efficient monitoring mechanisms for intrusion detection in battery-powered WMN for traffic-agnostic and traffic-aware scenarios, respectively. We then investigate the Attack and Fault Tolerance of our proposed solutions and finally enumerate potential improvements and future works for our proposed solutions.