Theses and Dissertations from UMD

Permanent URI for this communityhttp://hdl.handle.net/1903/2

New submissions to the thesis/dissertation collections are added automatically as they are received from the Graduate School. Currently, the Graduate School deposits all theses and dissertations from a given semester after the official graduation date. This means that there may be up to a 4 month delay in the appearance of a give thesis/dissertation in DRUM

More information is available at Theses and Dissertations at University of Maryland Libraries.

Browse

Filters

20051

Settings

Author: search.filters.author.Bojanic, IrenaSubject: search.filters.subject.network security

Search Results

Now showing 1 - 1 of 1
  • Thumbnail Image
    Item
    On-line Adaptive IDS Scheme for Detecting Unknown Network Attacks using HMM Models
    (2005-05-04) Bojanic, Irena; Baras, John S; Electrical Engineering; Digital Repository at the University of Maryland; University of Maryland (College Park, Md.)
    An important problem in designing IDS schemes is an optimal trade-off between good detection and false alarm rate. Specifically, in order to detect unknown network attacks, existing IDS schemes use anomaly detection which introduces a high false alarm rate. In this thesis we propose an IDS scheme based on overall behavior of the network. We capture the behavior with probabilistic models (HMM) and use only limited logic information about attacks. Once we set the detection rate to be high, we filter out false positives through stages. The key idea is to use probabilistic models so that even an unknown attack can be detected, as well as a variation of a previously known attack. The scheme is adaptive and real-time. Simulation study showed that we can have a perfect detection of both known and unknown attacks while maintaining a very low false alarm rate.