On-line Adaptive IDS Scheme for Detecting Unknown Network Attacks using HMM Models

dc.contributor.advisorBaras, John Sen_US
dc.contributor.authorBojanic, Irenaen_US
dc.contributor.departmentElectrical Engineeringen_US
dc.contributor.publisherDigital Repository at the University of Marylanden_US
dc.contributor.publisherUniversity of Maryland (College Park, Md.)en_US
dc.date.accessioned2005-08-03T14:55:25Z
dc.date.available2005-08-03T14:55:25Z
dc.date.issued2005-05-04en_US
dc.description.abstractAn important problem in designing IDS schemes is an optimal trade-off between good detection and false alarm rate. Specifically, in order to detect unknown network attacks, existing IDS schemes use anomaly detection which introduces a high false alarm rate. In this thesis we propose an IDS scheme based on overall behavior of the network. We capture the behavior with probabilistic models (HMM) and use only limited logic information about attacks. Once we set the detection rate to be high, we filter out false positives through stages. The key idea is to use probabilistic models so that even an unknown attack can be detected, as well as a variation of a previously known attack. The scheme is adaptive and real-time. Simulation study showed that we can have a perfect detection of both known and unknown attacks while maintaining a very low false alarm rate.en_US
dc.format.extent1249913 bytes
dc.format.mimetypeapplication/pdf
dc.identifier.urihttp://hdl.handle.net/1903/2571
dc.language.isoen_US
dc.subject.pqcontrolledEngineering, Electronics and Electricalen_US
dc.subject.pquncontrolledIDSen_US
dc.subject.pquncontrollednetwork securityen_US
dc.subject.pquncontrolledintrusionsen_US
dc.titleOn-line Adaptive IDS Scheme for Detecting Unknown Network Attacks using HMM Modelsen_US
dc.typeThesisen_US

Files

Original bundle

Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
umi-umd-2458.pdf
Size:
1.19 MB
Format:
Adobe Portable Document Format