Author

Katie McConky

Abstract

Computer networks are vulnerable to attacks from outside threats. Intrusion detection systems are used to monitor computer networks for attacker activity. Intrusion detection systems consist of a set of sensors placed strategically throughout a computer network. The large amounts of data produced by intrusion detection system sensors may be sent to and processed by information fusion engines. Information fusion engines correlate alerts and identify attack paths of attackers. Sensor management strategies are developed to minimize the time taken to process attack data, minimize the bandwidth used by the security system of a network, and maximize the number of attacks successfully tracked. An experimental performance evaluation is conducted on sensor management strategies utilizing a variety of representative network topologies, network sizes, alert rates and attack scenarios so that a robust sensor management strategy can be identified. Performance measures of interest include the average time taken to process a real alert at the fusion engine, the percentage of real alerts processed, the percentage of noise alerts processed, the average bandwidth used to transfer alerts, and ability of a sensor management rule to successfully track multiple attacks consistently. Results indicate rules that attempt to meet but not exceed network constraints outperform rules that disregard network constraints. Additionally, rules that take into consideration the progress of current attacks also show some benefits.

Library of Congress Subject Headings

Multisensor data fusion; Computer networks--Security measures; Sensor networks; Computer crimes--Computer simulation

Publication Date

8-1-2007

Document Type

Thesis

Department, Program, or Center

Industrial and Systems Engineering (KGCOE)

Advisor

Kuhl, Michael - Chair

Advisor/Committee Member

Sudit, Moises

Comments

Note: imported from RIT’s Digital Media Library running on DSpace to RIT Scholar Works. Physical copy available through RIT's The Wallace Library at: TK7872.D48 M36 2007

Campus

RIT – Main Campus

Share

COinS