Computer networks are vulnerable to attacks from outside threats. Intrusion detection systems are used to monitor computer networks for attacker activity. Intrusion detection systems consist of a set of sensors placed strategically throughout a computer network. The large amounts of data produced by intrusion detection system sensors may be sent to and processed by information fusion engines. Information fusion engines correlate alerts and identify attack paths of attackers. Sensor management strategies are developed to minimize the time taken to process attack data, minimize the bandwidth used by the security system of a network, and maximize the number of attacks successfully tracked. An experimental performance evaluation is conducted on sensor management strategies utilizing a variety of representative network topologies, network sizes, alert rates and attack scenarios so that a robust sensor management strategy can be identified. Performance measures of interest include the average time taken to process a real alert at the fusion engine, the percentage of real alerts processed, the percentage of noise alerts processed, the average bandwidth used to transfer alerts, and ability of a sensor management rule to successfully track multiple attacks consistently. Results indicate rules that attempt to meet but not exceed network constraints outperform rules that disregard network constraints. Additionally, rules that take into consideration the progress of current attacks also show some benefits.
Library of Congress Subject Headings
Multisensor data fusion; Computer networks--Security measures; Sensor networks; Computer crimes--Computer simulation
Department, Program, or Center
Industrial and Systems Engineering (KGCOE)
Kuhl, Michael - Chair
McConky, Katie, "Design and analysis of information fusion, dynamic sensor management rules for cyber security systems using simulation" (2007). Thesis. Rochester Institute of Technology. Accessed from
RIT – Main Campus