Show simple item record

dc.contributor.advisorMellor, John E.
dc.contributor.advisorAwan, Irfan U.
dc.contributor.authorAkhlaq, Monis
dc.date.accessioned2012-02-10T19:56:49Z
dc.date.available2012-02-10T19:56:49Z
dc.date.issued2012-02-10
dc.identifier.urihttp://hdl.handle.net/10454/5377
dc.description.abstractIntrusion Detection Systems (IDS) are considered as a vital component in network security architecture. The system allows the administrator to detect unauthorized use of, or attack upon a computer, network or telecommunication infrastructure. There is no second thought on the necessity of these systems however; their performance remains a critical question. This research has focussed on designing a high performance Network Intrusion Detection Systems (NIDS) model. The work begins with the evaluation of Snort, an open source NIDS considered as a de-facto IDS standard. The motive behind the evaluation strategy is to analyze the performance of Snort and ascertain the causes of limited performance. Design and implementation of high performance techniques are considered as the final objective of this research. Snort has been evaluated on highly sophisticated test bench by employing evasive and avoidance strategies to simulate real-life normal and attack-like traffic. The test-methodology is based on the concept of stressing the system and degrading its performance in terms of its packet handling capacity. This has been achieved by normal traffic generation; fussing; traffic saturation; parallel dissimilar attacks; manipulation of background traffic, e.g. fragmentation, packet sequence disturbance and illegal packet insertion. The evaluation phase has lead us to two high performance designs, first distributed hardware architecture using cluster-based adoption and second cascaded phenomena of anomaly-based filtration and signature-based detection. The first high performance mechanism is based on Dynamic Cluster adoption using refined policy routing and Comparator Logic. The design is a two tier mechanism where front end of the cluster is the load-balancer which distributes traffic on pre-defined policy routing ensuring maximum utilization of cluster resources. The traffic load sharing mechanism reduces the packet drop by exchanging state information between load-balancer and cluster nodes and implementing switchovers between nodes in case the traffic exceeds pre-defined threshold limit. Finally, the recovery evaluation concept using Comparator Logic also enhance the overall efficiency by recovering lost data in switchovers, the retrieved data is than analyzed by the recovery NIDS to identify any leftover threats. Intelligent Anomaly Detection Filtration (IADF) using cascaded architecture of anomaly-based filtration and signature-based detection process is the second high performance design. The IADF design is used to preserve resources of NIDS by eliminating large portion of the traffic on well defined logics. In addition, the filtration concept augment the detection process by eliminating the part of malicious traffic which otherwise can go undetected by most of signature-based mechanisms. We have evaluated the mechanism to detect Denial of Service (DoS) and Probe attempts based by analyzing its performance on Defence Advanced Research Projects Agency (DARPA) dataset. The concept has also been supported by time-based normalized sampling mechanisms to incorporate normal traffic variations to reduce false alarms. Finally, we have observed that the IADF has augmented the overall detection process by reducing false alarms, increasing detection rate and incurring lesser data loss.en_US
dc.description.sponsorshipNational University of Sciences & Technology (NUST), Pakistanen_US
dc.language.isoenen_US
dc.rights<a rel="license" href="http://creativecommons.org/licenses/by-nc-nd/3.0/"><img alt="Creative Commons License" style="border-width:0" src="http://i.creativecommons.org/l/by-nc-nd/3.0/88x31.png" /></a><br />The University of Bradford theses are licenced under a <a rel="license" href="http://creativecommons.org/licenses/by-nc-nd/3.0/">Creative Commons Licence</a>.eng
dc.subjectIntrusion Detection Systems (IDS)en_US
dc.subjectDynamic Cluster Architectureen_US
dc.subjectLow detection rateen_US
dc.subjectPacket lossen_US
dc.subjectNetwork securityen_US
dc.subjectTelecommunication infrastructureen_US
dc.subjectNetwork performanceen_US
dc.subjectTraffic Anomaly Filtration (IADF)en_US
dc.subjectDenial of Service (DoS)en_US
dc.subjectIncreasing detection rateen_US
dc.titleImproved performance high speed network intrusion detection systems (NIDS). A high speed NIDS architectures to address limitations of Packet Loss and Low Detection Rate by adoption of Dynamic Cluster Architecture and Traffic Anomaly Filtration (IADF).en_US
dc.type.qualificationleveldoctoralen_US
dc.publisher.institutionUniversity of Bradfordeng
dc.publisher.departmentSchool of Computing, Informatics and Mediaen_US
dc.typeThesiseng
dc.type.qualificationnamePhDen_US
dc.date.awarded2011
refterms.dateFOA2018-07-19T08:48:02Z


Item file(s)

Thumbnail
Name:
Monis_Akhlaq_PhD_thesis_final_ ...
Size:
340.6Kb
Format:
PDF
Thumbnail
Name:
Monis_Akhlaq_PhD_thesis_070246 ...
Size:
1.952Mb
Format:
PDF

This item appears in the following Collection(s)

Show simple item record