Show simple item record

dc.contributor.authorGarg, Ashish
dc.date.accessioned2016-04-05T16:17:22Z
dc.date.available2016-04-05T16:17:22Z
dc.date.issued2006
dc.identifier.isbn9780542777448
dc.identifier.other304939425
dc.identifier.urihttp://hdl.handle.net/10477/49351
dc.description.abstractIntrusion detection systems (IDSs) are deployed by organizations as a measure of preventing intruders from stealing important organization files or from damaging the system. Traditionally these systems are developed for detecting intrusions on various levels such as network packets, program execution and system object permissions. The development of these IDSs takes a long time, which may range from months to years depending on the type of the system being protected and the type of detection mechanisms used. This dissertation attempts to address such design issues in the IDS community for improving the detection rates and reducing the false positives through the modeling and simulation approach. During the design of an IDS, attack and detection models are built to identify and understand the philosophy of system design vs. possible system vulnerabilities. To improve the quality of these models so that they provide coverage for a comprehensive set of scenarios, it is necessary that these models are tested before implementation. The first part of this dissertation addresses this problem by providing a platform for modeling and simulation of various attack scenarios. This is done by developing attack and detection libraries for common intrusions and testing them with a large number of scenarios. This assures that these models after development will be able to perform well and provide a wide coverage. Another advantage of modeling and simulation is that the detection rates can be improved in the design phase itself. In recent years, as the use of graphical user interface (GUI) based systems has increased, most of the operating systems and software applications including recent IDSs have been developed to support GUI environment and thus are more behavior oriented. The existing publicly available datasets are still based on command line or system level activities. To be able to evaluate the capabilities of existing IDSs and to design and develop new ones, one has to consider training and testing these systems with GUI based data. This issue is addressed in this dissertation by providing a GUI dataset generation tool. This tool can generate extensive sets of data based on customizable behavioral profiles of users. The overall goal of this dissertation is to address the important issues related to IDS evaluation such as modeling and simulation of attacks and detection mechanisms, generation of training and testing data, GUI based profiling and provide practical solutions to demonstrate the feasibility of these approaches. These solutions, once used in mainstream IDS evaluation community, will provide improved performance and better coverage for the next generation GUI based systems. (Abstract shortened by UMI.)
dc.languageEnglish
dc.sourceDissertations & Theses @ SUNY Buffalo,ProQuest Dissertations & Theses Global
dc.subjectApplied sciences
dc.subjectIntrusion detection
dc.subjectGraphical user interfaces
dc.subjectFalse positives
dc.titleA modeling and simulation framework for evaluation of intrusion detection systems
dc.typeDissertation/Thesis


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record