Central Florida Memory
Collection
Browse All
Maps
Photographs
Postcards
Most Recent
More...
Advanced Search
Preferences
My Favorites
Help
Share
About the Project
Additional Resources
Credits & Contact Info
Partners
Tell Us What You Think
More Info...
Learn
Florida Stories
Teachers
Exhibits
More Info...
add to favorites
:
reference url
back to results
:
previous
:
next
CREATING MODELS OF INTERNET BACKGROUND TRAFFIC SUITABLE FOR USE IN EVALUATING NETWORK INTRUSION DETECTION SYSTEMS
Access this item.
Title
CREATING
MODELS
OF
INTERNET
BACKGROUND
TRAFFIC
SUITABLE
FOR
USE
IN
EVALUATING
NETWORK
INTRUSION
DETECTION
SYSTEMS
Author
LUO, SONG
Keywords
Network Traffic Modeling
Network Traffic Simulation
Network Intrusion Detection
Abstract
This
dissertation
addresses
Internet
background
traffic
generation
and
network
intrusion
detection.
It
is
organized
in
two
parts.
Part
one
introduces
a
method
to
model
realistic
Internet
background
traffic
and
demonstrates
how the
models
are
used
both
in a
simulation
environment
and in a
lab
environment.
Part
two
introduces
two
different
NID
(Network
Intrusion
Detection)
techniques
and
evaluates
them
using
the
modeled
background
traffic.
To
demonstrate
the
approach
we
modeled
five
major
application
layer
protocols:
HTTP, FTP,
SSH
,
SMTP
and
POP3.
The
model
of
each
protocol
includes
an
empirical
probability
distribution
plus
estimates
of
application-specific
parameters.
Due
to the
complexity
of the
traffic
,
hybrid
distributions
(called
mixture
distributions)
were
sometimes
required.
The
traffic
models
are
demonstrated
in
two
environments:
NS-2
(a
simulator)
and
HONEST
(a
lab
environment).
The
simulation
results
are
compared
against
the
original
captured
data
sets.
Users
of
HONEST
have the
option
of
adding
network
attacks
to the
background.
The
dissertation
also
introduces
two
new
template-based
techniques
for
network
intrusion
detection.
One
is
based
on a
template
of
autocorrelations
of the
investigated
traffic
,
while
the
other
uses
a
template
of
correlation
integrals.
Detection
experiments
have been
performed
on
real
traffic
and
attacks;
the
results
show
that the
two
techniques
can
achieve
high
detection
probability
and
low
false
alarm
in
certain
instances.
Adviser
Marin, Gerald
Publisher
University
of
Central
Florida
Degree
Ph.D.
Degree Grantor
Engineering and Computer Science
Degree Program
Computer Science
Graduation Date
2005-12-01
Type
Doctoral dissertation
Access Level
Public - Allow Worldwide Access
Release Date
2006-01-09
Repository
University Archives
Repository Collection
Electronic Theses and Dissertations
Identifier
CFE0000852
Access Link
http://purl.fcla.edu/fcla/etd/CFE0000852
add to favorites
:
reference url
back to results
:
previous
:
next
powered by CONTENTdm
®
|
contact us
^ to top ^
About
Partners
Contact Us
LSTA
IMLS
