MS, University of Cincinnati, 2021, Education, Criminal Justice, and Human Services: Information Technology

The prevalence of cyberattacks on the home network today sparked great concern among researchers. With the advent of telecommuting and stay-at-home orders, cyber attackers have found network intrusion easier than usual as SOHO networks are generally incapable of rescinding the advanced intrusion techniques developed today. Therefore, there are more sensitive data online today than usual. Firewall configurations, Antivirus scans, and secure locks have all been studied and found to be ineffective in combating these advanced techniques. The researcher examines the design of a more advanced system of detecting and understanding attacks on home networks to solve this issue. The researcher takes an experimentation approach at combining the functionalities of Elasticsearch SIEM and Snort IDS to reinforce a secure SOHO network. A virtual simulation of real-life cyber-attack scenarios was carried out. The researcher found that the design was more effective in reporting attacks than the most alternative. The tools allowed the researcher to analyze the detected attacks, visualize them, and correlate them with open-source rules that take further actions against detected intrusions. Although this design requires more than a basic understanding of setting up, the researcher believes that the quality of its effectiveness may spur further research on how SIEM configuration may be made more accessible and straightforward to use to SOHO administrators.

Committee: M. Murat Ozer Ph.D. (Committee Chair); Ryan Moore (Committee Member) Subjects: Information Technology

Master of Science (M.S.), University of Dayton, 2015, Electrical Engineering

Intrusion Detection Systems (IDS) are intelligent specialized systems designed to interpret intrusion attempts from incoming network traffic. IDSs aim at minimizing the risk of accessing unauthorized data and potential vulnerabilities in critical systems by examining every packet entering a system. Packet inspection and Pattern matchings are often computationally intensive processes and that are the most power hungry functionalities in network intrusion detection systems. This thesis presents a high throughput, low latency and low power memristor crossbar architecture for packet header and payload matching that could be used for high-speed packet classification and malware detection. The memristor crossbar systems can perform intrusion detection through a brute force approach for static contents/signatures and a state machine approach for regular expressions. A large portion of the work completed in this thesis has been published in [1-2].

Committee: Tarek Taha Dr (Advisor); Eric Balster Dr (Committee Member); Vamsy Chodavarapu Dr (Committee Member) Subjects: Computer Engineering; Electrical Engineering