Search Results (1 - 18 of 18 Results)

Sort By  
Sort Dir
 
Results per page  

Kumar, KavithaIntrusion Detection in Mobile Adhoc Networks
Master of Science in Engineering, University of Toledo, 2009, Electrical Engineering

Mobile ad hoc networks (MANETs) are autonomous, infrastructure-less networks in which mobile nodes organize themselves in a network without the help of any predefined infrastructure. Securing MANETs is an important part of deploying and utilizing them, since they are often used in critical applications where data and communications integrity in important. Existing solutions for wireless networks can be used to obtain a certain level of such security. However, these solutions may not always be sufficient for MANETs, since their characteristics create vulnerabilities that cannot be addressed by these solutions. To obtain an acceptable level of security in such a context, traditional security solutions should be coupled with an intrusion detection mechanism.

We propose using a quantitative method to detect intrusion in MANETS with mobile nodes. Our method is a behavioral anomaly based system, which makes it dynamic, scalable, configurable and robust. We verify our method using simulations where mobile nodes follow linear movement patterns. The simulations are run with mobile nodes and employing Ad-hoc on-demand Distance Vector (AODV) routing. It is observed that the malicious node detection rate is very good, and the false positive detection rate is low.

Committee:

Mansoor Alam, Dr (Committee Chair); Daniel Solarek (Committee Member); Henry Ledgard, Dr (Committee Member)

Subjects:

Computer Science; Electrical Engineering

Keywords:

Mobile Ad hoc networks;MANETs with mobile nodes;Intrusion Detection in MANETs;Intrusion Detection in MANETs with mobile nodes

Vasudevan, SwethaImmune Based Event-Incident Model for Intrusion Detection Systems: A Nature Inspired Approach to Secure Computing
MS, Kent State University, 2007, College of Arts and Sciences / Department of Computer Science
Immune System is essential for the survival of the species. How exactly this sophisticated defense mechanism accomplishes the level of discrimination remains deeply enigmatic. Both Immune System and Intrusion Detection System work toward a comparable goal, identifying and responding to malicious agents. The effectiveness of an Intrusion Detection System however, depends on its ability to accurately differentiate between an event and an incident. Today computer scientists and researchers are borrowing some of the underlying principles of Immunology to implement such a system. The Human Immune System primarily involves highly specific recognition of foreign antigens and tolerance of self antigens. For more than six decades, the concept of ‘self / non-self’ formed the central theme of Immunology. The model states that all foreign entities that are not part of the organism trigger an immune response, whereas self elements do not. In the last few years, several researchers have challenged the authenticity of this concept and have come up with rival ideas. One such notion is the Danger Theory for Immunology. According to this new viewpoint, the Immune System does not discriminate between self and non-self elements but between danger and non-danger. Danger is perceived as a signal emitted by the cells that die an unnatural death. Detection of a foreign entity occurs in conjunction with the detection of danger signals which are emanated as a result of discontinuity in the constant interactions between the immune receptors and their targets. In this thesis, the author proposes a new Danger Theory based Event-Incident Model for Intrusion Detection System. The proposed model also borrows some key characteristics of autonomous multi-agent system. It employs a group of detectors known as the ‘Mobile Intrusion Detection Squad’ and utilizes the ‘Divide and Conquer Approach’ to identify and respond to both distributed and coordinated attacks. The literature of Immune-based Intrusion Detection System currently lacks solution for ensuring corruption free immune detectors. The proposed model strives to address this issue by implementing attack resistant mobile agents which can relocate itself inside the network and be elusive when a suspicious activity is sensed. Special emphasis will be given to some prevailing challenges such as alert correlation and false alarm production. This thesis will provide a conceptual view and the overall infrastructure of the proposed model. It is the author’s hope that this Computer Immune Model will emulate some if not all of the brilliant characteristics of Mother Nature’s defense mechanism against diseases.

Committee:

Michael Rothstein (Advisor)

Subjects:

Computer Science

Keywords:

Intrusion Detection Systems; Immune System; Immune Detectors; Intrusion Detection Squad; Multi-Agent System

Katneni, NarendranadDeployment Strategies and Mechanisms for Intrusion Detection In Wireless Sensor Networks
MS, University of Cincinnati, 2012, Engineering and Applied Science: Computer Science

Wireless Sensor Networks (WSNs) play a big role in many real life scenarios and are used in a wide range of applications. That includes military, industrial and civilian security and this requires stability, performance and affordability of WSNs. Deployment schemes of sensors play an important role in the design of WSN and contribute to improving its security. There are various deployment schemes that have their own strengths and weaknesses and each one suits best for a particular set of applications.

In this thesis, we focus particularly on “Intrusion Detection”, which is an application of WSNs. We study the existing deployment schemes such as Uniform, Gaussian and identify their strengths and limitations. We then propose two new deployment techniques called Hybrid Gaussian-Ring Deployment and Reverse Gaussian Deployment. Hybrid Gaussian-Ring offers better border protection and network connectivity, whereas Reverse Gaussian performs better in protecting multiple facilities located within the area protected by the WSN.

Subsequently, we study about Regular Deployment schemes, their applications and their differences from the probabilistic deployment schemes. These are more useful when the area of deployment of WSN is more accessible and non-hostile. We then analyze the performance of various regular deployment schemes and establish which of these is best suited for intrusion detection.

Committee:

Dharma Agrawal, DSc (Committee Chair); Yizong Cheng, PhD (Committee Member); Yiming Hu, PhD (Committee Member)

Subjects:

Computer Science

Keywords:

Wireless Sensor Networks; Intrusion Detection; Sensor Deployment; Gaussian Deployment; Regular Deployment; Security

Pentukar, Sai KiranOCLEP+: One-Class Intrusion Detection Using Length of Patterns
Master of Science in Cyber Security (M.S.C.S.), Wright State University, 2017, Computer Science
In an earlier paper, a method called One-class Classification using Length statistics of (jumping) Emerging Patterns (OCLEP) was introduced for masquerader detection. Jumping emerging patterns (JEPs) for a test instance are minimal patterns that match the test instance but they do not match any normal instances. OCLEP was based on the observation that one needs long JEPs to differentiate an instance of one class from instances of the same class, but needs short JEPs to differentiate an instance of one class from instances of a different class. In this thesis, we present OCLEP+, One-class Classification using Length statistics of Emerging Patterns Plus by adding several new ideas to OCELP. OCLEP+ retains the one-class training feature of OCELP, hence it only requires the normal class data for training. Moreover, OCELP+ has the advantage of being not model or signature based, making it hard to evade. OCLEP+ uses only length statistics of JEPs, making it a robust method. Experiments show that OCELP+ is more accurate than OCLEP and one-class SVM, on the NSL-KDD datasets.

Committee:

Guozhu Dong, Ph.D. (Advisor); Junjie Zhang, Ph.D. (Committee Member); Bin Wang, Ph.D. (Committee Member)

Subjects:

Computer Science; Information Systems

Keywords:

Intrusion Detection; OCLEP; OCLEP plus; Border Differential algorithm; One-class; One Class; Emerging patterns; Jumping Emerging Patterns

Alqallaf, MahaSoftware Defined Secure Ad Hoc Wireless Networks
Doctor of Philosophy (PhD), Wright State University, 2016, Computer Science and Engineering PhD
Software defined networking (SDN), a new networking paradigm that separates the network data plane from the control plane, has been considered as a flexible, layered, modular, and efficient approach to managing and controlling networks ranging from wired, infrastructure-based wireless (e.g., cellular wireless networks, WiFi, wireless mesh net- works), to infrastructure-less wireless networks (e.g. mobile ad-hoc networks, vehicular ad-hoc networks) as well as to offering new types of services and to evolving the Internet architecture. Most work has focused on the SDN application in traditional and wired and/or infrastructure based networks. Wireless networks have become increasingly more heterogeneous. Secure and collab- orative operation of mobile wireless ad-hoc networks poses significant challenges due to the decentralized nature of mobile ad hoc wireless networks, mobility of nodes, and re- source constraints. Recent developments in software defined networking shed new light on how to control and manage an ad hoc wireless network. Given the wide deployment and availability of heterogeneous wireless technologies, the control and management of ad hoc wireless networks with the new software defined networking paradigm is offered more flexibility and opportunities to deal with trust and security issues and to enable new features and services. This dissertation focuses on the SDN MANET architecture design issues for provid- ing secure collaborative operation. Specifically, (I) We have proposed four design options for software defined secure collaborative ad hoc wireless network architecture. The de- sign options are organized into (a) centralized SDN controller architecture with controller replication and (b) distributed SDN controller architecture. While these proposed architec- ture options exhibit different characteristics, many common challenges are shared amongst these options. Challenges include fault-tolerance, scalability, efficiency, and security. The unstructured nature of ad hoc wireless networks exacerbates these challenges. We have studied the pros and cons of these different design options and their applicability in differ- ent practical scenarios via simulations. (II) Establishing the initial trust among participating devices in an SDN based wireless mobile ad hoc network will serve as a basis for enabling ensuing secure communication of the network. We proposed and studied trusted virtual certificate authorities (VCAs) based local infrastructure for supporting device mutual au- thentication to support secure communications/operations in SDN based MANETs, and therefore, relieving the MANETs of the need to rely on an external public key infrastruc- ture (PKI). We examined the ways in which this VCA based infrastructure can be integrated with the four SDN based MANET architecture design options. (III) Finally, we provided theoretically analysis of designing and incorporating an IDS/IPS system in an SDN based MANET.

Committee:

Bin Wang, Ph.D. (Advisor); Yong Pei, Ph.D. (Committee Member); Krishnaprasad Thirunarayan, Ph.D. (Committee Member); Zhiqiang Wu, Ph.D. (Committee Member)

Subjects:

Computer Engineering; Computer Science

Keywords:

MANET; Security Challenges; Trust Management Challenges; SDN; OpenFlow; SDN Security Issues and Mechanisms; Trust Management; Virtual Certificate Authority for SDNMANET; Intrusion Detection and Prevention for SDNMANET; SDNMANET Architecture

Yellapragada, RamaniProbabilistic Model for Detecting Network Traffic Anomalies
Master of Science (MS), Ohio University, 2004, Computer Science (Engineering)

Anomaly-based intrusion detection is a research area in Computer Security, wherein computer and network attacks are differentiated from normal computer interactions. Anomaly-based intrusion detection systems detect attacks by analyzing either computer or network data and flagging abnormalities as intrusions. The abnormalities are detected by analyzing certain parameters that are present in the data. Our approach analyzes certain network parameters, which characterize either a connection or a network service on a monitored host or a network service on a monitored network. This categorization of parameters helps detect varied classes of attacks including denial-of-service, port scan and buffer overflow attacks.

Anomaly-based systems use various analysis techniques to detect parameter anomalies. A new approach based on Bayesian Networks technique for analyzing and detecting anomalies is presented here. The advantage of Bayesian Networks lies in their ability to adaptively learn normal values of parameters without much training, which makes it suitable for real-time analysis. Bayesian Network can be used to combine current evidence and previous knowledge to obtain the probability of anomaly. This property helps in detecting previously seen attacks faster, since the previous knowledge provides strong evidence of an attack. The same property helps reduce the number of false positives, since considerable evidence needs to accumulate for the Bayesian Network to report high probability of anomaly.

Committee:

Shawn Ostermann (Advisor)

Subjects:

Computer Science

Keywords:

Network Security; Intrusion Detection; Anomaly Detection

Truhan, Nathan D.Intrusion Detection for 0-Day Vulnerabilities
MS, Kent State University, 2011, College of Arts and Sciences / Department of Computer Science
Computer systems have become a crucial part of business in the world. As such, they have become targets by various hackers that exploit vulnerabilities in code which allow them to access information stored on these systems. This thesis will look at a specific type of vulnerability known as the 0-day vulnerability, which are vulnerabilities that have just been released and may or may not have a patch against them, some of which may not be known to the vendors for a patch to be created. Several applications exist to help security analysts find these vulnerabilities. Two categories of these tools are Intrusion Detection Systems which monitor network traffic for anomalous activity and honeypots which are decoy systems designed to attract hackers. This thesis will examine a method for deploying an Intrusion Detection System and honeypot for capturing 0-day vulnerabilities.

Committee:

Dr. Michael Rothstein, PhD (Advisor); Dr. Hassan Peyravi, PhD (Committee Member); Dr. Arden Ruttan, PhD (Committee Member)

Subjects:

Computer Science; Information Systems

Keywords:

IDS; intrusion detection; 0-day; zero-day; vulnerabilities; honeypot

Sawant, AnkushTime-based Approach to Intrusion Detection using Multiple Self-Organizing Maps
Master of Science (MS), Ohio University, 2005, Electrical Engineering & Computer Science (Engineering and Technology)
Anomaly-based intrusion detection systems identify intrusions by monitoring network traffic for abnormal behavior. Integrated Network-Based Ohio University Network Detective Service (INBOUNDS) is an anomaly-based intrusion detection system being developed at Ohio University. The Multiple Self-organizing map based Intrusion Detection System (MSIDS) module for INBOUNDS analyzes the time-based behavior of normal network connections for anomalies, using the Self-Organizing Map (SOM) algorithm. The MSIDS module builds profiles of normal network behavior by characterizing the network traffic with four parameters. A SOM, developed for each time interval, captures the characteristic network behavior for that time interval using the four parameters. This approach achieves better characterization of normal network behavior, leading to better intrusion detection capability. During real-time operation, the four-dimensional vectors, representing the attack connection for the time intervals, are fed into respective trained SOMs. For each input vector in the four-dimensional space, a “winner” neuron is determined. If the distance between the input vector and the winner neuron for any SOM is greater than a certain threshold value, the MSIDS module classifies the network connection as an intrusion. Moreover, detecting the attack in early stages of the connection leads to near real-time response to intrusions.

Committee:

Carl Bruggeman (Advisor)

Keywords:

Network Security; Intrusion Detection; Self-Organizing Maps; Anomaly Detection

Bykova, MarinaStatistical Analysis of Malformed Packets and Their Origins in the Modern Internet
Master of Science (MS), Ohio University, 2002, Computer Science (Engineering)

With the tremendous growth of Internet resources, we observe a rapid increase in the number of network applications and protocol implementations, which are not always thoroughly evaluated and tested. A growing number of network attacks attempt to disrupt legitimate communication or deny access to network resources to legitimate users. Both poor implementations and intentional abuse of network resources “pollute” a network with malformed packets and can become a threat to sound communication. In this work, we collect and analyze all of the IP and TCP headers of packets seen on a network that either violate existing standards or should not appear in modern internets. Our goal is to determine the reason that these packets appear on the network and evaluate what proportion of such packets could cause actual damage. Thus, we examine and divide the unusual packets obtained during our experiments into several categories based on their possible cause, which ranges from errors in network implementations to carefully constructed attack packets, and show the results. The traces analyzed were gathered at two different data sources at Ohio University’the university’s main Internet link connecting it to its ISP and a local network with student dormitory traffic – and provide a massive amount of statistical data.

Committee:

Shawn Ostermann (Advisor)

Subjects:

Computer Science

Keywords:

malformed packets; TCP/IP; traffic analysis; intrusion detection; packet header

Bontupalli, VenkatarameshIntrusion Detection and High-Speed Packet Classification Using Memristor Crossbars
Master of Science (M.S.), University of Dayton, 2015, Electrical Engineering
Intrusion Detection Systems (IDS) are intelligent specialized systems designed to interpret intrusion attempts from incoming network traffic. IDSs aim at minimizing the risk of accessing unauthorized data and potential vulnerabilities in critical systems by examining every packet entering a system. Packet inspection and Pattern matchings are often computationally intensive processes and that are the most power hungry functionalities in network intrusion detection systems. This thesis presents a high throughput, low latency and low power memristor crossbar architecture for packet header and payload matching that could be used for high-speed packet classification and malware detection. The memristor crossbar systems can perform intrusion detection through a brute force approach for static contents/signatures and a state machine approach for regular expressions. A large portion of the work completed in this thesis has been published in [1-2].

Committee:

Tarek Taha, Dr (Advisor); Eric Balster, Dr (Committee Member); Vamsy Chodavarapu, Dr (Committee Member)

Subjects:

Computer Engineering; Electrical Engineering

Keywords:

Intrusion Detection; Memristor Crossbars; High Speed Packet Classification; Low Power; Network Security; SNORT; String Matching; Regular Expression Matching

Ramadas, ManikantanDetecting Anomalous Network Traffic With Self-Organizing Maps
Master of Science (MS), Ohio University, 2003, Electrical Engineering & Computer Science (Engineering and Technology)
Intrusion detection systems are aimed at distinguishing malicious network attacks from genuine network traffic. Integrated Network-Based Ohio University Network Detective Service (INBOUNDS), is a network based intrusion detection system being developed at Ohio University. The Anomalous Network-traffic Detection with Self Organizing Maps (ANDSOM) module for INBOUNDS detects anomalous network traffic based on the Self-Organizing Map algorithm. Each network connection, characterized by six parameters, represents a vector in six-dimensional space. The ANDSOM module creates a two-dimensional lattice of neurons for each class of network traffic, with each neuron in the lattice specifying a six-dimensional vector. During the training phase, six-dimensional vectors of genuine network traffic are input into the ANDSOM module. The neurons in the lattice are trained to capture the characteristic patterns of genuine network traffic. During real-time operation, each network connection represented by a six-dimensional vector is input into the lattice, and a “winner” is selected by finding the neuron that is closest in distance in six-dimensional space. The network connection is then classified as an intrusion if this distance in six-dimensional space is more than a pre-set threshold.

Committee:

Shawn Ostermann (Advisor)

Subjects:

Computer Science

Keywords:

Intrusion Detection; Self-Organizing Maps

Lydon, AndrewCompilation For Intrusion Detection Systems
Master of Science (MS), Ohio University, 2004, Computer Science (Engineering)
Within computer security, intrusion detection systems (IDSs) are the subject of extensive and varying research. Distributed IDSs have additional research problems. This thesis contributes a way of using compilation of a multi-layered language to simultaneously solve multiple issues confronting distributed IDSs. The target of the compilation is the configuration of existing IDSs with run time support. The language for compilation has two layers: a lower layer for signature and other computationally limited matching including anomaly based matching and a higher layer for general computations. This compiler is implemented and shown to be sufficient to produce arbitrary IDSs using existing IDSs for input rather than custom system software. Graceful degradation and reasonable performance during denial of service attacks have been added on top of existing IDSs using this framework.

Committee:

Carl Bruggeman (Advisor)

Subjects:

Computer Science

Keywords:

Security; Intrusion Detection; Computer Security; Distributed; Real-Time; Complier

Gu, BoxuanContext-Aware Malicious Code Detection
Doctor of Philosophy, The Ohio State University, 2012, Computer Science and Engineering
Malicious codes are one of the biggest threats on the Internet according to the US-CERT vulnerability database. One salient example is Conficker, a malicious code targeting MS Windows that was released in 2009. Before it was discovered, millions of computers on the Internet were infected. Many approaches to malicious code detection have been proposed. However, such approaches have a key weakness: they do not leverage context information from target systems and input data in order to perform detection. Malicious codes can fully utilize context information for attack purposes, thereby evading detection. To address this issue, we propose a methodology that leverages such context information for malicious code detection. Based on this methodology, we design and implement three detection systems for malicious code detection on servers, Web browsers, and smartphones. Our first system takes ``snapshots'' of a target process's virtual memory space and leverages these snapshots to reveal malicious codes' true behaviors when consuming input data. Based on the first system, we construct the second system, which leverages Web browsers' JavaScript code execution environment to detect malicious JavaScript codes that exploit browsers' memory errors. Our third system uses an information flow tracking mechanism to detect malicious codes that steal sensitive information stored in smartphones. We comprehensively evaluate these detection systems with many real-world malicious codes. Our experimental results indicate that the context information can be used to greatly improve detection effectiveness with reasonable overhead.

Committee:

Dong Xuan (Advisor); Ten H. Lai (Committee Member); Feng Qin (Committee Member)

Subjects:

Computer Science

Keywords:

intrusion detection; malicious code detection;web security; javascript security; smartphone security; android security; information flow tracking; information leaking; worm detection; shellcode; shellcode detection;

Sheets, DavidData Fusion Process Refinement in intrusion Detection Alert Correlation Systems
Master of Science, University of Akron, 2008, Computer Science
Computer systems are getting larger in size, contain a greater variety and volume of data, and communicate personal and confidential information, making security critical as well as making them appealing targets for malicious activities. The need to keep these systems secure has been approached from several different aspects, one of which is the employment of intrusion detection systems. An evolution of the intrusion detection system occurs in alert correlation systems, which take raw alerts from numerous sensors within a network and generate broader situational awareness by combining the individual findings of each sensor into a bigger picture state of the system. This study looks at improving the ability of an existing alert correlation system to pull all the relevant pieces of an intrusion into that picture in order to further reduce the output, enabling quicker analysis by a system administrator. Through experimentation and analysis, the benefits of utilizing the look-ahead system have demonstrated an ability to decrease the total number of alerts in the system, thereby reducing the work-load of system administrators by increasing the ability of the system to reduce the overall number of alerts the administrator must analyze.

Committee:

Dang Xuan-Hien Thi (Advisor)

Subjects:

Computer Science

Keywords:

Intrusion Detection; Alert Correlation; Data Fusion

Khasgiwala, JiteshAnalysis of Time-Based Approach for Detecting Anomalous Network Traffic
Master of Science (MS), Ohio University, 2005, Computer Science (Engineering)

The Multiple Self-Organizing map based Intrusion Detection System (MSIDS) is a recent approach for an anomaly-based IDS developed under the Integrated Network-Based Ohio University Network Detective Service (INBOUNDS). It enhanced the previous approach by introducing the time-based behavior of normal network connections. It analyzed the time-based behavior using a pattern and demonstrated the better characterization of network behavior. This thesis provides a detail analysis of this work by investigating various options for time-based approach. The analysis of a heuristic approach for automatic generation of patterns, and generation of two specific patterns is performed. The detailed false positive analysis for these patterns and MSIDS pattern is then accomplished using four training data sets. A methodology is devised for tuning the pattern generation algorithm that eliminates the false positives for the training data sets. The inherent false positive rate resulted from the threshold adopted from previous work is reduced by finding the new threshold value.

Committee:

Shawn Ostermann (Advisor)

Keywords:

Intrusion Detection System; Analysis, Time Based Approach; False Positive Analysis; Anomalous Network Traffic; Specific Patterns for Time-Based Behavior; Eliminative False Positives

Raju, MadhanmohanGroup based fault-tolerant physical intrusion detection system using fuzzy based distributed RSSI processing
MS, University of Cincinnati, 2013, Engineering and Applied Science: Computer Science
We propose a group based real-time fault-tolerant physical intrusion detection system in an indoor scenario using Received Signal Strength Indicator (RSSI), to enhance security in wireless sensor networks considering its importance. Since there are a lot of techniques available to solve this problem in an outdoor scenario, we focus our research for the indoor environment. We provide a unique and novel approach, by applying a set of Fuzzy Logic (FL) rules on our distributed protocol before merging the beliefs of the fuzzy membership classes using Transferable Belief Model (TBM). Even though other techniques that have been designed earlier provide a solution to this problem, almost all of the techniques depend on incorporating additional sensor hardware. In some cases, sensor technology is even combined with other technologies such as cameras, motion sensors, video camera, etc. This makes the solutions complex, expensive, and difficult to deploy. However, there are published works that address this problem by measuring the drop in the RSSI. At the same time, many of the published works show that RSSI is an unreliable and unstable metric. Hence, we carry out an exhaustive experimentation to identify the behavior of RSSI both indoors and outdoors. The unstable characteristic of RSSI is clearly evident from these results. But, we embrace the unreliability of RSSI by using an additional metric, Link Quality Indicator (LQI) as a filter to localize the node in a network. Our approach helps in obtaining a tighter bound on the number of possible distances that any given two nodes are away from or to one another. Again, through experimental results, we observe a drastic reduction in the number of possible distances and show how RSSI and LQI can be used in combination for node localization. While, this reduced the number of possible distances, there were still numerous distances. Therefore, we propose a distributed protocol which employed Fuzzy Logic (FL) and Transferable Belief Model (TBM). FL aided in translating the distances in linguistic terms and in calculating the beliefs of each of the membership classes. On the other hand, TBM enabled us to merge these beliefs to arrive at an improved decision. This combination helped us to handle uncertainty with ease. Finally, we carry out a similar approach to the physical intrusion detection problem. So, we model a real-time fault-tolerant intrusion detection system. Our system solution relies only on RSSI and in a distributed manner. We do not depend on any special hardware. In fact, we try to remove the requirement of all but bare minimum hardware. The combination of FL and TBM provided immense advantages. Thus, we propose a readily applicable solution for physical intrusion detection in wireless sensor networks.

Committee:

Dharma Agrawal, D.Sc. (Committee Chair); Prabir Bhattacharya, Ph.D. (Committee Member); Anca Ralescu, Ph.D. (Committee Member)

Subjects:

Computer Science

Keywords:

RSSI;LQI;Transferable Belief Model;Fuzzy Logic;Security in wireless sensor networks;Physical intrusion Detection

Kim, Dae WookData-Driven Network-Centric Threat Assessment
Doctor of Philosophy (PhD), Wright State University, 2017, Computer Science and Engineering PhD
As the Internet has grown increasingly popular as a communication and information sharing platform, it has given rise to two major types of Internet security threats related to two primary entities: end-users and network services. First, information leakages from networks can reveal sensitive information about end-users. Second, end-users systems can be compromised through attacks on network services, such as scanning-and-exploit attacks, spamming, drive-by downloads, and fake anti-virus software. Designing threat assessments to detect these threats is, therefore, of great importance, and a number of the detection systems have been proposed. However, these existing threat assessment systems face significant challenges in terms of i) behavioral diversity, ii) data heterogeneity, and iii) large data volume. To address the challenges of the two major threat types, this dissertation offers three unique contributions. First, we built a new system to identify network users via Domain Name System (DNS) traffic, which is one of the most important behavior-based tracking methods for addressing privacy threats. The goal of our system is to boost the effectiveness of existing user identification systems by designing effective fingerprint patterns based on semantically limited DNS queries that are missed by existing tracking efforts. Second, we built a novel system to detect fake anti-virus (AV) attacks, which represent an active trend in the distribution of Internet-based malware. Our system aims to boost the effectiveness of existing fake AV attack detection by detecting fake AV attacks in three challenging scenarios: i) fake AV webpages that require user interaction to install malware, instead of using malicious content to run automatic exploitation without users consent (e.g., shellcode); ii) fake AV webpages designed to impersonate real webpages using a few representative elements, such as the names and icons of anti-virus products from authentic anti-virus webpages; and iii) fake AV webpages that offer up-to-date solutions (e.g.,product versions and threat names) to emerging threats. Finally, we built a novel system to detect malicious online social network (OSN) accounts that participate in online promotion events. The goal of our work is to boost the effectiveness of existing detection methods, such as spammer detection and fraud detection. To achieve our goal, our framework that systematically integrates features that characterize malicious OSN accounts based on three of their characteristics: their general behaviors, their recharging patterns, and their currency usage, and then leverages statistical classifier for detection.

Committee:

Junjie Zhang, Ph.D. (Advisor); Adam Robert Bryant, Ph.D. (Committee Member); Bin Wang, Ph.D. (Committee Member); Xuetao Wei, Ph.D. (Committee Member)

Subjects:

Computer Science

Keywords:

network security; fake anti-virus software; intrusion detection; web document analysis; statistical classification; Domain Name System; behavioral fingerprints; privacy; online social networks; virtual currency; malicious accounts

DENG, HONGMEIAN INTEGRATED SECURITY SCHEME WITH RESOURCE-AWARENESS FOR WIRELESS AD HOC NETWORKS
PhD, University of Cincinnati, 2004, Engineering : Electrical Engineering
Wireless ad hoc networks have emerged as a new information-transmission paradigm based on collaborative efforts of multiple self-organized mobile nodes. Without the support from any fixed infrastructure, this type of network provides an extremely flexible method for establishing communications in situations where geographical or terrestrial constraints demand totally distributed network system. While the inherent characteristics of an ad hoc network make it useful for many applications, they also bring in a lot of research challenges. One of the important issues is the security, since conventional security approaches adopted for traditional networks are not directly applicable to ad hoc networks. Secure ad hoc network is critical to the development of any real application of wireless ad hoc networks. In this dissertation, we attempt to develop an integrated and distributed security scheme with resource-awareness to enhance the security of ad hoc networks. Our scheme can be logically divided into two parts. An efficient intrusion prevention mechanism is developed to prevent the various attacks from external intruders, and an intrusion detection mechanism is used to provide a second line of defense for the misbehaviors of internal intruders. In the intrusion prevention mechanism, the identity-based cryptography, bivariate polynomial-based pairwise key and one way hash chain techniques are used to provide various security goals, such as availability, integrity, confidentiality, authentication and non-repudiation. Considering the self-organizing property of ad hoc networks, the intrusion detection is implemented in a distributed fashion, in which the behavior of each node is monitored and analyzed using a cooperative functions involved in the network. The intrusion detection scheme can detect both the internal and external attacks, but it pays more attention on the attacks that cannot handled by the intrusion prevention approach, and the result of intrusion detection would further guide and help the intrusion preventon mechanism to efficiently isolate the malicious nodes.The proposed security scheme can be incorporated into the existing routing protocols to enhance the overall security, at the same time keep a minimal overhead to the routing protocols.

Committee:

Dr. Dharma Agrawal (Advisor)

Keywords:

wireless Ad Hoc Network; Network Security; Intrusion Detection