A new approach for the scalable intrusion detection in high-speed networks

Download
2007
Şahin, Ümit Burak
As the networks become faster and faster, the emerging requirement is to improve the performance of the Intrusion Detection and Prevention Systems (IDPS) to keep up with the increased network throughput. In high speed networks, it is very difficult for the IDPS to process all the packets. Since the throughput of IDPS is not improved as fast as the throughput of the switches and routers, it is necessary to develop new detection techniques other than traditional techniques. In this thesis we propose a rule-based IDPS technique to detect Layer 2-4 attacks by just examining the flow data without inspecting packet payload. Our approach is designed to work as an additional component to existing IDPS as we acknowledge that the attacks at Layer 5 and above require payload inspection. The rule set is constructed and tested on a real network to evaluate the performance of the system.

Suggestions

Software implementations of QoS scheduling algorithms for high speed networks /
Pehlivanlı, Aydın; Schmidt, Şenan Ece; Department of Electrical and Electronics Engineering (2015)
The end to end Quality of Service (QoS) support for the dominating multimedia traffic in the contemporary computer networks is achieved by implementing schedulers in the routers and deploying traffic shapers. To this end, realistic modeling and simulation of these components is essential for network performance evaluation. The first contribution of this thesis is the design and implementation of a C++ simulator QueST (Quality of Service simulaTor) for this task. QueST is a modular cycle accurate simulator w...
Performance analysis of a power aware routing protocol for ad hoc networks
Yazıcı, Mehmet Akif; Bilgen, Semih; Department of Electrical and Electronics Engineering (2006)
In this thesis, performance of the Contribution Reward Routing Protocol with Shapley Value (CAP-SV), a power-aware routing protocol for ad hoc networking is analyzed. Literature study on ad hoc network routing and ower-awareness is given. The overhead induced by the extra packets of the redirection mechanism of CAP-SV is formulized and the factors affecting this overhead are discussed. Then, the power consumption of CAP-SV is analytically analized using a linear power consumption model. It is shown that CAP...
Improving performance of network intrusion detection systems through concurrent mechanisms
Atakan, Mustafa; Şener, Cevat; Department of Computer Engineering (2003)
As the bandwidth of present networks gets larger than the past, the demand of Network Intrusion Detection Systems (NIDS) that function in real time becomes the major requirement for high-speed networks. If these systems are not fast enough to process all network traffic passing, some malicious security violations may take role using this drawback. In order to make that kind of applications schedulable, some concurrency mechanism is introduced to the general flowchart of their algorithm. The principal aim is...
A novel method for the detection of P2P traffic in the network backbone inspired by intrusion detection systems
Soysal, Murat; Schmidt, Şenan Ece; Department of Electrical and Electronics Engineering (2006)
The share of peer-to-peer (P2P) protocol in the total network traffic grows dayby- day in the Turkish Academic Network (UlakNet) similar to the other networks in the world. This growth is mostly because of the popularity of the shared content and the great enhancement in the P2P protocol since it first came out with Napster. The shared files are generally both large and copyrighted. Motivated by the problems of UlakNet with the P2P traffic, we propose a novel method for P2P traffic detection in the network ...
A simple and effective mechanism for stored video streaming with TCP transport and server-side adaptive frame discard
Gurses, E; Akar, Gözde; Akar, N (Elsevier BV, 2005-07-15)
Transmission control protocol (TCP) with its well-established congestion control mechanism is the prevailing transport layer protocol for non-real time data in current Internet Protocol (IP) networks. It would be desirable to transmit any type of multimedia data using TCP in order to take advantage of the extensive operational experience behind TCP in the Internet. However, some features of TCP including retransmissions and variations in throughput and delay, although not catastrophic for non-real time data...
Citation Formats
Ü. B. Şahin, “A new approach for the scalable intrusion detection in high-speed networks,” M.S. - Master of Science, Middle East Technical University, 2007.