Please use this identifier to cite or link to this item: http://hdl.handle.net/10603/90198
Title: Design and Development Consideration for Intrusion Detection and Prevention Systems
Researcher: Beigh Bilal Maqbool
Guide(s): Peer Mushtaq Ahmad
Keywords: Classification
Machine learning
mitigation
University: University of Kashmir
Completed Date: NA
Abstract: newlineThe Concept of networking and storage had been introduced in the world decades before and thus gives us opportunity to share, store and disseminate the information among different people from different destination regardless of the transmission technology used via computer networks. The readily available information brings very comfort to human society, but it also makes the data / information vulnerable to attacks and threats. In order to counter with such issues, some remedy have been implemented to secure the information in networking technology, one field emerges recently known as Intrusion Detection System . The field emerges from the Anderson s paper which was released in 1984. Up to this time, researchers and security professionals were using firewalls and antivirus for securing information, but were not fully secure. For the same intrusion detection system came into existence. While implementing the intrusion detection system, the researcher and security professionals face lot of problems viz selection of appropriate intrusion detection system for an organization, reduction in false alarm rate and increase in detection rate. The thesis has made an attempt to cover the topics mentioned above. The thesis is divided in six chapters, in first chapter, the author tries to throw some light on the introduction of the intrusion detection system with motivation for taking the topic and the challenges faced in the recent intrusion detection system. The chapter also describes the contribution made by the author during the present study. newline Till date the research done in the field of information security and intrusion detection system, no such full-fledged classification was given which takes all the intrusion detection systems into the classification scheme. In this research work, the author has taken all the intrusion detection systems into consideration while classifying the same. The research work presents a new classification scheme which will provide a better view of the intrusion detection systems. The classification scheme helps us in solving the problem of choosing best intrusion detection system . newline The second problem, which came in minds of researchers and security professionals, is about the selection of right most intrusion detection system for some institution or an individual. In this thesis, the author has made an attempt to provide guidelines in terms of framework, which will give guideline to select the best intrusion detection system for an organization from the selected choice. newline The third problem with intrusion detection system is detection rate and false alarm rate. In order to understand the third problem, the author have implemented three most popular open source intrusion detection system (Snort, BRO and Suricata) and same has been compared after obtaining the results for detection rate and false alarm rate, in which Suricata out performs the rest two while as Snort is at second position and BRO at third. After acquiring the knowledge about newlinethe implementation of different intrusion detection system, the author has designed and developed a hybrid model namely One-Stop , which combines the two most classified intrusion detection systems i.e. Anomaly and Mis-use based intrusion detection system. Also the model generate rule for new anomalies and final detection method is done after completion of these two systems. The most advantages of this model are that it frames the new rules for new anomalies very fast and accurate. The model produced very good results with improved detection rate and reduction of false alarm rate. Also the model detects new anomalies. newline The author has also implemented the intrusion detection system using machine learning algorithms. Machine learning algorithm build a model on the basis of training data set and the same model is tested on testing data set. The model learns the pattern from the previous pattern, thus detects the unknown attacks at very ease
Pagination: NA
URI: http://hdl.handle.net/10603/90198
Appears in Departments:Department of Computer Science

Files in This Item:
File Description SizeFormat 
01_title .pdfAttached File284.36 kBAdobe PDFView/Open
02_certificate.pdf150.75 kBAdobe PDFView/Open
03_abstract.pdf149.92 kBAdobe PDFView/Open
04_acknowledgment.pdf148.48 kBAdobe PDFView/Open
05_contents.pdf85.44 kBAdobe PDFView/Open
06_list_of_tables.pdf81.49 kBAdobe PDFView/Open
07_list_of_figures.pdf6.26 kBAdobe PDFView/Open
08_abbreviation.pdf82.32 kBAdobe PDFView/Open
09_chapter1.pdf512.05 kBAdobe PDFView/Open
10_chapter2.pdf1.34 MBAdobe PDFView/Open
11_chapter3.pdf924.27 kBAdobe PDFView/Open
12_chapter4.pdf1.11 MBAdobe PDFView/Open
13_chapter5.pdf1.17 MBAdobe PDFView/Open
14_chapter6.pdf1.14 MBAdobe PDFView/Open
15_conclusion.pdf374.81 kBAdobe PDFView/Open
16_references.pdf552.11 kBAdobe PDFView/Open


Items in Shodhganga are protected by copyright, with all rights reserved, unless otherwise indicated.