Semantics aware intrusion detection Systems

Abstract

newlineAnomaly detection systems based on various soft computing newlinetechniques like Genetic algorithms Neural networks and Fuzzy logic exist in newlinethe literature However they are not as successful as misuse detection newlinesystems due to various parameters like detection time accuracy newlineimplementation delay etc Hence a Genetic aided fuzzy based anomaly newlinedetection system is proposed in this thesis Such an anomaly detector shows newlinebetter accuracy at a relatively lesser detection time A similar study came in newlinehandy by modeling the detection of attacks by a misuse detection system newlineusing colored petrinets thus experimenting on commercially available misuse newlinedetectors like Snort and Bro When all the above systems were designed and aimed to operate at newlinethe Network layer a need for an intrusion detection system that operates at the newlineapplication layer arises as these network layer detectors do not aim at newlinedetecting protocol specific attacks The need for such a system at the newlineapplication layer is more relevant as they are exposed to maximum newlineabstraction and the state of art solutions are incapable of detecting misuses in newlinethese layers This thesis explores the prospects of having a misuse detection newlinesystem that operates on the application layer protocols like HTTP FTP etc It newlineis well known that all misuse detection systems work on the concept of newlinestoring signatures that represent an attack pattern or misuse which are later newlinematched inline using trivial pattern matching algorithms with the incoming newlinenetwork stream for detection However the forms of attacks that are detected newlineare restricted to those that have a syntactic match with the signatures only in newlinethe network layer newline