Dissertation > Excellent graduate degree dissertation topics show

Research on Statistical Detection Methods for Anomaly Network Intrusion Detection

Author: WangZuo
Tutor: ZhaoErDun
School: Central China Normal University
Course: Computer System Architecture
Keywords: network intrusion detection anomaly detection statistical feature parameter test distance discrimination
CLC: TP393.08
Type: Master's thesis
Year: 2011
Downloads: 25
Quote: 0
Read: Download Dissertation

Abstract


With the popular application in social life, the network intrusion becomes an emergency threat. So it is significant important to detect the network intrusion effectively. The network intrusions are divided into two categories:the detection method based on intrusion features and the anomaly detection. The former is aim to detect the known attack behave and the later is based on the anomaly behaviors of network flows. Both of them are suffered from the high rate of mis-alarm.It is both worthy of paying attention to for the network maintainer whether the network anomaly behave is intrusion or not. This thesis is devoted to detect the network anomaly, not to determinate which attack has happened or even whether it is an attack. The thesis firstly designs a data collection method for the experiment dataset and obtains the statistical parameter features under the normal condition and the intrusion condition. The parameter test method and distance distinguish method are employed to detect he abnormal behave. The experiment results are given based on the famous experiment dataset. The main researches include the following aspects:(1) The network intrusion experiment dataset from Lincoln lab is introduced which is famous and widely used in network intrusion detection system. The famous IDS system snort is analysized and a data collection algorithm is designed based on snort. The network intrusion theorem and the statistical features of these intrusion behave are also discussed.(2) Through the analysis of network intrusion features, the statistical parameters for intrusion behaves are obtained, such as IP flow, ICMP flow, port visited number and so on. The statistical features for normal network flow and abnormal flow are obtained by collecting and analysis of the dataset with the data collection system. With the comparison for the statistical features between that from normal flow and abnormal flow, it is proved that the statistical features selected can indeed reflect the intrusion.(3) The network abnormal behave detection method based on parameter test is presented. The experience distribution for normal network flow is given. When the sample data is distributed beyond the normal range of the experience distribution, it can be deduced to be a abnormal behave. A distance discrimination detection method is presented which can consider several statistical features at the same time. The sample means and covariance matrix under the normal network environment are statistically calculated. The distinguishing between the normal or abnormal behave are based on the distance between test sample with the sample mean vector..

Related Dissertations

  1. Research of Anomaly Detection Algorithms of Hyperspectral Imagery Based on Kernel Method,TP751
  2. Improving of Artificial Imune Classification and Anomaly Detection Algorithms,R392.1
  3. An Algorithm on Clustering and Anomaly Detection for Multiple Data Streams,TP311.13
  4. Research on Facial Recognition of China Ethnic Minorities,TP391.41
  5. Research on Network Anomaly Detection Based on Projection Pursuit Regression,TP393.08
  6. Hyperspectral Anomaly Target Detection,TP391.41
  7. Based on non- parametric statistical characteristic quantities Gaussian kernel network traffic anomaly detection method,TP393.07
  8. A Research of RFID Supply Chain Data Anomaly Detection in EPC Network,TP391.44
  9. Petri net -based network intrusion detection system Research and Implementation,TP393.08
  10. Based on odor analysis equipment malfunction detection method,TB17
  11. Short-term Urban Traffic Forecasting Based on Multi-kernel SVM Model,U491.14
  12. Web optimization methods for monitoring of sensitive information,TP393.08
  13. Database security audit system based on association rules,TP311.13
  14. Research on NetFlow Data Processing and Abnormity Detecting,TP393.08
  15. Design and Implementation of the campus network intrusion detection system,TP393.18
  16. Research and Application of Burst Abnormality Detection Based on Network Traffic,TP393.06
  17. The Research on Intrusion Detection Model on Wavelet Neural Networks,TP393.08
  18. Network Anomaly Detection and Analysis Base on Sliding Window Wavelet Binary Tree,TP393.08
  19. Physical access control system design and implementation of support for abnormal behavior detection,TP393.08
  20. Research of Anomaly Detection Algorithms of Hyperspectral Imagery Based on Source Data Optimized,TP751.1
  21. Research on Visualization Techniques of Network Security Situation Based on SNMP,TP393.08

CLC: > Industrial Technology > Automation technology,computer technology > Computing technology,computer technology > Computer applications > Computer network > General issues > Computer Network Security
© 2012 www.DissertationTopic.Net  Mobile