Abstract |
Since the Internet's growth, network security plays a vital role in the computer industry.
Attacks are becoming much more sophisticated and this fact lead the computer community
to look for better and advanced anti-measures. Malicious users existed far before the
Internet was created, however the Internet gave intruders a major boost towards their
potential compromisations. Naturally, the Internet provides convenience and comfort to
every users and \bad news" is merely an infelicity. Clearly the Internet is a step forward;
it must be used for the correct reasons and towards the right cause, nevertheless.
As computer technology becomes more elaborate and complex, programme vulnerabil-
ities are more frequent and compromisations e®ortless. A means of attack containment are
the so called \Intrusion detection systems" (IDS).
In this thesis we built a network anomaly IDS, using statistical properties from the
network's tra±c. We were interested in building general purpose, adaptive and data inde-
pendent system with as few parameters as possible. The types of attacks it can detect are
Denial of Service attacks and probing attacks. We used three models for our experiments;
Fisher's Linear Discriminant, Gaussian mixture model and Support vector machines.
In our experiments we found that the most important part of statistical intrusion
detection is the feature selection. Better results can be achieved when both classes are
modeled (attack and normal tra±c). Best results were achieved using Fisher's Linear.
Discriminant method, that is 90% detection rate with 5% false alarm rate.
|