• CITI
  • Welcome
  • Research Areas
  • Organization
  • Executive Board
  • Advisory Board
  • Contacts
  • Useful Information
• People
  • CITI Members
  • Visitors
• Activities
  • Research Projects
  • Publications
  • Seminars @ CITI
  • External Talks & Seminars
  • Graduation Activities
  • Organization of Events
  • Editorial Committees
  • Prototypes
  • Visits & Missions
  • Activity Reports
• Search & Query
  • Search
  • BibTeX Generator

This dissertation is focused on the design, modeling, implementation and evaluation of an auditing solution based on a Distributed and Hybrid Intrusion Detection Systems (DHIDS). In this system, intrusion-detection (ID) events are generated by multiple and diverse intrusion detection probing devices running in small “on-board” dedicated network intrusion-detection systems (NIDS), host based intrusion-detection software appliances (HIDS), and possible honeypot systems (HS), composing a pervasive and heterogeneous distributed monitoring environment. These probes may be installed in different network segments in an internetworked environment or in a data-center in-frastructure. The auditing system is designed to be a scalable and elastic elastic system. The detect-ed intrusion-events captured by the multiple probes are received, standardized; classi-fied, correlated, and stored, as relevant flows of correlated events. The flows are ex-pressed according to the definition of flow-analysis patterns, expressed as signatures of potential intrusion attacks, by means of a declarative language, and then are searchable as audit trails using flow-analysis metrics. For the proposed approach the thesis will follow a previous approach on collecting streams of distributed events and representation models for the dynamic analysis of information flows, inspired by the previous design of a distributed event-based plat-form. The following results and contributions are expected: - The proposal of the DHIDS system model implemented as a reliable, distribut-ed and elastic intrusion detection platform, supporting multiple and diverse HW/SW ID appliances; - The implementation and evaluation of a system prototype, showing the ad-vantages of the proposed solution in terms of reliability and scalability for a pervasive distributed IDS monitoring environment. - The evaluation of the platform, particularly scoped for the detection of web vulnerability scanning and web-attack injection flows, with the particular em-phasis on cross-site scripting (XSS) and Sql Injection (SQLi).

• Pedro Miguel de Freitas Alves ( DI-FCT-UNL )

• Henrique João Domingos