|Home \ Graduation Activities \ Post-Graduation Page||Login|
Analyzing Audit Trails in a Distributed Intrusion Detection Platform
This dissertation is focused on the design, modeling, implementation and evaluation of an auditing solution based on a Distributed and Hybrid Intrusion Detection Systems (DHIDS). In this system, intrusion-detection (ID) events are generated by multiple and diverse intrusion detection probing devices running in small “on-board” dedicated network intrusion-detection systems (NIDS), host based intrusion-detection software appliances (HIDS), and possible honeypot systems (HS), composing a pervasive and heterogeneous distributed monitoring environment. These probes may be installed in different network segments in an internetworked environment or in a data-center in-frastructure. The auditing system is designed to be a scalable and elastic elastic system. The detect-ed intrusion-events captured by the multiple probes are received, standardized; classi-fied, correlated, and stored, as relevant flows of correlated events. The flows are ex-pressed according to the definition of flow-analysis patterns, expressed as signatures of potential intrusion attacks, by means of a declarative language, and then are searchable as audit trails using flow-analysis metrics. For the proposed approach the thesis will follow a previous approach on collecting streams of distributed events and representation models for the dynamic analysis of information flows, inspired by the previous design of a distributed event-based plat-form. The following results and contributions are expected: - The proposal of the DHIDS system model implemented as a reliable, distribut-ed and elastic intrusion detection platform, supporting multiple and diverse HW/SW ID appliances; - The implementation and evaluation of a system prototype, showing the ad-vantages of the proposed solution in terms of reliability and scalability for a pervasive distributed IDS monitoring environment. - The evaluation of the platform, particularly scoped for the detection of web vulnerability scanning and web-attack injection flows, with the particular em-phasis on cross-site scripting (XSS) and Sql Injection (SQLi).
Start Date: 2014-10-01
End Date: 2015-09-24
Post-Graduation Student / Researcher / Professor: