<fmt:message key='jsp.layout.header-default.alt'/>  

DSpace@UM >
Faculty of Computer Science and Information Technology >
Masters Dissertations: Computer Science >

Please use this identifier to cite or link to this item: http://hdl.handle.net/1812/196

Authors: Xiao Dong, He
Keywords: Intrusion detection systems (IDS)
Intrusion prevention system (IPS)
Issue Date: Mar-2008
Abstract: Firewall, intrusion detection systems (IDS), and intrusion prevention system (IPS) are important tools used to secure networks against hackers' attacks. Ironically, these malicious attacks have brought more adverse impacts on the networks than before. At present, many existing IDS AND IPS work independently without the exchange of information. Hence, this deficit will lower the capability of these tools to protect increasingly vulnerable networks. In this thesis, an automated intrusion prevention mechanism (AIPM) which comprises the functionalities of IDS, IPS, and network devices is proposed to enhance network security. AIPM is a mechanism that includes automated intrusion prevention function and automated analysis of intrusion messages function. Additionally, the ability of automatically detecting and analyzing network traffic allows AIPM to detect malicious attacks almost in real time. Likewise, the ability of automatically analyzing intrusion messages and network configuration enables AIPM to build a topological view and locate the source of a malicious attack. Results of case studies show that AIPM imposes lower overhead than conventional method, which queries all pre-defined routers to block every interface irrespective of where the attack is launched. On the contrary, AIPM identifies the interface that is nearest to the source of the attack, and sends a single query to the associated router to block only that particular interface, only 1 connection per attack is needed. AIPM can block malicious traffic in 2-5 seconds after an attack start because less pre-defined information is needed, the conventional method, on the other hand, needs about 5-10 seconds to finish block processing as more pre-defined information is needed. In summary, AIPM which incorporates the functionalities of IDS AND IPS offers network protection against potential malicious acts without incurring additional overheads as compare to the conventional method.
Description: Master of Computer Science
URI: http://dspace.fsktm.um.edu.my/handle/1812/196
Appears in Collections:Masters Dissertations: Computer Science

Files in This Item:

File Description SizeFormat
He Xiao Dong.pdf759.02 kBAdobe PDFView/Open

This item is protected by original copyright

Your Tags:


  © Copyright 2008 DSpace Faculty of Computer Science and Information Technology, University of Malaya . All Rights Reserved.
DSpace@UM is powered by MIT - Hawlett-Packard. More information and software credits. Feedback