Faculty of Computer Science and Information Technology >
Masters Dissertations: Computer Science >
Please use this identifier to cite or link to this item:
|Title: ||AUTOMATED INTRUSION PREVENTION MECHANISM IN ENHANCING NETWORK SECURITY|
|Authors: ||Xiao Dong, He|
|Keywords: ||Intrusion detection systems (IDS)|
Intrusion prevention system (IPS)
|Issue Date: ||Mar-2008 |
|Abstract: ||Firewall, intrusion detection systems (IDS), and intrusion prevention system (IPS) are
important tools used to secure networks against hackers' attacks. Ironically, these malicious
attacks have brought more adverse impacts on the networks than before. At present, many
existing IDS AND IPS work independently without the exchange of information. Hence, this
deficit will lower the capability of these tools to protect increasingly vulnerable networks.
In this thesis, an automated intrusion prevention mechanism (AIPM) which comprises the
functionalities of IDS, IPS, and network devices is proposed to enhance network security.
AIPM is a mechanism that includes automated intrusion prevention function and automated
analysis of intrusion messages function. Additionally, the ability of automatically detecting and
analyzing network traffic allows AIPM to detect malicious attacks almost in real time.
Likewise, the ability of automatically analyzing intrusion messages and network configuration
enables AIPM to build a topological view and locate the source of a malicious attack. Results of
case studies show that AIPM imposes lower overhead than conventional method, which queries
all pre-defined routers to block every interface irrespective of where the attack is launched. On
the contrary, AIPM identifies the interface that is nearest to the source of the attack, and sends a
single query to the associated router to block only that particular interface, only 1 connection
per attack is needed. AIPM can block malicious traffic in 2-5 seconds after an attack start
because less pre-defined information is needed, the conventional method, on the other hand,
needs about 5-10 seconds to finish block processing as more pre-defined information is needed.
In summary, AIPM which incorporates the functionalities of IDS AND IPS offers network
protection against potential malicious acts without incurring additional overheads as compare
to the conventional method.|
|Description: ||Master of Computer Science|
|Appears in Collections:||Masters Dissertations: Computer Science|