Identifier

etd-07022009-001507

Degree

Master of Science in Electrical Engineering (MSEE)

Department

Electrical and Computer Engineering

Document Type

Thesis

Abstract

As the first step to defend against DoS attacks, Network-based Intrusion Detection System is well explored and widely used in both commercial tools and research works. Such IDS framework is built upon features extracted from the network traffic, which are application-level features, and is effective in detecting flooding-based DoS attacks. However, in a sophisticated DoS attack, where an attacker manages to bypass the network-based monitors and launch a DoS attack locally, sniffer-based methods have difficulty in differentiating attacks with normal behaviors, since the malicious connection itself behaves in the same manner of normal connections. In this work, we study a Host-based IDS framework which integrates features from architectural and operating system (OS) levels to improve performance of sophisticated DoS intrusion detection. Network traffic collected from a campus network, and real-world exploits are used to provide a realistic evaluation.

Date

2009

Document Availability at the Time of Submission

Release the entire work immediately for access worldwide.

Committee Chair

Lu Peng

Share

COinS