Modeling and Analyzing Intrusion Attempts to a Computer Network Operating in a Defense in Depth Posture

Abstract

In order to ensure the confidentially, integrity, and availability of networked resources operating on the Global Information Grid, the Department of Defense has incorporated a "Defense-in-Depth" posture. This posture includes the use of network security mechanisms and does not rely on a single defense for protection. Firewalls, Intrusion Detection Systems (IDS's), Anti-Virus (AV) software, and routers are such tools used. In recent years, computer security discussion groups have included IDS's as one of their most relevant issues. These systems help identify intruders that exploit vulnerabilities associated with operating systems, application software, and computing hardware. When IDS's are utilized on a host computer or network, there are two primary approaches to detecting and / or preventing attacks. Traditional IDS's, like most AV software, rely on known "signatures" to detect attacks. This thesis will focus on the secondary approach: Anomaly or "behavioral based" IDS's look for abnormal patterns of activity on a network to identify suspicious behavior.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Sep 01, 2004
Accession Number
ADA427180

Entities

People

  • Mark A. Givens

Organizations

  • Naval Postgraduate School

Tags

Communities of Interest

  • Cyber
  • Materials and Manufacturing Processes
  • Space

DTIC Thesaurus Topics

  • Application Protocols
  • Application Software
  • Computer Network Security
  • Computer Networks
  • Computers
  • Cybersecurity
  • Databases
  • Denial Of Service Attack
  • Detectors
  • Electronic Mail
  • Information Science
  • Information Systems
  • Intrusion Detection
  • Intrusion Detectors
  • Network Protocols
  • Operating Systems
  • Web Browsers

Fields of Study

  • Computer science

Readers

  • Cybersecurity.

Technology Areas

  • Cyber