Distributed Deployment of Therminators in the Network

Abstract

The idea of deploying a distributed network intrusion system using Therminator is explored in this thesis. There are many advantages in having a distributed system compared to a standalone network intrusion system. The underlying principle of Therminator is modeling network traffic on conversation exchange models. Using Zippo a new implementation of Therminator the experimental setup consisted of multiple sensors reporting individual findings to a central server for aggregated analysis. Different scenarios of network attacks and intrusions were planned to investigate the effectiveness of the distributed system. The network attacks were taken from the M.I.T Lincoln Lab 1999 Data Sets. The distributed system was subjected to different combinations of network attacks in various parts of the network. The results were then analyzed to understand the behavior of the distributed system in response to the different attacks. In general the distributed system detected all attacks under each scenario. Some surprising observations also indicated attack responses occurring in unanticipated scenarios. These results are subject to further investigation.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Dec 01, 2004
Accession Number
ADA429675

Entities

People

  • Cheng K. Wai

Organizations

  • Naval Postgraduate School

Tags

Communities of Interest

  • Cyber
  • Energy and Power Technologies
  • Materials and Manufacturing Processes

DTIC Thesaurus Topics

  • Application Protocols
  • C Programming Language
  • Computer Programming
  • Computer Science
  • Computers
  • Data Sets
  • Detection
  • Detectors
  • Electronic Mail
  • Graphical User Interface
  • Intrusion
  • Intrusion Detection
  • Intrusion Detection Systems
  • Intrusion Detectors
  • Network Protocols
  • Operating Systems
  • Transport Protocols

Fields of Study

  • Computer science

Readers

  • Computer Networking
  • Cybersecurity.
  • Theoretical Analysis.