Host-Level Anomaly-Based Intrusion Detection System using Rankings for Cybersecurity

dc.contributor.advisorPiza-Dávila, Hugo I.
dc.contributor.advisorCervantes-Álvarez, José F.
dc.contributor.authorParres-Peredo, Álvaro
dc.date.accessioned2020-06-15T22:01:24Z
dc.date.available2020-06-15T22:01:24Z
dc.date.issued2020-03
dc.descriptionIn computer systems and computer networks, security is a research area in constant evolution. Ever since Anderson proposed an intrusion detection system, many researchers have led their works towards that area with the aim of detecting both known and unknown attacks with the highest precision. This work starts with a general overview of Intrusion Detection Systems as well as their challenges in computer network security field. Consequently, it presents a review of state-of-the-art research works on anomaly-based intrusion detection systems, which are intended to detect new types of attacks. Anomaly-based intrusion detection systems use profiles to characterize expected behavior of network users. Most of these systems build a single profile that characterizes the entire network traffic. This work proposes a user-level anomaly-based intrusion detection methodology using only the network traffic at the host. The proposed profile is a collection of TopK rankings of reached services by the user. To detect unexpected behaviors, the real-time traffic is organized into TopK rankings and compared to the profile using similarity measures. All the similarity measures are processed by means of a moving-average filter which calculates a predominant behavior. This value is used to determine whether the user is having or not an expected behavior. The experiments demonstrated that the proposed methodology was capable of detecting a particular kind of malware attack for all the users tested.es_MX
dc.identifier.citationParres-Peredo, A. (2020). Host-Level Anomaly-Based Intrusion Detection System using Rankings for Cybersecurity", Tesis de doctora, Doctorado en Ciencias de la Ingeniería. Tlaquepaque, Jalisco: ITESO.es_MX
dc.identifier.urihttps://hdl.handle.net/11117/6251
dc.language.isoenges_MX
dc.publisherITESOes_MX
dc.rights.urihttp://quijote.biblio.iteso.mx/licencias/CC-BY-NC-2.5-MX.pdfes_MX
dc.subjectCybersecurityes_MX
dc.subjectComputer Networkes_MX
dc.subjectIntrusion Detection Systemses_MX
dc.subjectIDSes_MX
dc.subjectAnomalie-Basedes_MX
dc.titleHost-Level Anomaly-Based Intrusion Detection System using Rankings for Cybersecurityes_MX
dc.typeinfo:eu-repo/semantics/doctoralThesises_MX
dc.type.versioninfo:eu-repo/semantics/updatedVersiones_MX

Archivos

Bloque original
Mostrando 1 - 1 de 1
Cargando...
Miniatura
Nombre:
Host-Level Anomaly-Based Intrusion Detection System using Rankings for Cybersecurity.pdf
Tamaño:
2.68 MB
Formato:
Adobe Portable Document Format
Descripción: