Date of Award

2017

Degree Type

Dissertation

Degree Name

Doctor of Philosophy (PhD)

Department

Computer Science

First Advisor

Lisa DiPippo

Abstract

A large number of systems that rely on the Internet pervasively launched into our daily lives during the last decades. The openness and scalability of the Internet have provided a flexible platform for private customers, professionals, and academics with non-commercial or commercial interests. Therefore, there has been growing interest in network security. Network or computer systems may employ anti-virus, firewall, intrusion prevention system, or intrusion detection system to maintain the safe environment. Among the systems, the intrusion detection system plays a very important role in minimizing the damage caused by different attacks. The system attempts to learn the features of behaviors and events of system and/or users over a period time to build a profile of normal behaviors, then looks for malicious behaviors that deviate from the normal profile. Thus, it is able to detect attacks even when detailed information of the attack does not exist.

A wide variety of techniques were proposed to approach the system including machine learning, data mining, hidden Markov models, and statistical analysis. This research mainly considers the statistical analysis-based method due to the simplicity and effectiveness. However, the method has a few disadvantages. First, the results are not intuitive because it requires the related statistical background. Second, it is difficult to integrate the results of different statistical analyses due to the different ranges. Last, the methods provide only two states; normal or malicious behaviors.

This research proposes a trust management scheme as a solution to these problems. A trust management scheme is able to scale the results of statistical analyses between 0 (unreliable) and 1 (reliable), so the results would not only be intuitive but also be able to integrate the various results into one. Moreover, the trust values can provide more than normal and malicious behaviors, such as a-little-suspicious, suspicious, or highly-suspicious states.

We will show how well the trust management scheme can represent the results of various statistical analyses, how the system can find the appropriate thresholds for classifying the malicious behaviors in this dissertation. The proposed trust management scheme will be applied to two real-world datasets, and we will discuss the experiments results.

Share

COinS