VTechWorks staff will be away for the winter holidays starting Tuesday, December 24, 2024, through Wednesday, January 1, 2025, and will not be replying to requests during this time. Thank you for your patience, and happy holidays!
 

Network Anomaly Detection with Incomplete Audit Data

dc.contributor.authorPatcha, Animeshen
dc.contributor.committeechairPark, Jung-Min Jerryen
dc.contributor.committeememberHou, Yiwei Thomasen
dc.contributor.committeememberDaSilva, Luiz A.en
dc.contributor.committeememberShukla, Sandeep K.en
dc.contributor.committeememberNorth, Christopher L.en
dc.contributor.departmentElectrical and Computer Engineeringen
dc.date.accessioned2014-03-14T20:14:07Zen
dc.date.adate2006-10-04en
dc.date.available2014-03-14T20:14:07Zen
dc.date.issued2006-07-06en
dc.date.rdate2009-10-04en
dc.date.sdate2006-07-19en
dc.description.abstractWith the ever increasing deployment and usage of gigabit networks, traditional network anomaly detection based intrusion detection systems have not scaled accordingly. Most, if not all, systems deployed assume the availability of complete and clean data for the purpose of intrusion detection. We contend that this assumption is not valid. Factors like noise in the audit data, mobility of the nodes, and the large amount of data generated by the network make it difficult to build a normal traffic profile of the network for the purpose of anomaly detection. From this perspective, the leitmotif of the research effort described in this dissertation is the design of a novel intrusion detection system that has the capability to detect intrusions with high accuracy even when complete audit data is not available. In this dissertation, we take a holistic approach to anomaly detection to address the threats posed by network based denial-of-service attacks by proposing improvements in every step of the intrusion detection process. At the data collection phase, we have implemented an adaptive sampling scheme that intelligently samples incoming network data to reduce the volume of traffic sampled, while maintaining the intrinsic characteristics of the network traffic. A Bloom filters based fast flow aggregation scheme is employed at the data pre-processing stage to further reduce the response time of the anomaly detection scheme. Lastly, this dissertation also proposes an expectation-maximization algorithm based anomaly detection scheme that uses the sampled audit data to detect intrusions in the incoming network traffic.en
dc.description.degreePh. D.en
dc.identifier.otheretd-07192006-152001en
dc.identifier.sourceurlhttp://scholar.lib.vt.edu/theses/available/etd-07192006-152001/en
dc.identifier.urihttp://hdl.handle.net/10919/28334en
dc.publisherVirginia Techen
dc.relation.haspartanimesh_final_dissertation.pdfen
dc.rightsIn Copyrighten
dc.rights.urihttp://rightsstatements.org/vocab/InC/1.0/en
dc.subjecthigh speed networksen
dc.subjectAnomaly detectionen
dc.subjectweighted samplingen
dc.subjectdenial-of-serviceen
dc.subjectexpectation-maximizationen
dc.titleNetwork Anomaly Detection with Incomplete Audit Dataen
dc.typeDissertationen
thesis.degree.disciplineElectrical and Computer Engineeringen
thesis.degree.grantorVirginia Polytechnic Institute and State Universityen
thesis.degree.leveldoctoralen
thesis.degree.namePh. D.en

Files

Original bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
animesh_final_dissertation.pdf
Size:
627.63 KB
Format:
Adobe Portable Document Format