Thesis-2012-Wang.pdf (2.57 MB)
Advanced attack tree based intrusion detection
thesis
posted on 2012-04-05, 11:56 authored by Jie WangComputer network systems are constantly under attack or have to deal with attack
attempts. The first step in any network’s ability to fight against intrusive attacks
is to be able to detect intrusions when they are occurring. Intrusion Detection
Systems (IDS) are therefore vital in any kind of network, just as antivirus is a
vital part of a computer system. With the increasing computer network intrusion
sophistication and complexity, most of the victim systems are compromised by
sophisticated multi-step attacks. In order to provide advanced intrusion detection
capability against the multi-step attacks, it makes sense to adopt a rigorous and
generalising view to tackling intrusion attacks. One direction towards achieving
this goal is via modelling and consequently, modelling based detection.
An IDS is required that has good quality of detection capability, not only to
be able to detect higher-level attacks and describe the state of ongoing multi-step
attacks, but also to be able to determine the achievement of high-level attack
detection even if any of the modelled low-level attacks are missed by the detector,
because no alert being generated may represent that the corresponding low-level
attack is either not being conducted by the adversary or being conducted by the
adversary but evades the detection.
This thesis presents an attack tree based intrusion detection to detect multistep
attacks. An advanced attack tree modelling technique, Attack Detection Tree,
is proposed to model the multi-step attacks and facilitate intrusion detection. In
addition, the notion of Quality of Detectability is proposed to describe the ongoing
states of both intrusion and intrusion detection. Moreover, a detection uncertainty
assessment mechanism is proposed to apply the measured evidence to deal with
the uncertainty issues during the assessment process to determine the achievement
of high-level attacks even if any modelled low-level incidents may be missing.
History
School
- Mechanical, Electrical and Manufacturing Engineering
Publisher
© Jie WangPublication date
2012Notes
A Doctoral Thesis. Submitted in partial fulfillment of the requirements for the award of Doctor of Philosophy of Loughborough University.EThOS Persistent ID
uk.bl.ethos.587958Language
- en