Arşiv ve Dokümantasyon Merkezi
Dijital Arşivi

Detecting intrusions in network traffic using maximum entropy technique

Basit öğe kaydını göster

dc.contributor Graduate Program in Electrical and Electronic Engineering.
dc.contributor.advisor Anarım, Emin.
dc.contributor.advisor Mıhçak, Mehmet Kıvanç.
dc.contributor.author Tuna, Ömer Faruk.
dc.date.accessioned 2023-03-16T10:16:56Z
dc.date.available 2023-03-16T10:16:56Z
dc.date.issued 2007.
dc.identifier.other EE 2007 T86
dc.identifier.uri http://digitalarchive.boun.edu.tr/handle/123456789/12694
dc.description.abstract As interconnections among computer systems grow rapidly, network security is becoming a major challenge. Computer networks have to be protected against denial-ofservice (DoS) attacks, unauthorized disclosure of information and the modification or destruction of data. Besides, the availability, confidentiality and integrity of critical information systems need to be provided. This situation brings the need for Intrusion Detection Systems (IDS) which detects hostile activities or abuse of a network. The objective in this work is to obtain reliable IDS with low false positive rate and high true positive rate. In this thesis, a refined IDS method is proposed. This method detects intrusions in a network by comparing the current network traffic against a baseline distribution of the benign network traffic. Baseline distribution is obtained from the empirical distribution of benign network traffic by using the Maximum Entropy technique. The distributions here are built on classes which are based on packet and destination port number information. This structure of distributions gives us a multi-dimensional view of the network traffic. Intrusions that change the network traffic slowly or abruptly can then be distinguished by computing a measure related to the relative entropy of the distribution of the network traffic under observation with respect to the baseline distribution. The innovation in this thesis is to reduce the number of classes in a distribution by clustering the classes judiciously in order to reduce the possible negative effects of slow network traffic.
dc.format.extent 30cm.
dc.publisher Thesis (M.S.)-Bogazici University. Institute for Graduate Studies in Science and Engineering, 2007.
dc.relation Includes appendices.
dc.relation Includes appendices.
dc.subject.lcsh Computer security.
dc.subject.lcsh Computer networks -- Security measures.
dc.title Detecting intrusions in network traffic using maximum entropy technique
dc.format.pages xiv, 84 leaves;


Bu öğenin dosyaları

Bu öğe aşağıdaki koleksiyon(lar)da görünmektedir.

Basit öğe kaydını göster

Dijital Arşivde Ara


Göz at

Hesabım