Archives and Documentation Center
Digital Archives

Detecting denial of service attacks in network traffic with maximum entropy and hypothesis testing techniques

Show simple item record

dc.contributor Graduate Program in Electrical and Electronic Engineering.
dc.contributor.advisor Anarım, Emin.
dc.contributor.advisor Mıhçak, Mehmet Kıvanç.
dc.contributor.author Çakırtaş, Didem.
dc.date.accessioned 2023-03-16T10:17:06Z
dc.date.available 2023-03-16T10:17:06Z
dc.date.issued 2008.
dc.identifier.other EE 2008 C35
dc.identifier.uri http://digitalarchive.boun.edu.tr/handle/123456789/12700
dc.description.abstract With the growth of computer networking and increased dependency of our every day life on the computer based systems, assuring reliable operation of computer systems has become very important. In order to render computer networks more secure, intrusion detection systems aim to recognise attacks. The objective of this work is to improve maximum entropy based intrusion detection methods and bring a formularization to ad hoc rules by using information theory and statistical signal processing. In this work, it is intended to identify denial-of-service attacks by using maximum entropy and hypothesis testing methods. Proposed method consists of two phases: training and detection. In the training part, models are estimated for various attack types and no attack case based on the maximum entropy principle. In the detection part, hypothesis testing technique is employed to decide which of these models most probably satisfies the characteristics of the current network traffic. The method proposed in this thesis can be considered as a hybrid form of anomaly detection and misuse detection methods, since it focuses on not only the characteristics of normal network activity but also the characteristics of the known attacks. According to the experimental results, proposed method is very succesfull in identifying the denial-of-service attacks which have invariable characteristics and cause a dramatic change in network traffic. However, our method is inadequate for detecting denial-of-service attacks, which have variable characteristics and whose evidences are not noticeable from header information.
dc.format.extent 30cm.
dc.publisher Thesis (M.S.)-Bogazici University. Institute for Graduate Studies in Science and Engineering, 2008.
dc.relation Includes appendices.
dc.relation Includes appendices.
dc.subject.lcsh Computer security.
dc.subject.lcsh Computer networks -- Security measures.
dc.title Detecting denial of service attacks in network traffic with maximum entropy and hypothesis testing techniques
dc.format.pages xvi, 105 leaves;


Files in this item

This item appears in the following Collection(s)

Show simple item record

Search Digital Archive


Browse

My Account