Archives and Documentation Center
Digital Archives

Network intrusion detection with payload-based approach

Show simple item record

dc.contributor Graduate Program in Electrical and Electronic Engineering.
dc.contributor.advisor Anarım, Emin.
dc.contributor.advisor Koca, Mutlu
dc.contributor.author Özdel, Süleyman.
dc.date.accessioned 2023-10-15T07:18:16Z
dc.date.available 2023-10-15T07:18:16Z
dc.date.issued 2022
dc.identifier.other EE 2022 O84
dc.identifier.uri http://digitalarchive.boun.edu.tr/handle/123456789/19737
dc.description.abstract Rapidly growing network systems become more vulnerable to threats with the improved sophistication of attack techniques. Various types of network attacks af fect networks in different ways and continue to be a serious threat despite developing intrusion detection mechanisms. Early detection of network intrusions is crucial to taking precautions and reducing the damage to the system. In addition, the ability to distinguish attacker flows from legitimate ones ensures that the network continues to provide service safely to the clients. In this thesis, payload- based features that characterize network flows are proposed to provide early detection of network attacks and to identify attacker flows. Besides the features conventionally used in application classification, features based on greedy algorithm- based metrics that allow comparing defined probability distributions over different sample spaces at various lengths are also used. Moreover, features based on spectral domain analysis of payload sequences are extracted to capture the complicated patterns that are not observed in the original domain. Also, features based on discrete cosine transforms are utilized in the charac terization of these network flows. These features are extracted using N-gram analysis for various N values. In the classification stage, SVM models trained with these fea tures are used. Performance evaluation is given for publicly available IDS 2012 and IDS 2017 datasets that contain different kinds of attack traces. Early detection of network intrusions based on features extracted from the first 3 and 5 packets of a flow achieves high detection rates while detecting network intrusions early.
dc.publisher Thesis (M.S.) - Bogazici University. Institute for Graduate Studies in Science and Engineering, 2022.
dc.subject.lcsh Intrusion detection systems (Computer security)
dc.subject.lcsh Network intrusion detection.
dc.title Network intrusion detection with payload-based approach
dc.format.pages xiii, 118 leaves


Files in this item

This item appears in the following Collection(s)

Show simple item record

Search Digital Archive


Browse

My Account