test Browse by Author Names Browse by Titles of Works Browse by Subjects of Works Browse by Issue Dates of Works
       

Advanced Search
Home   
 
Browse   
Communities
& Collections
  
Issue Date   
Author   
Title   
Subject   
 
Sign on to:   
Receive email
updates
  
My Account
authorized users
  
Edit Profile   
 
Help   
About T-Space   

T-Space at The University of Toronto Libraries >
School of Graduate Studies - Theses >
Master >

Please use this identifier to cite or link to this item: http://hdl.handle.net/1807/25574

Title: Enhancing Performance of Vulnerability-based Intrusion Detection Systems
Authors: Farroukh, Amer
Advisor: Jacobsen, Hans-Arno
Department: Electrical and Computer Engineering
Keywords: Security
Intrusion Detection
Matching
MPDU
Vulnerability
Conficker
IDS
Snort
Issue Date: 31-Dec-2010
Abstract: The accuracy of current intrusion detection systems (IDSes) is hindered by the limited capability of regular expressions (REs) to express the exact vulnerability. Recent advances have proposed vulnerability-based IDSes that parse traffic and retrieve protocol semantics to describe the vulnerability. Such a description of attacks is analogous to subscriptions that specify events of interest in event processing systems. However, the matching engine of state-of-the-art IDSes lacks efficient matching algorithms that can process many signatures simultaneously. In this work, we place event processing in the core of the IDS and propose novel algorithms to efficiently parse and match vulnerability signatures. Also, we are among the first to detect complex attacks such as the Conficker worm which requires correlating multiple protocol data units (MPDUs) while maintaining a small memory footprint. Our approach incurs neglibile overhead when processing clean traffic, is resilient to attacks, and is faster than existing systems.
URI: http://hdl.handle.net/1807/25574
Appears in Collections:Master
The Edward S. Rogers Sr. Department of Electrical & Computer Engineering - Master theses

Files in This Item:

File Description SizeFormat
Farroukh_Amer_201011_MASc_thesis.pdf1.88 MBAdobe PDF
View/Open

Items in T-Space are protected by copyright, with all rights reserved, unless otherwise indicated.

uoft