M.S. Thesis Defense - Fred Philip Stanley

Date: 03 Jun, 2009
Time: 3:00 PM
Location: 217 Atanasoff Hall
Topic: Intrusion Detection and Response for System and Network Attacks
Major Professor(s): Johnny S. Wong


Abstract:

This work focuses on Intrusion Detection System (IDS) and Response model for system and network attacks. For decades IDS has evolved tremendously and has become highly sophisticated. However the response to an attack is still manually triggered by an administrator who relies on static mapping to counteract the intrusion. Increased complexity and speed of the attack-spread during recent years have shown that it is highly critical to develop an automatic intrusion response system. Moreover, the manual responses are not flexible and effective in distributed environments without infrastructure. This work presents a cost based response model that is tightly coupled with the multi-source IDS. As we all know any system can be broken down to smaller granules of services and resources. A dependency graph is proposed to describe the relations between services and resources in a system. This dependency graph is also used to propagate the total value of the system down to the service and resource level. The damage cost of the intrusion and the response cost of the responses are evaluated using the dependency graph. Using these metrics a response which brings the most benefit to the system is deployed. We demonstrate the abilities of our model by using buffer overflow attack caused by a computer worm on Optimized Link State Routing protocol (OLSR) on a wireless ad hoc environment. Experimental results show that our model is effective and is highly practical.