Team for Research in
Ubiquitous Secure Technology

HybrIDS: Embeddable Hybrid Intrusion Detection System
Adrian Lauf

Citation
Adrian Lauf. "HybrIDS: Embeddable Hybrid Intrusion Detection System". Master's thesis, Vanderbilt University, December, 2007.

Abstract
In order to provide preventative security to a homogeneous device network, techniques in addition to static encryption must be implemented to assure network integrity by identifying possible deviant nodes within the collective. This thesis proposes a set of algorithms and techniques for an intrusion detection system, which when combined, provide a two-stage approach that seeks to reduce or eliminate training period requirements, while providing multiple anomaly detection and a degree of self tuning. By utilizing a high level of behavioral abstraction, these intrusion detection techniques can be applied to a broad range of devices, network implementations, and scenarios. Each device node is supplied with an embedded intrusion detection system which allows it to monitor inter-device requests, enabling machine learning techniques for purposes of deviant node analysis. The two principal methods, a maxima detection scheme, and a cross-correlative detection scheme, are combined to create a two-phase detection scheme that can successfully determine deviant node pervasion percentages of up to 22% within the homogeneous device network.

Electronic downloads

Citation formats  
  • HTML
    Adrian Lauf. <a
    href="http://www.truststc.org/pubs/505.html"
    ><i>HybrIDS: Embeddable Hybrid Intrusion Detection
    System</i></a>, Master's thesis,  Vanderbilt
    University, December, 2007.
  • Plain text
    Adrian Lauf. "HybrIDS: Embeddable Hybrid Intrusion
    Detection System". Master's thesis,  Vanderbilt
    University, December, 2007.
  • BibTeX
    @mastersthesis{Lauf07_HybrIDSEmbeddableHybridIntrusionDetectionSystem,
        author = {Adrian Lauf},
        title = {HybrIDS: Embeddable Hybrid Intrusion Detection
                  System},
        school = {Vanderbilt University},
        month = {December},
        year = {2007},
        abstract = {In order to provide preventative security to a
                  homogeneous device network, techniques in addition
                  to static encryption must be implemented to assure
                  network integrity by identifying possible deviant
                  nodes within the collective. This thesis proposes
                  a set of algorithms and techniques for an
                  intrusion detection system, which when combined,
                  provide a two-stage approach that seeks to reduce
                  or eliminate training period requirements, while
                  providing multiple anomaly detection and a degree
                  of self tuning. By utilizing a high level of
                  behavioral abstraction, these intrusion detection
                  techniques can be applied to a broad range of
                  devices, network implementations, and scenarios.
                  Each device node is supplied with an embedded
                  intrusion detection system which allows it to
                  monitor inter-device requests, enabling machine
                  learning techniques for purposes of deviant node
                  analysis. The two principal methods, a maxima
                  detection scheme, and a cross-correlative
                  detection scheme, are combined to create a
                  two-phase detection scheme that can successfully
                  determine deviant node pervasion percentages of up
                  to 22% within the homogeneous device network.},
        URL = {http://www.truststc.org/pubs/505.html}
    }
    

Posted by Adrian Lauf, Ph.D. on 4 Feb 2009.
Groups: trust
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.