Computer network intrusion : detection and response | |
| Author | Vu Ngoc Trinh |
| Call Number | AIT Thesis no.CS-06-12 |
| Subject(s) | Computer security Computer networks--Security measures Internet--Security measures |
| Note | A thesis submitted in partial fulfillment of the requirements for the degree of Master of Science, School of Engineering and Technology |
| Publisher | Asian Institute of Technology |
| Series Statement | Thesis ; no. CS-06-12 |
| Abstract | Internet is developing with a very high speed. It brings up many benefits in many life aspects. The number of computer intrusion also increase with great speed. Hackers used various attacking techniques to intrude many important computer systems in the world such as Banks, Military, Government, Business, and Education, etc. to steal sensitive data, to delete important data, to broken the business on internet (denial of service)... There are many Intrusion Detection Systems (IDS) were developed to detect the computer intrusions. The Intrusion Detection Systems (IDS) were classified into two types: Misuse (signature) and Anomaly approaches. However, up to the present, the traditional Intrusion Detection Systems only concentrates on Detection. The Response techniques were not presented. When it detects an attack, it just sends the alerts to file or database, but does not respond automatically and cannot track down the source of the attackers. This study will improve the traditional Intrusion Detection Systems by integrating the Response Techniques into the Response Components of the existing Distributed Intrusion Detection System. The improved Intrusion Detection System will has the characteristics as sniffer the packages on the network, log the packets to the database, detect the attacks and send the alerts to the file or database. The alerts which stored in the file or database can be accessed, analyzed and managed later by administrators. The improved Intrusion Detection System also has the ability to respond actively and automatically to the attacks (attacker) when they arc detected. It can automatically block IP address of the attackers, inform the administrators and automatically track down the attackers. The demo Intrusion Detection System will also be implemented as it runs on Linux operating system. It is installed on the computer and connected to AIT computer network. It listens to the packets moving in and out the AIT networks and detects the attacks. Whenever detecting an attack, it will automatically respond to the attack |
| Year | 2006 |
| Corresponding Series Added Entry | Asian Institute of Technology. Thesis ; no. CS-06-12 |
| Type | Thesis |
| School | School of Engineering and Technology (SET) |
| Department | Department of Information and Communications Technologies (DICT) |
| Academic Program/FoS | Computer Science (CS) |
| Chairperson(s) | Phan Minh Dung; |
| Examination Committee(s) | Janecek, Paul ;Bohez, Erik L J; |
| Scholarship Donor(s) | Petro Vietnam; |
| Degree | Thesis (M.Sc.) - Asian Institute of Technology, 2006 |