Creating Models Of Internet Background Traffic Suitable For Use In Evaluating Network Intrusion Detection Systems

Author

Song Luo, University of Central Florida

Keywords

Network Traffic Modeling, Network Traffic Simulation, Network Intrusion Detection

Abstract

This dissertation addresses Internet background traffic generation and network intrusion detection. It is organized in two parts. Part one introduces a method to model realistic Internet background traffic and demonstrates how the models are used both in a simulation environment and in a lab environment. Part two introduces two different NID (Network Intrusion Detection) techniques and evaluates them using the modeled background traffic. To demonstrate the approach we modeled five major application layer protocols: HTTP, FTP, SSH, SMTP and POP3. The model of each protocol includes an empirical probability distribution plus estimates of application-specific parameters. Due to the complexity of the traffic, hybrid distributions (called mixture distributions) were sometimes required. The traffic models are demonstrated in two environments: NS-2 (a simulator) and HONEST (a lab environment). The simulation results are compared against the original captured data sets. Users of HONEST have the option of adding network attacks to the background. The dissertation also introduces two new template-based techniques for network intrusion detection. One is based on a template of autocorrelations of the investigated traffic, while the other uses a template of correlation integrals. Detection experiments have been performed on real traffic and attacks; the results show that the two techniques can achieve high detection probability and low false alarm in certain instances.

Notes

If this is your thesis or dissertation, and want to learn how to access it or for more information about readership statistics, contact us at STARS@ucf.edu

Graduation Date

2005

Semester

Fall

Advisor

Marin, Gerald

Degree

Doctor of Philosophy (Ph.D.)

College

College of Engineering and Computer Science

Degree Program

Computer Science

Format

application/pdf

Identifier

CFE0000852

URL

http://purl.fcla.edu/fcla/etd/CFE0000852

Language

English

Release Date

January 2006

Length of Campus-only Access

None

Access Status

Doctoral Dissertation (Open Access)

STARS Citation

Luo, Song, "Creating Models Of Internet Background Traffic Suitable For Use In Evaluating Network Intrusion Detection Systems" (2005). Electronic Theses and Dissertations. 589.
https://stars.library.ucf.edu/etd/589