Automated intrusion prevention mechanism in enhancing network security / He Xiao Dong
Firewall, intrusion detection systems (IDS), and intrusion prevention system (IPS) are important tools used to secure networks against hackers' attacks. Ironically, these malicious attacks have brought more adverse impacts on the networks than before. At present, many existing IDS AND IPS work...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Published: |
2008
|
| Subjects: | |
| Online Access: | http://studentsrepo.um.edu.my/11772/1/He_Xiao_Dong.pdf http://studentsrepo.um.edu.my/11772/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Universiti Malaya |
| id |
my.um.stud.11772 |
|---|---|
| record_format |
eprints |
| spelling |
my.um.stud.117722020-11-30T19:40:29Z Automated intrusion prevention mechanism in enhancing network security / He Xiao Dong He , Xiao Dong QA75 Electronic computers. Computer science QA76 Computer software Firewall, intrusion detection systems (IDS), and intrusion prevention system (IPS) are important tools used to secure networks against hackers' attacks. Ironically, these malicious attacks have brought more adverse impacts on the networks than before. At present, many existing IDS AND IPS work independently without the exchange of information. Hence, this deficit will lower the capability of these tools to protect increasingly vulnerable networks. In this thesis, an automated intrusion prevention mechanism (AIPM) which comprises the functionalities of IDS, IPS, and network devices is proposed to enhance network security. AIPM is a mechanism that includes automated intrusion prevention function and automated analysis of intrusion messages function. Additionally, the ability of automatically detecting and analyzing network traffic allows AIPM to detect malicious attacks almost in real time. Likewise, the ability of automatically analyzing intrusion messages and network configuration enables AIPM to build a topological view and locate the source of a malicious attack. Results of case studies show that AIPM imposes lower overhead than conventional method, which queries all pre-defined routers to block every interface irrespective of where the attack is launched. On the contrary, AIPM identifies the interface that is nearest to the source of the attack and sends a single query to the associated router to block only that particular interface, only 1 connection per attack is needed. AIPM can block malicious traffic in 2-5 seconds after an attack start because less pre-defined information is needed, the conventional method, on the other hand, needs about 5-10 seconds to finish block processing as more pre-defined information is needed. In summary, AIPM which incorporates the functionalities of IDS AND IPS offers network protection against potential malicious acts without incurring additional overheads as compare to the conventional method. 2008 Thesis NonPeerReviewed application/pdf http://studentsrepo.um.edu.my/11772/1/He_Xiao_Dong.pdf He , Xiao Dong (2008) Automated intrusion prevention mechanism in enhancing network security / He Xiao Dong. Masters thesis, University of Malaya. http://studentsrepo.um.edu.my/11772/ |
| institution |
Universiti Malaya |
| building |
UM Library |
| collection |
Institutional Repository |
| continent |
Asia |
| country |
Malaysia |
| content_provider |
Universiti Malaya |
| content_source |
UM Student Repository |
| url_provider |
http://studentsrepo.um.edu.my/ |
| topic |
QA75 Electronic computers. Computer science QA76 Computer software |
| spellingShingle |
QA75 Electronic computers. Computer science QA76 Computer software He , Xiao Dong Automated intrusion prevention mechanism in enhancing network security / He Xiao Dong |
| description |
Firewall, intrusion detection systems (IDS), and intrusion prevention system (IPS) are important tools used to secure networks against hackers' attacks. Ironically, these malicious attacks have brought more adverse impacts on the networks than before. At present, many existing IDS AND IPS work independently without the exchange of information. Hence, this deficit will lower the capability of these tools to protect increasingly vulnerable networks. In this thesis, an automated intrusion prevention mechanism (AIPM) which comprises the functionalities of IDS, IPS, and network devices is proposed to enhance network security. AIPM is a mechanism that includes automated intrusion prevention function and automated analysis of intrusion messages function. Additionally, the ability of automatically detecting and analyzing network traffic allows AIPM to detect malicious attacks almost in real time. Likewise, the ability of automatically analyzing intrusion messages and network configuration enables AIPM to build a topological view and locate the source of a malicious attack. Results of case studies show that AIPM imposes lower overhead than conventional method, which queries all pre-defined routers to block every interface irrespective of where the attack is launched. On the contrary, AIPM identifies the interface that is nearest to the source of the attack and sends a single query to the associated router to block only that particular interface, only 1 connection per attack is needed. AIPM can block malicious traffic in 2-5 seconds after an attack start because less pre-defined information is needed, the conventional method, on the other hand, needs about 5-10 seconds to finish block processing as more pre-defined information is needed. In summary, AIPM which incorporates the functionalities of IDS AND IPS offers network protection against potential malicious acts without incurring additional overheads as compare to the conventional method.
|
| format |
Thesis |
| author |
He , Xiao Dong |
| author_facet |
He , Xiao Dong |
| author_sort |
He , Xiao Dong |
| title |
Automated intrusion prevention mechanism in enhancing network security / He Xiao Dong |
| title_short |
Automated intrusion prevention mechanism in enhancing network security / He Xiao Dong |
| title_full |
Automated intrusion prevention mechanism in enhancing network security / He Xiao Dong |
| title_fullStr |
Automated intrusion prevention mechanism in enhancing network security / He Xiao Dong |
| title_full_unstemmed |
Automated intrusion prevention mechanism in enhancing network security / He Xiao Dong |
| title_sort |
automated intrusion prevention mechanism in enhancing network security / he xiao dong |
| publishDate |
2008 |
| url |
http://studentsrepo.um.edu.my/11772/1/He_Xiao_Dong.pdf http://studentsrepo.um.edu.my/11772/ |
| _version_ |
1738506526343036928 |