HybrIDS: Embeddable Hybrid Intrusion Detection System
Lauf, Adrian Peter
:
2007-12-18
Abstract
In order to provide preventative security to a homogeneous device network,
techniques in addition to static encryption must be implemented to assure network
integrity by identifying possible deviant nodes within the collective. This thesis proposes
a set of algorithms and techniques for an intrusion detection system, which when
combined, provide a two-stage approach that seeks to reduce or eliminate training period
requirements, while providing multiple anomaly detection and a degree of self tuning. By
utilizing a high level of behavioral abstraction, these intrusion detection techniques can
be applied to a broad range of devices, network implementations, and scenarios. Each
device node is supplied with an embedded intrusion detection system which allows it to
monitor inter-device requests, enabling machine learning techniques for purposes of
deviant node analysis. The two principal methods, a maxima detection scheme, and a
cross-correlative detection scheme, are combined to create a two-phase detection scheme
that can successfully determine deviant node pervasion percentages of up to 22% within
the homogeneous device network.