首页> 外文学位 >Integrated detection of active worms using multi-sensor data fusion and collaborative network defense.
【24h】

Integrated detection of active worms using multi-sensor data fusion and collaborative network defense.

机译:使用多传感器数据融合和协作网络防御对活动蠕虫进行集成检测。

获取原文
获取原文并翻译 | 示例

摘要

Fast spreading malicious worms have been known to cause severe havoc on networks they attack. Developing adequate detection and defense mechanisms against such worms with minimal false detection rates and optimized accuracy is therefore of keen interest. Modeling the behavior of fast worm detection and defense techniques to better understand and measure their effectiveness is crucial to developing effective defenses. Detection of slow scanning worms is also known to be particularly difficult due to the stealthy nature of slow worm propagation and their ability to blend with normal traffic patterns. The speed of fast scanning worms and the stealthiness of slow scanning worms pose unique challenges to malicious worm detection and defense.;Typically, techniques optimized for detecting fast scanning worms fail to detect slow scanning worms, and vice versa. While malicious traffic flows of varying scanning rates can occur concurrently in computer networks, the difficulty in detecting slow worms is exacerbated by interference from other traffic flows scanning at faster rates. This thesis formulates the problem of slow worm detection to include detection of faster scanning malicious traffic and filtering of traffic profiles associated with detected fast worms to isolate the malicious slow worms. This insight led to the development of a novel GEP theory-based integrated detection technique for detecting both fast and slow scanning malicious worm activity even when they occur concurrently in a target computer network.;This thesis develops a novel distributed detection and collaborative containment technique which we refer to as the EDANC (Endpoint Detection And Network Containment) technique for defending against fast spreading worms. The EDANC detection and correlation engine is based on the Generalized Evidence Processing (GEP) theory, a decision level multi-sensor data fusion technique. With GEP theory, evidence collected by distributed detectors determines the probability associated with a detection decision under a hypothesis. Several pieces of evidence are combined to arrive at an improved fused decision by minimizing a cummulative decision risk function. The EDANC scheme also employs automated collaborative network-centric containment for worm defense. Further, this thesis develops the Analytical Active Worm Containment (AAWC) model, a novel non-deterministic discrete-time model used to model vulnerable host population protected as a result of the EDANC collaborative defense mechanism in a large scale network. Analysing the AAWC model alongside a known discrete-time worm propagation model, this thesis demonstrates quantitatively the effectiveness of the EDANC technique in defending against large scale fast spreading scanning worm attacks.
机译:众所周知,快速传播的恶意蠕虫会对所攻击的网络造成严重破坏。因此,开发具有最小错误检测率和最佳准确性的针对此类蠕虫的适当检测和防御机制非常令人关注。对快速蠕虫检测和防御技术的行为进行建模以更好地理解和衡量其有效性对于开发有效的防御至关重要。由于慢速蠕虫的隐身特性及其与正常流量模式的融合能力,对慢速扫描蠕虫的检测也特别困难。快速扫描蠕虫的速度和缓慢扫描蠕虫的隐身性对恶意蠕虫的检测和防御提出了独特的挑战。通常,为检测快速扫描蠕虫而优化的技术无法检测到缓慢扫描蠕虫,反之亦然。虽然在计算机网络中可能同时发生扫描速率不同的恶意流量,但其他以较快速率扫描的流量会干扰检测蠕虫的难度。本文提出了慢速蠕虫检测的问题,包括对恶意流量的快速扫描检测和与检测到的快速蠕虫相关的流量配置文件的过滤,以隔离恶意的慢速蠕虫。这种见解导致了基于GEP理论的新型集成检测技术的发展,该技术可以同时检测快速蠕虫和慢速扫描的恶意蠕虫活动,即使它们同时在目标计算机网络中同时发生。;本文开发了一种新颖的分布式检测和协作遏制技术我们将EDANC(端点检测和网络遏制)技术称为防御快速传播蠕虫的技术。 EDANC检测和关联引擎基于通用证据处理(GEP)理论,一种决策级多传感器数据融合技术。利用GEP理论,分布式检测器收集的证据确定了在假设下与检测决策相关的概率。通过最小化累积决策风险函数,将几条证据组合在一起,可以得出改进的融合决策。 EDANC方案还采用了以自动化协作网络为中心的遏制蠕虫防御功能。此外,本论文还开发了主动蠕虫分析(AAWC)模型,该模型是一种新型的不确定性离散时间模型,用于对由于大规模网络中的EDANC协同防御机制而受到保护的脆弱宿主种群进行建模。通过结合AAWC模型和已知的离散时间蠕虫传播模型,本文定量地证明了EDANC技术在防御大规模快速传播的扫描蠕虫攻击方面的有效性。

著录项

  • 作者

    Akujobi, Frank Onyekachi.;

  • 作者单位

    Carleton University (Canada).;

  • 授予单位 Carleton University (Canada).;
  • 学科 Engineering Electronics and Electrical.;Computer Science.
  • 学位 Ph.D.
  • 年度 2010
  • 页码 127 p.
  • 总页数 127
  • 原文格式 PDF
  • 正文语种 eng
  • 中图分类
  • 关键词

  • 入库时间 2022-08-17 11:36:47

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有
  • 客服微信

  • 服务号