Title:
A statistical process control approach for network intrusion detection

dc.contributor.advisor Tsui, Kwok-Leung
dc.contributor.advisor Kim, Seong-Hee
dc.contributor.author Park, Yongro en_US
dc.contributor.committeeMember Goldsman, David
dc.contributor.committeeMember Griffin, Paul
dc.contributor.committeeMember Lee, Wenke
dc.contributor.department Industrial and Systems Engineering en_US
dc.date.accessioned 2005-07-28T17:50:56Z
dc.date.available 2005-07-28T17:50:56Z
dc.date.issued 2005-01-13 en_US
dc.description.abstract Intrusion detection systems (IDS) have a vital role in protecting computer networks and information systems. In this thesis we applied an SPC monitoring concept to a certain type of traffic data in order to detect a network intrusion. We developed a general SPC intrusion detection approach and described it and the source and the preparation of data used in this thesis. We extracted sample data sets that represent various situations, calculated event intensities for each situation, and stored these sample data sets in the data repository for use in future research. A regular batch mean chart was used to remove the sample datas inherent 60-second cycles. However, this proved too slow in detecting a signal because the regular batch mean chart only monitored the statistic at the end of the batch. To gain faster results, a modified batch mean (MBM) chart was developed that met this goal. Subsequently, we developed the Modified Batch Mean Shewhart chart, the Modified Batch Mean Cusum chart, and the Modified Batch Mean EWMA chart and analyzed the performances of each one on simulated data. The simulation studies showed that the MBM charts perform especially well with large signals ?the type of signal typically associated with a DOS intrusion. The MBM Charts can be applied two ways: by using actual control limits or by using robust control limits. The actual control limits must be determined by simulation, but the robust control limits require nothing more than the use of the recommended limits. The robust MBM Shewhart chart was developed based on choosing appropriate values based on batch size. The robust MBM Cusum chart and robust MBM EWMA chart were developed on choosing appropriate values of charting parameters. en_US
dc.description.degree Ph.D. en_US
dc.format.extent 691979 bytes
dc.format.mimetype application/pdf
dc.identifier.uri http://hdl.handle.net/1853/6835
dc.language.iso en_US
dc.publisher Georgia Institute of Technology en_US
dc.subject Intrusion detection en_US
dc.subject SPC
dc.subject Control chart
dc.subject.lcsh Computer security en_US
dc.subject.lcsh Internet Security measures en_US
dc.subject.lcsh Computer networks Safety measures en_US
dc.title A statistical process control approach for network intrusion detection en_US
dc.type Text
dc.type.genre Dissertation
dspace.entity.type Publication
local.contributor.advisor Kim, Seong-Hee
local.contributor.corporatename H. Milton Stewart School of Industrial and Systems Engineering
local.contributor.corporatename College of Engineering
relation.isAdvisorOfPublication 7d0731d7-690b-4695-86cd-fbf52c7c8b6f
relation.isOrgUnitOfPublication 29ad75f0-242d-49a7-9b3d-0ac88893323c
relation.isOrgUnitOfPublication 7c022d60-21d5-497c-b552-95e489a06569
Files
Original bundle
Now showing 1 - 1 of 1
Thumbnail Image
Name:
park_yongro_200505_phd.pdf
Size:
675.76 KB
Format:
Adobe Portable Document Format
Description: