Loughborough University
Leicestershire, UK
LE11 3TU
+44 (0)1509 263171
Loughborough University

Loughborough University Institutional Repository

Please use this identifier to cite or link to this item: https://dspace.lboro.ac.uk/2134/9631

Title: Advanced attack tree based intrusion detection
Authors: Wang, Jie
Issue Date: 2012
Publisher: © Jie Wang
Abstract: Computer network systems are constantly under attack or have to deal with attack attempts. The first step in any network’s ability to fight against intrusive attacks is to be able to detect intrusions when they are occurring. Intrusion Detection Systems (IDS) are therefore vital in any kind of network, just as antivirus is a vital part of a computer system. With the increasing computer network intrusion sophistication and complexity, most of the victim systems are compromised by sophisticated multi-step attacks. In order to provide advanced intrusion detection capability against the multi-step attacks, it makes sense to adopt a rigorous and generalising view to tackling intrusion attacks. One direction towards achieving this goal is via modelling and consequently, modelling based detection. An IDS is required that has good quality of detection capability, not only to be able to detect higher-level attacks and describe the state of ongoing multi-step attacks, but also to be able to determine the achievement of high-level attack detection even if any of the modelled low-level attacks are missed by the detector, because no alert being generated may represent that the corresponding low-level attack is either not being conducted by the adversary or being conducted by the adversary but evades the detection. This thesis presents an attack tree based intrusion detection to detect multistep attacks. An advanced attack tree modelling technique, Attack Detection Tree, is proposed to model the multi-step attacks and facilitate intrusion detection. In addition, the notion of Quality of Detectability is proposed to describe the ongoing states of both intrusion and intrusion detection. Moreover, a detection uncertainty assessment mechanism is proposed to apply the measured evidence to deal with the uncertainty issues during the assessment process to determine the achievement of high-level attacks even if any modelled low-level incidents may be missing.
Description: A Doctoral Thesis. Submitted in partial fulfillment of the requirements for the award of Doctor of Philosophy of Loughborough University.
URI: https://dspace.lboro.ac.uk/2134/9631
Appears in Collections:PhD Theses (Electronic, Electrical and Systems Engineering)

Files associated with this item:

File Description SizeFormat
Thesis-2012-Wang.pdf2.63 MBAdobe PDFView/Open
Form-2012-Wang.pdf1.81 MBAdobe PDFView/Open

 

SFX Query

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.