Show simple item record

dc.contributor.authorPark, Yongroen_US
dc.date.accessioned2005-07-28T17:50:56Z
dc.date.available2005-07-28T17:50:56Z
dc.date.issued2005-01-13en_US
dc.identifier.urihttp://hdl.handle.net/1853/6835
dc.description.abstractIntrusion detection systems (IDS) have a vital role in protecting computer networks and information systems. In this thesis we applied an SPC monitoring concept to a certain type of traffic data in order to detect a network intrusion. We developed a general SPC intrusion detection approach and described it and the source and the preparation of data used in this thesis. We extracted sample data sets that represent various situations, calculated event intensities for each situation, and stored these sample data sets in the data repository for use in future research. A regular batch mean chart was used to remove the sample datas inherent 60-second cycles. However, this proved too slow in detecting a signal because the regular batch mean chart only monitored the statistic at the end of the batch. To gain faster results, a modified batch mean (MBM) chart was developed that met this goal. Subsequently, we developed the Modified Batch Mean Shewhart chart, the Modified Batch Mean Cusum chart, and the Modified Batch Mean EWMA chart and analyzed the performances of each one on simulated data. The simulation studies showed that the MBM charts perform especially well with large signals ?the type of signal typically associated with a DOS intrusion. The MBM Charts can be applied two ways: by using actual control limits or by using robust control limits. The actual control limits must be determined by simulation, but the robust control limits require nothing more than the use of the recommended limits. The robust MBM Shewhart chart was developed based on choosing appropriate values based on batch size. The robust MBM Cusum chart and robust MBM EWMA chart were developed on choosing appropriate values of charting parameters.en_US
dc.format.extent691979 bytes
dc.format.mimetypeapplication/pdf
dc.language.isoen_US
dc.publisherGeorgia Institute of Technologyen_US
dc.subjectIntrusion detectionen_US
dc.subjectSPC
dc.subjectControl chart
dc.subject.lcshComputer securityen_US
dc.subject.lcshInternet Security measuresen_US
dc.subject.lcshComputer networks Safety measuresen_US
dc.titleA statistical process control approach for network intrusion detectionen_US
dc.typeDissertationen_US
dc.description.degreePh.D.en_US
dc.contributor.departmentIndustrial and Systems Engineeringen_US
dc.description.advisorCommittee Chair: KWOK-LEUNG TSUI; Committee Co-Chair: SEONG-HEE KIM; Committee Member: DAVID M. GOLDSMAN; Committee Member: PAUL M. GRIFFIN; Committee Member: WENKE LEEen_US


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record