Date of Award

2012

Document Type

Thesis

Degree Name

Master of Science (MS)

Department

Computer Engineering

First Advisor

Agrawal, Rajeev Dr.

Abstract

The increase in the security breach of computer systems and computer networks has led to the increase in the number of security tools that seek to protect these assets. Among these tools are intrusion detection and prevention systems (IDPS). IDPS are security systems that are used to detect and prevent security threats to computer systems and computer networks. These systems are configured to detect and respond to security threats automatically, thereby reducing the risk to monitored computers and networks. Intrusion detection and prevention systems use different methodologies such as signature based, anomaly based, stateful protocol analysis, and a hybrid system that combines some or all of the other systems to detect and respond to security threats. Intrusion detection and prevention system comes as an appliance or a software tool. The combinations of the methodologies, delivery mechanisms, and the technical requirements for properly configuring these systems make it difficult to understand and evaluate these systems. This problem is amplified by the lack of publicly available work and current data sets for use in evaluating the effectiveness of intrusion detection and prevention systems. This thesis offers a solution to this problem in three stages. The first stage will offer a clear explanation of the detection methodologies used by the IDPSs and offer a way to compare these methodologies. The second stage will focus on setting up test environments for evaluating both hardware and software based IDPS using publicly available open source tools Tomahawk and Wireshark. The third stage will offer an analysis of the experiments that we conducted using the information presented in the first and second stage and also produce current data sets.

Share

COinS