ECE Home
About ECE
Why Study Electrical & Computer Engineering at NJIT?
Our People
Academics
Undergraduate Majors
Research
Learning Beyond the Classroom
Careers in ECE & Industry Partners
News & Events
Info for Students
Contact Us
BS in Computer Engineering (CoE)
CoE Mission Statement
CoE Program Objectives
BS in Electrical Engineering (EE)
EE Mission Statement
EE Program Objectives
Senior Design Projects
Advising
Graduate Degree Programs
Security Information Management with Frame-based Attack Representation and First-order Reasoning
PhD Defense
By: Wei Yan
Advisor: Dr. Edwin Hou
Department of Electrical and Computer Engineering
Time: 10:30 AM, Wednesday, May 4th, 2005
Place: Room 202, ECE Center, New Jersey Institute of Technology (NJIT), Newark NJ. Directions
Abstract
Internet has grown by several orders of magnitude in recent years, which has escalated the importance of computer security. Intrusion Detection System (IDS) is used to protect computer networks. However, the overwhelming flow of log data generated by IDS make it difficult for security administrators to uncover new insights and hidden attack scenarios. Security Information Management (SIM) is a new growing area of interest for intrusion detection. In this dissertation, we explore the semantics of attack behaviors for inspirations and design Frame-based Attack Representation and First-order logic Automatic Reasoning (FAR-FAR) using linguistics and First-order Logic (FOL) based approaches. Techniques based on linguistics can provide efficient solutions to acquire semantic information from alert contexts, while FOL can tackle a wide variety of problems in attack scenario reasoning and querying. In FAR-FAR, the modified case grammar PCTCG is used to convert raw alerts into frame-structured alert streams, and the alert semantic network 2-AASN is used to generate the attack scenarios, which can then informed the security administrator. Based on the alert contexts and attack ontology, Space Vector Model (SVM) is applied to categorize the intrusion stages. Furthermore, a robust Variant Packet Sending- interval Link Padding algorithm (VPSLP) is proposed to prevent links between IDS sensors and FAR-FAR agents from traffic analysis attacks. Recent measurements and studies demonstrated that real network traffic exhibits statistical self-similarity over several time scales. The bursty traffic anomaly detection method, Multi-Time scaling Detection (MTD), is proposed to statistically analyze network traffic's Histogram Feature Vector to detect traffic anomalies.
Committee Members:
Dr. Edwin Hou, Advisor, Associate Professor, NJIT
Dr. Nirwan Ansari, Co-advisor, Professor, NJIT
Dr. Roberto Rojas-cessa, Assistant Professor, NJIT
Dr. Swades K. De, Assistant Professor, NJIT
Dr. Daochuan Hung, Associate Professor, NJIT