Degree Type

Thesis

Date of Award

2017

Degree Name

Master of Science

Department

Electrical and Computer Engineering

Major

Computer Engineering; Information Assurance

First Advisor

George Amariucai

Second Advisor

Doug Jacobson

Abstract

Intrusion Detection is a broad and complex field in cybersecurity. There are varieties of existing methods with varying degrees of success, which attempt to classify various types of traffic as benign, or attacking. A tool that can do this consistently and reliably, and with minimal overhead is ideal, benefiting with respect to analysis overhead, as well as level of information privilege. This paper attempts to provide such a tool through packet sequence analysis.

Packet sequence, as referred to in this paper, is the order and number of the exchange of packets. Sequential probability ratio test (SPRT) analysis is done on the sequence history of each pair of IP addresses in attempt to determine if the flow can be classified as an attack based solely on this. SPRT is performed for single class, two class, and with more specialized attack classes.

Through manipulation of a large variety of parameters and analysis of results indicated that packet sequence can, under the right circumstances provide an indication of an attack. While this is true most of the attacks seen in the data tested, there is a high level of parameter tuning process involved. While likely not all attacks will be identifiable by this method, for those attacks which do not appear readily and obviously useful, there are several which show promise with different configurations of parameters, and could potentially be useful with a higher degree of tuning.

DOI

https://doi.org/10.31274/etd-180810-4892

Copyright Owner

Chad Bockholt

Language

en

File Format

application/pdf

File Size

118 pages

Share

COinS