Date of Award
Master of Science
Electrical and Computer Engineering
The financial losses caused by computer crimes have increased by more than $100 million every year since 1999. The combination of financial losses and high profile events such as the spread of the Code Red worm has sparked public interest in computer crime. With the increasing public awareness of the need for better computer security, companies are beginning to rely heavily on intrusion detection systems. Currently, security companies focus on the creation of complete, comprehensive intrusion detection products. So far no single product has been able to dominate the intrusion detection market. As a result, computer networks use multiple intrusion detection systems functioning independently of each other. There exists the possibility of better intrusion detection by linking the independent components into a knowledge-sharing system. With cooperative detection methods in mind, an outline for a knowledge-sharing protocol is developed. For this experiment the control is a hybrid intrusion detection system that is unable to share knowledge of previously detected attacks, and whose performance is effectively the sum of its components. The test IDS is the control system modified to take advantage of knowledge sharing. The experiment shows that better results can be achieved through the cooperation of the components of existing intrusion detection systems.
Christopher T Kirk
Kirk, Christopher T., "Intrusion detection through knowledge sharing" (2002). Retrospective Theses and Dissertations. 20125.