CPL - Chalmers Publication Library
| Utbildning | Forskning | Styrkeområden | Om Chalmers | In English In English Ej inloggad.

Intrusion Detection and Protection of Application Servers

Magnus Almgren (Institutionen för data- och informationsteknik, Datorteknik (Chalmers))
Göteborg : Chalmers University of Technology, 2005. - 152 pages s.

The protection of application servers using intrusion detection and other related techniques is studied in this thesis. A thorough review is first made of taxonomies for intrusion detection systems (IDSs) and how these can help to understand the basic functionality and problems of intrusion detection. A lightweight IDS with a number of interesting features has been developed and tested in real-life situations. I have also studied the consequences of letting such a tool be integrated into an application server rather than keeping it separate from the monitored application, as is common in traditional host-based or network-based systems. Integration enables several advantages, such as the ability to monitor encrypted transactions, an Achilles' heel in traditional systems. I also studied a number of extensions and further developments to intrusion detection. I have developed an intrusion tolerant architecture that not only detects intrusions but also provides a means to tolerate them with a graceful degradation of the offered service. The intrusion tolerance is achieved by leveraging methods from the fault-tolerant community. Finally, I suggest a method for facilitating the set-up and training of IDSs based on active learning algorithms. Considerable performance improvements can be achieved in this way, as shown in the experiments done in this work.

Nyckelord: Computer security, intrusion detection, application-based intrusion detection, intrusion tolerance, active learning

Denna post skapades 2006-01-19. Senast ändrad 2015-02-26.
CPL Pubid: 10296