Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 11 of 11
Full-Text Articles in Entire DC Network
An Artificial Immune System-Inspired Multiobjective Evolutionary Algorithm With Application To The Detection Of Distributed Computer Network Intrusions, Charles R. Haag
An Artificial Immune System-Inspired Multiobjective Evolutionary Algorithm With Application To The Detection Of Distributed Computer Network Intrusions, Charles R. Haag
Theses and Dissertations
Today's predominantly-employed signature-based intrusion detection systems are reactive in nature and storage-limited. Their operation depends upon catching an instance of an intrusion or virus after a potentially successful attack, performing post-mortem analysis on that instance and encoding it into a signature that is stored in its anomaly database. The time required to perform these tasks provides a window of vulnerability to DoD computer systems. Further, because of the current maximum size of an Internet Protocol-based message, the database would have to be able to maintain 25665535 possible signature combinations. In order to tighten this response cycle within storage constraints, …
Analysis Of Routing Worm Infection Rates On An Ipv4 Network, James Gorsuch
Analysis Of Routing Worm Infection Rates On An Ipv4 Network, James Gorsuch
Theses and Dissertations
Malicious logic, specifically worms, has caused monetary expenditure problems to network users in the past. Worms, like Slammer and Code Red, have infected thousands of systems and brought the Internet to a standstill. This research examines the ability of the original Slammer worm, the Slammer based routing worm proposed by Zou et al, and a new Single Slash Eight (SSE) routing worm proposed by this research to infect vulnerable systems within a given address space. This research investigates the Slammer worm's ability to generate a uniform random IP addresses in a given address space. Finally, a comparison of the speed …
An Interactive Relaxation Approach For Anomaly Detection And Preventive Measures In Computer Networks, Garrick A. Bell
An Interactive Relaxation Approach For Anomaly Detection And Preventive Measures In Computer Networks, Garrick A. Bell
Theses and Dissertations
It is proposed to develop a framework of detecting and analyzing small and widespread changes in specific dynamic characteristics of several nodes. The characteristics are locally measured at each node in a large network of computers and analyzed using a computational paradigm known as the Relaxation technique. The goal is to be able to detect the onset of a worm or virus as it originates, spreads-out, attacks and disables the entire network. Currently, selective disabling of one or more features across an entire subnet, e.g. firewalls, provides limited security and keeps us from designing high performance net-centric systems. The most …
Metamorphism As A Software Protection For Non-Malicious Code, Thomas E. Dube
Metamorphism As A Software Protection For Non-Malicious Code, Thomas E. Dube
Theses and Dissertations
Most organizations are aware that threats from trusted insiders pose a great risk to their organization and are very difficult to protect against. Auditing is recognized as an effective technique to detect malicious insider activities. However, current auditing methods are typically applied with a one-size-fits-all approach and may not be an appropriate mitigation strategy, especially towards insider threats. This research develops a 4-step methodology for designing a customized auditing template for a Microsoft Windows XP operating system. Two tailoring methods are presented which evaluate both by category and by configuration. Also developed are various metrics and weighting factors as a …
National Security Agency (Nsa) Systems And Network Attack Center (Snac) Security Guides Versus Known Worms, Matthew W. Sullivan
National Security Agency (Nsa) Systems And Network Attack Center (Snac) Security Guides Versus Known Worms, Matthew W. Sullivan
Theses and Dissertations
Internet worms impact Internet security around the world even though there are many defenses to prevent the damage they inflict. The National Security Agency (NSA) Systems and Network Attack Center (SNAC) publishes in-depth configuration guides to protect networks from intrusion; however, the effectiveness of these guides in preventing the spread of worms hasn't been studied. This thesis establishes how well the NSA SNAC guides protect against various worms and exploits compared to Microsoft patches alone. It also identifies the aspects of the configuration guidance that is most effective in the absence of patches and updates, against network worm and e-mail …
Using Sequence Analysis To Perform Application-Based Anomaly Detection Within An Artificial Immune System Framework, Larissa A. O'Brien
Using Sequence Analysis To Perform Application-Based Anomaly Detection Within An Artificial Immune System Framework, Larissa A. O'Brien
Theses and Dissertations
The Air Force and other Department of Defense (DoD) computer systems typically rely on traditional signature-based network IDSs to detect various types of attempted or successful attacks. Signature-based methods are limited to detecting known attacks or similar variants; anomaly-based systems, by contrast, alert on behaviors previously unseen. The development of an effective anomaly-detecting, application based IDS would increase the Air Force's ability to ward off attacks that are not detected by signature-based network IDSs, thus strengthening the layered defenses necessary to acquire and maintain safe, secure communication capability. This system follows the Artificial Immune System (AIS) framework, which relies on …
Using An Inductive Learning Algorithm To Improve Antibody Generation In A Single Packet Computer Defense Immune System, Russell J. Aycock
Using An Inductive Learning Algorithm To Improve Antibody Generation In A Single Packet Computer Defense Immune System, Russell J. Aycock
Theses and Dissertations
Coherent optical sources in the mid-infrared region (mid-IR) are important fundamental tools for infrared countermeasures and battlefield remote sensing. Nonlinear optical effects can be applied to convert existing near-IR laser sources to radiate in the mid-IR. This research focused on achieving such a conversion with a quasi-phase matched optical parametric oscillators using orientation-patterned gallium arsenide (OPGaAs), a material that can be quasi-phased matched by periodically reversing the crystal structure during the epitaxial growth process. Although non-linear optical conversion was not ultimately achieved during this research, many valuable lessons were learned from working with this material. This thesis reviews the theory …
Categorizing Network Attacks Using Pattern Classification Algorithms, George E. Noel Iii
Categorizing Network Attacks Using Pattern Classification Algorithms, George E. Noel Iii
Theses and Dissertations
The United States Air Force relies heavily on computer networks for many day-to-day activities. Many of these networks are affected by various types of attacks that can be launched from anywhere on the globe. The rising prominence of organizations such as the AFCERT and the MAJCOM NOSCs is evidence of an increasing realization among the Air Force leadership that protecting our computer networks is vitally important. A critical requirement for protecting our networks is the ability to detect attacks and intrusion attempts. This research is an effort to refine a portion of an AFIT-developed intrusion detection system known as the …
An Analysis Of The Effectiveness Of A Constructive Induction-Based Virus Detection Prototype, Kevin T. Damp
An Analysis Of The Effectiveness Of A Constructive Induction-Based Virus Detection Prototype, Kevin T. Damp
Theses and Dissertations
Computer viruses remain a tangible threat to systems both within the Department of Defense and throughout the greater international data communications infrastructure on which the DoD increasingly depends. This threat is exacerbated continually, as new viruses are introduced at an alarming rate by the growing collection of connected machines and their operators. Unfortunately, current antivirus solutions are ill-equipped to address these issues in the long term. This thesis documents an investigation into the use of constructive induction, a form of machine learning, as a supplemental antivirus technique theoretically capable of detecting previously unknown viruses through generalized decision-making techniques. A group …
A Distributed Agent Architecture For A Computer Virus Immune System, Paul K. Harmer
A Distributed Agent Architecture For A Computer Virus Immune System, Paul K. Harmer
Theses and Dissertations
Information superiority is identified as an Air Force core competency and is recognized as a key enabler for the success of future missions. Information protection and information assurance are vital components required for achieving superiority in the Infosphere, but these goals are threatened by the exponential birth rate of new computer viruses. The increased global interconnectivity that is empowering advanced information systems is also increasing the spread of malicious code and current anti-virus solutions are quickly becoming overwhelmed by the burden of capturing and classifying new viral stains. To overcome this problem, a distributed computer virus immune system (CVIS) based …
A Constructive Induction Approach To Computer Immunology, Kelley J. Cardinale, Hugh M. O'Donnell
A Constructive Induction Approach To Computer Immunology, Kelley J. Cardinale, Hugh M. O'Donnell
Theses and Dissertations
With the increasing birth rate of new viruses and the rise in interconnectivity and interoperability among computers, the burden of detecting and destroying computer viruses is severe. This research integrated four domains: computer virus detection, human immunology, computer immunology and an automated form of machine learning called constructive induction. First, a Computer Health System, based on the public health system, was defined to improve the 'global' approach to computer virus protection. Second, a computer immune model, based on the human immune system, was defined to improve the 'local' approach to virus detection. Third, the detection component of this computer immune …