ProQuest Document View - A job-centric approach to user-level intrusion detection

ProQuest^® Dissertations & Theses

The world's most comprehensive collection of dissertations and theses. Learn more...

A job-centric approach to user-level intrusion detection

by Chinchani, Ramkumar, Ph.D., STATE UNIVERSITY OF NEW YORK AT BUFFALO, 2005, 176 pages; 3174316

Abstract:

Intrusion detection attempts to detect attacker activity should the preventive measures be inadequate. User-level intrusion detection attempts to deter and curtail an attack even after the system has been compromised. In this dissertation, the problem of user-level intrusion detection is approached in a more holistic manner.

Currently known user-level intrusion detection algorithms rely on establishing statistically that an observed stream of commands belongs to a person other than the profiled user. However, by viewing the command stream merely as text, several useful properties about how a user uses a computer system are lost or incorrectly represented. The first part of the dissertation deals with this shortcoming. A novel higher order representation of a user's profile is proposed, which includes the hierarchical notion of jobs/tasks, followed by the basic units of functionality which a user requires to accomplish these tasks and then the actual commands. Such a representation is a significant departure from known techniques and provides several benefits such as user involvement in the security process, lowered false positive rates and per job profiling. Depending on which site the security system is deployed and what level at that site, a range of IDS components may be exposed to direct attack. Indeed, if the IDS is very effective, then the IDS itself becomes a more lucrative target. This is particularly of concern to a user-level IDS which is implemented in close vicinity to the user. In this dissertation, this specific issue is also addressed, wherein a structural analysis of dependencies reveals the ideal tamper-resistant configuration. Finally, investment in security systems of any kind and where they are planned to be installed requires careful deliberation. The fact that various options cannot be tried and tested on a live network, leaves the security analyst with very little leeway. Threat models provide a very useful and viable alternative in this regard. However, for user-level threats, currently known techniques such as attack graphs and privilege graphs are not appropriate. Instead, a new model is proposed called the key challenge graph , which specifically looks at user-level threat modeling. (Abstract shortened by UMI.)

Advisor:	Upadhyaya, Shambhu
School:	STATE UNIVERSITY OF NEW YORK AT BUFFALO
Source:	DAI-B 66/05, p. 2672, Nov 2005
Source Type:	Ph.D.
Subjects:	Computer science
Publication Number:	3174316

Access the complete dissertation:

» Find an electronic copy at your library.

Use the link below to access a full citation record of this graduate work:

http://gateway.proquest.com/openurl%3furl_ver=Z39.88-2004%26res_dat=xri:pqdiss%26rft_val_fmt=info:ofi/fmt:kev:mtx:dissertation%26rft_dat=xri:pqdiss:3174316

If your library subscribes to the ProQuest Dissertations & Theses (PQDT) database, you may be entitled to a free electronic version of this graduate work. If not, you will have the option to purchase one, and access a 24 page preview for free (if available).

About ProQuest Dissertations & Theses
With over 2.3 million records, the ProQuest Dissertations & Theses (PQDT) database is the most comprehensive collection of dissertations and theses in the world. It is the database of record for graduate research.

The database includes citations of graduate works ranging from the first U.S. dissertation, accepted in 1861, to those accepted as recently as last semester. Of the 2.3 million graduate works included in the database, ProQuest offers more than 1.9 million in full text formats. Of those, over 860,000 are available in PDF format. More than 60,000 dissertations and theses are added to the database each year.

If you have questions, please feel free to visit the ProQuest Web site - http://www.il.proquest.com - or call ProQuest Hotline Customer Support at 1-800-521-3042.