Development of a network-based intrusion prevention system using data mining approach

العناوين الأخرى

تطوير نظام منع التطفل المعتمد على الشبكة باستخدام أسلوب تنقيب البيانات

مقدم أطروحة جامعية

al-Sammirai, Nagham Faruq

مشرف أطروحة جامعية

al-Hamami, Ala H.

أعضاء اللجنة

Samawi, Venus W.
Qaqish, Malik

الجامعة

جامعة عمان العربية

الكلية

كلية العلوم الحاسوبية و المعلوماتية

القسم الأكاديمي

قسم علم الحاسوب

دولة الجامعة

الأردن

الدرجة العلمية

ماجستير

تاريخ الدرجة العلمية

2011

الملخص الإنجليزي

Intrusion Prevention systems (IPS) can analyze, detect and prevent intruder attack.

The IPS provides a good service in securing the network which is further the functionality than intrusion-detection systems (IDS), firewalls, antivirus and any security applications by actively responding to attacks and giving great flexibility when dealing with security threats.

The goal of improved NIPS based on both mechanisms is to detect patterns of known intrusions (misuse detection) and to distinguish anomalous network activity of intrusion from normal network traffic (anomaly detection) effectively.

The Data mining methods have been used to enhance NIPS based on anomaly detection.

Using data mining methods lead to develop NIPS as an internal security gateway for defending against attacks and threats from inside and outside the computer network system.

In addition, it will help to detect anomaly activity of suspicious probing inside the network before it launches any network attacks with damaging effects.

The study aims to enhance snort tool, which is NIPS base on both misuse and anomaly detection mechanisms, by using two sub-phases of data mining approaches, named improved K-mean clustering algorithm and PF-growth algorithm.

The reason of a suggesting used these data mining approaches is due to the enormous volume of existing and newly appearing data that require processing such as a snort log file, in addition it can help an analyst to discover new rules from a hidden patterns that snort tool cannot see as obvious rules.

Integration among these two sub-phases helps to discover new rules especially those related to internal network scans, besides unsupervised learning process in K-mean algorithm is used to discover new cluster may represent a new type of attack depending on decisions of analysts.

All that work, helps to enhance and to develop NIPS tool, by involving data mining approaches in investigating anomalies.

Besides achieve objective to be a complete system performs requirements such as detect probe attack inside source of network and prevent it before launch network attack to the target machine with high performance, reduce false alarm, easy building system with low cast, and compatibility with any operating system.

Furthermore, maximize the effectiveness in identifying attacks, thereby helping the users to construct more secure information systems.

التخصصات الرئيسية

الرياضيات

الموضوعات

• حماية البيانات
• الحواسيب
• شبكات الحاسوب
• الإجراءات الأمنية
• التنقيب في البيانات

عدد الصفحات

98

قائمة المحتويات

• APA
• MLA
• AMA

لغة النص

الإنجليزية

نوع البيانات

رسائل جامعية

رقم السجل

BIM-529161