Development of a network-based intrusion prevention system using data mining approach
العناوين الأخرى
تطوير نظام منع التطفل المعتمد على الشبكة باستخدام أسلوب تنقيب البيانات
مقدم أطروحة جامعية
مشرف أطروحة جامعية
أعضاء اللجنة
الجامعة
جامعة عمان العربية
الكلية
كلية العلوم الحاسوبية و المعلوماتية
القسم الأكاديمي
قسم علم الحاسوب
دولة الجامعة
الأردن
الدرجة العلمية
ماجستير
تاريخ الدرجة العلمية
2011
الملخص الإنجليزي
Intrusion Prevention systems (IPS) can analyze, detect and prevent intruder attack.
The IPS provides a good service in securing the network which is further the functionality than intrusion-detection systems (IDS), firewalls, antivirus and any security applications by actively responding to attacks and giving great flexibility when dealing with security threats.
The goal of improved NIPS based on both mechanisms is to detect patterns of known intrusions (misuse detection) and to distinguish anomalous network activity of intrusion from normal network traffic (anomaly detection) effectively.
The Data mining methods have been used to enhance NIPS based on anomaly detection.
Using data mining methods lead to develop NIPS as an internal security gateway for defending against attacks and threats from inside and outside the computer network system.
In addition, it will help to detect anomaly activity of suspicious probing inside the network before it launches any network attacks with damaging effects.
The study aims to enhance snort tool, which is NIPS base on both misuse and anomaly detection mechanisms, by using two sub-phases of data mining approaches, named improved K-mean clustering algorithm and PF-growth algorithm.
The reason of a suggesting used these data mining approaches is due to the enormous volume of existing and newly appearing data that require processing such as a snort log file, in addition it can help an analyst to discover new rules from a hidden patterns that snort tool cannot see as obvious rules.
Integration among these two sub-phases helps to discover new rules especially those related to internal network scans, besides unsupervised learning process in K-mean algorithm is used to discover new cluster may represent a new type of attack depending on decisions of analysts.
All that work, helps to enhance and to develop NIPS tool, by involving data mining approaches in investigating anomalies.
Besides achieve objective to be a complete system performs requirements such as detect probe attack inside source of network and prevent it before launch network attack to the target machine with high performance, reduce false alarm, easy building system with low cast, and compatibility with any operating system.
Furthermore, maximize the effectiveness in identifying attacks, thereby helping the users to construct more secure information systems.
التخصصات الرئيسية
الموضوعات
عدد الصفحات
98
قائمة المحتويات
Table of contents.
Abstract.
Abstract in Arabic.
Chapter One : Introduction.
Chapter Two : Overview and previous works.
Chapter Three : Proposed system methodology.
Chapter Four : Implementation of the proposed system and testing.
Chapter Five : Conclusion and future work.
References.
نمط استشهاد جمعية علماء النفس الأمريكية (APA)
al-Sammirai, Nagham Faruq. (2011). Development of a network-based intrusion prevention system using data mining approach. (Master's theses Theses and Dissertations Master). Amman Arab University, Jordan
https://search.emarefa.net/detail/BIM-529161
نمط استشهاد الجمعية الأمريكية للغات الحديثة (MLA)
al-Sammirai, Nagham Faruq. Development of a network-based intrusion prevention system using data mining approach. (Master's theses Theses and Dissertations Master). Amman Arab University. (2011).
https://search.emarefa.net/detail/BIM-529161
نمط استشهاد الجمعية الطبية الأمريكية (AMA)
al-Sammirai, Nagham Faruq. (2011). Development of a network-based intrusion prevention system using data mining approach. (Master's theses Theses and Dissertations Master). Amman Arab University, Jordan
https://search.emarefa.net/detail/BIM-529161
لغة النص
الإنجليزية
نوع البيانات
رسائل جامعية
رقم السجل
BIM-529161
قاعدة معامل التأثير والاستشهادات المرجعية العربي "ارسيف Arcif"
أضخم قاعدة بيانات عربية للاستشهادات المرجعية للمجلات العلمية المحكمة الصادرة في العالم العربي
تقوم هذه الخدمة بالتحقق من التشابه أو الانتحال في الأبحاث والمقالات العلمية والأطروحات الجامعية والكتب والأبحاث باللغة العربية، وتحديد درجة التشابه أو أصالة الأعمال البحثية وحماية ملكيتها الفكرية. تعرف اكثر