Development of a network-based intrusion prevention system using data mining approach
Other Title(s)
تطوير نظام منع التطفل المعتمد على الشبكة باستخدام أسلوب تنقيب البيانات
Dissertant
Thesis advisor
Comitee Members
University
Amman Arab University
Faculty
Collage of Computer Sciences and Informatics
Department
Department of Computer Science
University Country
Jordan
Degree
Master
Degree Date
2011
English Abstract
Intrusion Prevention systems (IPS) can analyze, detect and prevent intruder attack.
The IPS provides a good service in securing the network which is further the functionality than intrusion-detection systems (IDS), firewalls, antivirus and any security applications by actively responding to attacks and giving great flexibility when dealing with security threats.
The goal of improved NIPS based on both mechanisms is to detect patterns of known intrusions (misuse detection) and to distinguish anomalous network activity of intrusion from normal network traffic (anomaly detection) effectively.
The Data mining methods have been used to enhance NIPS based on anomaly detection.
Using data mining methods lead to develop NIPS as an internal security gateway for defending against attacks and threats from inside and outside the computer network system.
In addition, it will help to detect anomaly activity of suspicious probing inside the network before it launches any network attacks with damaging effects.
The study aims to enhance snort tool, which is NIPS base on both misuse and anomaly detection mechanisms, by using two sub-phases of data mining approaches, named improved K-mean clustering algorithm and PF-growth algorithm.
The reason of a suggesting used these data mining approaches is due to the enormous volume of existing and newly appearing data that require processing such as a snort log file, in addition it can help an analyst to discover new rules from a hidden patterns that snort tool cannot see as obvious rules.
Integration among these two sub-phases helps to discover new rules especially those related to internal network scans, besides unsupervised learning process in K-mean algorithm is used to discover new cluster may represent a new type of attack depending on decisions of analysts.
All that work, helps to enhance and to develop NIPS tool, by involving data mining approaches in investigating anomalies.
Besides achieve objective to be a complete system performs requirements such as detect probe attack inside source of network and prevent it before launch network attack to the target machine with high performance, reduce false alarm, easy building system with low cast, and compatibility with any operating system.
Furthermore, maximize the effectiveness in identifying attacks, thereby helping the users to construct more secure information systems.
Main Subjects
Topics
No. of Pages
98
Table of Contents
Table of contents.
Abstract.
Abstract in Arabic.
Chapter One : Introduction.
Chapter Two : Overview and previous works.
Chapter Three : Proposed system methodology.
Chapter Four : Implementation of the proposed system and testing.
Chapter Five : Conclusion and future work.
References.
American Psychological Association (APA)
al-Sammirai, Nagham Faruq. (2011). Development of a network-based intrusion prevention system using data mining approach. (Master's theses Theses and Dissertations Master). Amman Arab University, Jordan
https://search.emarefa.net/detail/BIM-529161
Modern Language Association (MLA)
al-Sammirai, Nagham Faruq. Development of a network-based intrusion prevention system using data mining approach. (Master's theses Theses and Dissertations Master). Amman Arab University. (2011).
https://search.emarefa.net/detail/BIM-529161
American Medical Association (AMA)
al-Sammirai, Nagham Faruq. (2011). Development of a network-based intrusion prevention system using data mining approach. (Master's theses Theses and Dissertations Master). Amman Arab University, Jordan
https://search.emarefa.net/detail/BIM-529161
Language
English
Data Type
Arab Theses
Record ID
BIM-529161
