Automated intrusion prevention mechanism in enhancing network security / He Xiao Dong

He , Xiao Dong (2008) Automated intrusion prevention mechanism in enhancing network security / He Xiao Dong. Masters thesis, University of Malaya.

PDF (Thesis M.A)
Download (874Kb) | Preview


    Firewall, intrusion detection systems (IDS), and intrusion prevention system (IPS) are important tools used to secure networks against hackers' attacks. Ironically, these malicious attacks have brought more adverse impacts on the networks than before. At present, many existing IDS AND IPS work independently without the exchange of information. Hence, this deficit will lower the capability of these tools to protect increasingly vulnerable networks. In this thesis, an automated intrusion prevention mechanism (AIPM) which comprises the functionalities of IDS, IPS, and network devices is proposed to enhance network security. AIPM is a mechanism that includes automated intrusion prevention function and automated analysis of intrusion messages function. Additionally, the ability of automatically detecting and analyzing network traffic allows AIPM to detect malicious attacks almost in real time. Likewise, the ability of automatically analyzing intrusion messages and network configuration enables AIPM to build a topological view and locate the source of a malicious attack. Results of case studies show that AIPM imposes lower overhead than conventional method, which queries all pre-defined routers to block every interface irrespective of where the attack is launched. On the contrary, AIPM identifies the interface that is nearest to the source of the attack and sends a single query to the associated router to block only that particular interface, only 1 connection per attack is needed. AIPM can block malicious traffic in 2-5 seconds after an attack start because less pre-defined information is needed, the conventional method, on the other hand, needs about 5-10 seconds to finish block processing as more pre-defined information is needed. In summary, AIPM which incorporates the functionalities of IDS AND IPS offers network protection against potential malicious acts without incurring additional overheads as compare to the conventional method.

    Item Type: Thesis (Masters)
    Additional Information: Dissertation (M.A.) - Faculty of Computer Science & Information Technology, University of Malaya, 2008.
    Uncontrolled Keywords: Network security; Hackers' attacks; Firewall; Network protection; Network traffic
    Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
    Q Science > QA Mathematics > QA76 Computer software
    Divisions: Faculty of Computer Science & Information Technology
    Depositing User: Mr Mohd Safri Tahir
    Date Deposited: 01 Dec 2020 03:40
    Last Modified: 01 Dec 2020 03:40

    Actions (For repository staff only : Login required)

    View Item