DOCSLIB.ORG

1 Table of Contents List of Figures

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
1 Table of Contents List of Figures Table of Contents List of Figures ..................................................................................................................... 4 List of Tables ...................................................................................................................... 5 Chapter 1: Introduction....................................................................................................... 6 1.1 Introduction....................................................................................................................6 1.2 Problem Statement .......................................................................................................12 1.3 Thesis Objective...........................................................................................................12 1.4 Thesis Organization.....................................................................................................14 Chapter 2: Intrusion Detection.......................................................................................... 15 2.1 Introduction..................................................................................................................15 2.2 What is an IDS .............................................................................................................15 2.2.1 The Basic Concepts of Intrusion Detection......................................................16 2.2.2 A Generic Intrusion-Detection System.............................................................17 2.2.3 Characteristics of Intrusion Detection Systems ................................................18 2.2.4 Efficiency of intrusion detection systems .........................................................19 2.3 Classification of IDS ....................................................................................................20 2.3.1 Classification based on the detection method...................................................20 2.3.1.1 Misuse Detection or detection by appearance. .....................................20 2.3.1.2 Anomaly Detection or detection by behavior. ......................................21 2.3.2 Classification based on the type of the protected system .................................21 2.3.2.1 Host based systems ...............................................................................22 2.3.2.2 Network based systems .........................................................................22 2.4 Different Approaches to anomaly host-based IDS ......................................................22 2.4.1 Analysis of sequences of system calls ..............................................................22 2.4.2 Detection through the use of Neural Networks.................................................23 2.4.3 Detection through the use of Data Mining........................................................25 2.5 Conclusion...................................................................................................................26 Chapter 3: Related Work................................................................................................... 28 3.1 Introduction..................................................................................................................28 3.2 Detecting attacks through source code analysis...........................................................29 1 3.2.1 Attacks exploiting buffer-overflow systems vulnerability ...............................30 3.2.2 Attacks increasing system privileges ................................................................30 3.3 Statistical-based anomaly detection techniques...........................................................32 3.3.1 Statistical process control .................................................................................33 3.3.2 Multivariate statistical techniques in intrusion detection..................................36 3.3.3 Comparison between the different Statistical techniques .................................40 3.4 Conclusion.................................................................................................................. 41 Chapter 4: Development of an Anomaly Host Based IDS ............................................... 42 4.1 Introduction..................................................................................................................42 4.2 Malicious code study...................................................................................................43 4.2.1 Data Collection.................................................................................................44 4.2.2 Attack pattern analysis......................................................................................45 4.3 Pattern Identification (feature extractor)......................................................................50 4.3.1 Application of Principal Component Analysis to the feature extraction problem ....................................................................................................................................50 4.3.2 Definition of Principal Component Analysis....................................................51 4.3.3 Steps to perform PCA in feature extraction......................................................52 4.4 Attack Classifier...........................................................................................................57 4.5 Results Analysis & Validation.....................................................................................59 4.5.1 Efficiency and performance measures ..............................................................59 4.5.2 Experiments for training and testing.................................................................60 4.6 Conclusion...................................................................................................................61 Chapter 5: Results Analysis and Validation......................................................................63 5.1 Introduction..................................................................................................................63 5.2 Input Data Analysis......................................................................................................63 5.3 Parser design and operation.........................................................................................65 5.4 Multivariate Statistical Analysis: PCA........................................................................66 5.4.1 Data Normalization...........................................................................................66 5.4.2 The Computation of the Covariance Matrix (or the Correlation matrix)..........71 5.4.3 Eigenvectors and Eigenvalues ..........................................................................75 5.4.4 Selection of Principal Components...................................................................76 2 5.5 Testing & Results.........................................................................................................78 5.5.1 Experiment with known data ............................................................................80 5.5.2 Cross validation over unseen data.....................................................................83 Chapter 6: Conclusion and Future Work .......................................................................... 86 6.1 Research Summary......................................................................................................86 6.2 Contributions................................................................................................................88 6.3 Future work..................................................................................................................89 References......................................................................................................................... 91 Appendix A....................................................................................................................... 97 Appendix B..................................................................................................................... 111 Appendix C ..................................................................................................................... 119 Appendix D..................................................................................................................... 126 3 List of Figures Figure 1. 1: Attack sophistication versus intruder technical knowledge. ............................8 Figure 2. 1: A simple Intrusion Detection System…………………………….................17 Figure 2. 2: Characteristics of Intrusion Detection Systems..............................................18 Figure 3. 1: The System Architecture of Detecting Source Code of Attacks. ...................31 Figure 3. 2: Differences between the control limits of separate Univariate tests and the control limit of a Multivariate test. ....................................................................................35 Figure 4. 1: The Life Cycle of Attack Codes.....................................................................47 Figure 4. 2: Elements of Primary filter ..............................................................................54 Figure 4. 3: Elements sorted according to their highest Total Variance Ratio (R)............55 Figure 4. 4: The Computation of the Euclidean Distance from the center of both clean and malicious codes..................................................................................................................58
Load more

Recommended publications
  • Blackbaud CRM Security Guide
    Security Guide 11/10/2014 Blackbaud Direct Marketing 4.0 Security UK ©2014 Blackbaud, Inc. This publication, or any part thereof, may not be reproduced or transmitted in any form or by any means, electronic, or mechanical, including photocopying, recording, storage in an information retrieval system, or oth- erwise, without the prior written permission of Blackbaud, Inc. The information in this manual has been carefully checked and is believed to be accurate. Blackbaud, Inc., assumes no responsibility for any inaccuracies, errors, or omissions in this manual. In no event will Blackbaud, Inc., be liable for direct, indirect, special, incidental, or consequential damages resulting from any defect or omission in this manual, even if advised of the possibility of damages. In the interest of continuing product development, Blackbaud, Inc., reserves the right to make improvements in this manual and the products it describes at any time, without notice or obligation. All Blackbaud product names appearing herein are trademarks or registered trademarks of Blackbaud, Inc. All other products and company names mentioned herein are trademarks of their respective holder. Security-2014 Contents CONTENTS I SECURITY 1 Fundamentals of Security 1 APPLICATION USERS 3 Search for Users 3 Application User Records 4 Add an Application User 4 Edit Users 5 Delete Users 6 Grant/Revoke Users Administrator Rights 6 Run the Program as a Selected User 6 Organisational Unit Record 7 Application Users Page 8 Manage System Roles of an Application User 8 Add System Roles
    [Show full text]
  • Using Remote Desktop Services with Ifix 1
    Proficy iFIX 6.5 Using Remote Desktop Services GE Digital Proficy Historian and Operations Hub: Data Analysis in Context 1 Proprietary Notice The information contained in this publication is believed to be accurate and reliable. However, General Electric Company assumes no responsibilities for any errors, omissions or inaccuracies. Information contained in the publication is subject to change without notice. No part of this publication may be reproduced in any form, or stored in a database or retrieval system, or transmitted or distributed in any form by any means, electronic, mechanical photocopying, recording or otherwise, without the prior written permission of General Electric Company. Information contained herein is subject to change without notice. © 2021, General Electric Company. All rights reserved. Trademark Notices GE, the GE Monogram, and Predix are either registered trademarks or trademarks of General Electric Company. Microsoft® is a registered trademark of Microsoft Corporation, in the United States and/or other countries. All other trademarks are the property of their respective owners. We want to hear from you. If you have any comments, questions, or suggestions about our documentation, send them to the following email address: [email protected] Table of Contents Using Remote Desktop Services with iFIX 1 Reference Documents 1 Introduction to Remote Desktop Services 2 Using iClientTS 2 Understanding the iFIX and Remote Desktop Services 3 File System Support 5 Where to Find More Information on Remote Desktop Services 5 Getting
    [Show full text]
  • Lesson 14: Creating and Managing Active Directory Users and Computers
    Lesson 14: Creating and Managing Active Directory Users and Computers MOAC 70-410: Installing and Configuring Windows Server 2012 Overview • Exam Objective 5.2: Create and Manage Active Directory Users and Computers • Creating User Objects • Creating Computer Objects • Managing Active Directory Objects © 2013 John Wiley & Sons, Inc. 2 Creating User Objects Lesson 14: Creating and Managing Active Directory Users and Computers © 2013 John Wiley & Sons, Inc. 3 Creating User Objects • The user account is the primary method for authentication on a network. • Usernames and passwords are validated at log on by comparing entered information to the information stored in the AD DS database. © 2013 John Wiley & Sons, Inc. 4 Types of Users • Local users: These accounts can only access resources on the local computer and are stored in the local Security Account Manager (SAM) database on the computer where they reside. • Domain users: These accounts can access AD DS or network-based resources, such as shared folders and printers. o Account information for these users is stored in the AD DS database and replicated to all domain controllers within the same domain. © 2013 John Wiley & Sons, Inc. 5 Built-In User Accounts Administrator and Guest • On a member server or standalone server: The built-in local Administrator account has full control of all files as well as complete management permissions for the local computer. • On a domain controller: The built-in Administrator account created in Active Directory has full control of the domain in which it was created. The Administrator account cannot be deleted, but it can be renamed. © 2013 John Wiley & Sons, Inc.
    [Show full text]
  • The 12 Essential Tasks of Active Directory Domain Services
    WHITE PAPER ACTIVE DIRECTORY DOMAIN SERVICES The 12 Essential Tasks of Active Directory Domain Services Using the right tools and processes helps reduce administrative overhead and ensures directory service is always available By Nelson Ruest and Danielle Ruest Sponsored by WHITE PAPER ACTIVE DIRECTORY DOMAIN SERVICES ABSTRACT Active Directory Domain Services (AD DS) administration and management includes Sponsored by 12 major tasks. These tasks cover a wide breadth of business needs and are not all performed solely by AD DS administrators. In fact, administrators can and should delegate several tasks to other members of their technical community, technicians, help desk personnel, even users such as team managers and administrative assistants. While delegation is a way to reduce the amount of work administrators have to do when managing AD DS infrastructures, it really only addresses one or two of the 12 tasks, for example, user and group administration as well as end point device administration. The other ten tasks can be staggering in nature—security, networked service administration, OU-Specific Management, Group Policy Object management and many more—and because of this can take up inordinate amounts of time. You can rely on Microsoft’s built-in tools to reduce some of this workload, but are the native tools enough? Perhaps it’s time to reduce AD DS administration overhead by automating most tasks and tightening internal security. Address this by first, determining what the twelve essential labors of Active Directory are and then, see how you can reduce AD DS workloads through the implementation of proper management and administration tools.
    [Show full text]
  • Netop Remote Control User's Guide
    USER'S GUIDE 27 September 2017 Netop Remote Control User's Guide Copyright© 1981-2017 Netop Business Solutions A/S. All Rights Reserved. Portions used under license from third parties. Please send any comments to: Netop Business Solutions A/S Bregnerodvej 127 DK-3460 Birkerod Denmark E-mail: [email protected] Internet: www.netop.com Netop™ is a trademark of Netop Business Solutions A/S. All other products mentioned in this document are trademarks of their respective manufacturers. Netop Business Solutions A/S denies any and all responsibility for damages caused directly or indirectly as a result of using this document. The content of this document is subject to change without notice. Netop Business Solutions A/S retains the copyright to this document. The document is optimized for double-sided printing. 27 September 2017 Netop Remote Control User's Guide Contents 1 Overview ....................................................................................................................................................4 1.1 Remote Control modules ...............................................................................................................................................4 1.2 Security ...........................................................................................................................................4 1.3 Communication profiles ...............................................................................................................................................5 2 Managing Hosts ........................................................................................................................................6
    [Show full text]
  • Microsoft Active Platform: a Development Platform for Internet-Based Distributed Computing
    Microsoft Active Platform: A Development Platform for Internet-Based Distributed Computing Backgrounder March 19977 Intent on increasing online efficiency while reducing development and training costs, businesses are demanding a single solution for storing, publishing and retrieving information, as well as for running line-of-business applications on internal networks and the Internet. The Microsoft® Active Platform meets this demand by providing a foundation for distributed computing. An integrated, comprehensive set of client and server development technologies, the Active Platform makes it easy for developers to integrate the connectivity of the Internet with the power of the personal computer. The Active Platform is based on the leading standards-based implementation of HTML from Microsoft, open scripting and component architecture. It allows developers to use the same tools and components they know and use today to build powerful applications easily for the Internet and intranets. This comprehensive set of tools and technologies provides a new application development approach across clients and servers using a single component model. By making optimal use of today’s tools and tomorrow’s Internet technologies, the Active Platform enables developers to make the transition into the new paradigm for desktop computing and capitalize on the new opportunities it presents. The Active Platform offers users and administrators a graphically rich, intuitive, easy-to-manage and consistent experience across platforms. Developers benefit from rich services built into the system and a uniform programming model across the client and the server that can be accessed from a consistent, integrated set of tools. Figure1. The Microsoft Active Platform brings information to the desktop from the Internet and intranets under the comprehensive interface of the Active Desktop.
    [Show full text]
  • Active Directory with Powershell
    Active Directory with PowerShell Learn to configure and manage Active Directory using PowerShell in an efficient and smart way Uma Yellapragada professional expertise distilled PUBLISHING BIRMINGHAM - MUMBAI Active Directory with PowerShell Copyright © 2015 Packt Publishing All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews. Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book. Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information. First published: January 2015 Production reference: 1200115 Published by Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK. ISBN 978-1-78217-599-5 www.packtpub.com Credits Author Project Coordinator Uma Yellapragada Sageer Parkar Reviewers Proofreaders David Green Simran Bhogal Ross Stone Stephen Copestake Nisarg Vora Martin Diver Ameesha Green Commissioning Editor Paul Hindle Taron Pereira Indexer Acquisition Editor Hemangini Bari Sonali Vernekar Production Coordinator Content Development Editor Aparna Bhagat Prachi Bisht Cover Work Technical Editor Aparna Bhagat Saurabh Malhotra Copy Editors Heeral Bhatt Pranjali Chury Gladson Monteiro Adithi Shetty About the Author Uma Yellapragada has over 11 years of experience in the IT industry.
    [Show full text]
  • Management Console Reference Guide
    Secure Web Gateway Management Console Reference Guide Release 10.0 • Manual Version 1.01 M86 SECURITY SETUP AND CONFIGURATION GUIDE © 2010 M86 Security All rights reserved. 828 W. Taft Ave., Orange, CA 92865, USA Version 1.01, published November 2010 for SWG software release 10.0 This document may not, in whole or in part, be copied, photo- copied, reproduced, translated, or reduced to any electronic medium or machine readable form without prior written con- sent from M86 Security. Every effort has been made to ensure the accuracy of this document. However, M86 Security makes no warranties with respect to this documentation and disclaims any implied war- ranties of merchantability and fitness for a particular purpose. M86 Security shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein. Due to future enhancements and modifications of this product, the information described in this documentation is subject to change without notice. Trademarks Other product names mentioned in this manual may be trade- marks or registered trademarks of their respective companies and are the sole property of their respective manufacturers. II M86 SECURITY, Management Console Reference Guide CONTENT INTRODUCTION TO THE SECURE WEB GATEWAY MANAGEMENT CONSOLE .................................................................... 1 WORKING WITH THE MANAGEMENT CONSOLE................ 3 Management Console . 3 Main Menu . 4 Using the Management Console . 6 Management Wizard . 10 User Groups Wizard . 11 Log Entry Wizard . 28 DASHBOARD............................................................... 33 Dashboard Console . 33 Functionality. 34 Device Gauges . 35 Performance Graphs . 38 Messages (SNMP). 40 Device Utilization Graphs. 41 USERS ......................................................................
    [Show full text]
  • Active Roles 7.3 Skype for Business Server User Management
    One Identity Active Roles 7.3 Skype for Business Server User Management Administration Guide Copyright 2018 One Identity LLC. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a software license or nondisclosure agreement. This software may be used or copied only in accordance with the terms of the applicable agreement. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording for any purpose other than the purchaser’s personal use without the written permission of One Identity LLC . The information in this document is provided in connection with One Identity products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of One Identity LLC products. EXCEPT AS SET FORTH IN THE TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, ONE IDENTITY ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON- INFRINGEMENT. IN NO EVENT SHALL ONE IDENTITY BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF ONE IDENTITY HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. One Identity make no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice.
    [Show full text]
  • Using IIS Application Request Routing to Publish Lync Server 2013 Web Services
    Using IIS Application Request Routing to Publish Lync Server 2013 Web Services DISCLAIMER © 2014 Microsoft Corporation. All rights reserved. Microsoft, Active Directory, Hyper-V, Internet Explorer, Lync, PowerPoint, Silverlight, SQL Server, Windows, Windows PowerShell, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. THE CONTENTS OF THIS PACKAGE ARE FOR INFORMATIONAL AND TRAINING PURPOSES ONLY AND ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, WHETHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. No part of the text or software included in this training package may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission from Microsoft. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. To obtain authorization for uses other than those specified above, please visit the Microsoft Copyright Permissions Web page at http://www.microsoft.com/about/legal/permissions This content is proprietary and confidential, and is intended only for users described in the content provided in this document. This content and information is provided to you under a Non-Disclosure Agreement and cannot be distributed.
    [Show full text]
  • Using Microsoft Active Directory (AD) with Eonstor GS/Gse in Windows Server
    Using Microsoft Active Directory (AD) with EonStor GS/GSe in Windows Server Application Note Abstract: This application note describes how to use Microsoft Active Directory (AD) service with EonStor GS/GSe systems in Windows Server environments. Copyright © 2016 Infortrend Technology, Inc. All rights reserved. Infortrend, ESVA, EonStor, EonNAS and EonPath are trademarks or registered trademarks of Infortrend. All other marks and names mentioned herein may be trademarks of their respective owners. The information contained herein is subject to change without notice. The content provided as is, without express or implied warranties of any kind. Table of Content Table of Content Table of Content ......................................................................................................................... 2 Using Microsoft Active Directory with EonStor GS/GSe ............................................................... 3 Preparing the Environment ........................................................................................................ 4 Step 1: Time setting .................................................................................................................... 4 Step 2: Check channel connection .............................................................................................. 5 Step 3: Check IP address of AD & DNS ........................................................................................ 5 Adding AD Server to EonStor GS/GSe ........................................................................................
    [Show full text]
  • Windows Powershell Best Practices Windows Powershell Best Practices
    Windows PowerShell Best Practices Windows PowerShell Best Practices Expert recommendations, pragmatically applied Automate system administration using Windows PowerShell best practices—and optimize your operational efficiency. With this About the Author practical guide, Windows PowerShell expert and instructor Ed Ed Wilson, MCSE, CISSP, is a well-known Wilson delivers field-tested tips, real-world examples, and candid scripting expert and author of “Hey Windows Scripting Guy!”—one of the most popular advice culled from administrators across a range of business and blogs on Microsoft TechNet. He’s written technical scenarios. If you’re an IT professional with Windows several books on Windows scripting PowerShell experience, this book is ideal. for Microsoft Press, including Windows PowerShell 2.0 Best Practices and Windows PowerShell Scripting Guide. Discover how to: PowerShell • Use Windows PowerShell to automate Active Directory tasks • Explore available WMI classes and methods with CIM cmdlets • Identify and track scripting opportunities to avoid duplication • Use functions to encapsulate business logic and reuse code • Design your script’s best input method and output destination • Test scripts by checking their syntax and performance • Choose the most suitable method for running remote commands • Manage software services with Desired State Configuration Wilson BEST PRACTICES microsoft.com/mspress ISBN 978-0-7356-6649-8 U.S.A. $59.99 55999 Canada $68.99 [Recommended] 9 780735 666498 Operating Systems/Windows Server Celebrating 30 years! Ed Wilson 666498_Win_PowerShell_Best_Practices.indd 1 4/11/14 10:30 AM Windows PowerShell Best Practices Ed Wilson 666498_book.indb 1 12/20/13 10:50 AM Published with the authorization of Microsoft Corporation by: O’Reilly Media, Inc.
    [Show full text]