الفهرس 
AbstractOnly 14 pages are availabe for public view
 |  | from | 240 |  |  |
| | | from | 240 | | |
Abstract
Intrusion Detection Systems (IDSs) have recently received a blooming attention and interest from the scientific community as well as from the public. The interest from the public is mostly due to the recent events of terror around the world, which has increased the demand for useful security systems. The research problem: There has been significant progress in improving the performance of computer-based intrusion detection systems algorithms over the last decade. Although algorithms have been tested and compared extensively with each other, there has been remarkably little work comparing the accuracy of computer-based IDSs with humans. The research aims: to design and build an intelligent IDS that is accurate (low false negative and false positive rates), flexible, not easily fooled by small variations in intrusion patterns, adaptive in new environments, modular with both misuse and anomaly detection components, robust, able to detect known and unknown intrusions and real-time.
The research concludes: two phases of implementation; software and hardware phases. The software phase is divided into two sub-phases; the first introduces conventional IDS implementation which is based on neural networks and Data mining techniques. The results obtained were unsatisfactory. The second sub-phase introduces a proposed IDS which is based on hybriding and/or multistaging more than one conventional IDS. The proposed models were successfully able to detect all signatures and all classes of intrusions, in addition to the type of each stream (normal or attack) in the tested database. The first stage of the multistage classifier is a perfect 2-types anomaly classifier, which ensures securing the network against attack (known and unknown attacks), whereas an alarm could be raised to the system administrator to take the proper action. Feature and topology reduction were one of most important challenges in this thesis due to massiveness of tested dataset and the huge structure of the implemented models. The proposed models were repeated with different neural networks topologies with simpler structure which are based on trial and error. Feature reduction process proceeds in two ways; record reduction by eliminating duplications and feature reduction. By applying Principal Components Analysis (PCA), the original 41-features were transformed to 22 ranked principal components (PCs) and the generated PCs were minimized by eliminating less ranked PCs until reaching a compromise situation between the smallest number of PCs and best detection efficiency. The research recommends as the demand on more network speed increases and new network protocols emerge, Network Intrusion Detection Systems (NIDSs) are increasing in importance and are being integrated in network processors. Currently, most IDSs are software running on a general purpose processor. Unfortunately, it is becoming increasingly difficult for software based IDSs to keep up with the increasing network speeds (10Gbps at backbone networks).This has underscored the need for the specialized hardware-based solutions which are portable and operate at wire speeds. Field Programmable Gate Arrays (FPGAs) are generic pieces of hardware that can be reconfigured to perform any task. FPGA-based platforms can exploit the fact that the NIDS rules change relatively infrequently, and use reconfiguration to reduce implementation cost. In addition, FPGA-based systems can exploit parallelism in order to achieve satisfactory processing robustness.To achieve robustness of IDS; FPGA-based IDSs were introduced, the hardware phase, based on neural networks and data mining intrusion detection techniques. Through MultiLayer preceptron (MLP) design, we faced common challenge in MLP hardware implementation which is tansig activation function which is difficult to implement due to its nonlinearity. Three techniques for tansig representation were presented, one based on Kwan approximation [172] and the other based on Piecewise Linear Approximation of a Nonlinear function (PLAN) approximation [173]. A third approximation, which is based on symbolic regression and genetic algorithm, is proposed. New challenge arisen in implementing the proposed tansig approximation which is the division process in FPGA. This was solved by using (Intellectual Property) IP CORE available in Xilinx ISE. FPGA-based IDSs, MLP and Decision Tree DT-j48 based, were implemented using two different programming strategies and data formats. Both techniques gave perfect results to detect normal and attack stream. Both implemented single stage IDS was followed by second stage which was able to detected stream’s class after detecting stream’s type.