Please use this identifier to cite or link to this item: https://hdl.handle.net/11147/4029
Full metadata record
DC FieldValueLanguage
dc.contributor.advisorAytaç, İsmail Sıtkıen
dc.contributor.authorToprak, Mustafa-
dc.date.accessioned2014-07-22T13:53:01Z-
dc.date.available2014-07-22T13:53:01Z-
dc.date.issued2009en
dc.identifier.urihttp://hdl.handle.net/11147/4029-
dc.descriptionThesis (Master)--Izmir Institute of Technology, Computer Engineering, Izmir, 2009en
dc.descriptionIncludes bibliographical references (leaves: 63-66)en
dc.descriptionText in English; Abstract: Turkish and Englishen
dc.descriptionvii, 67 leavesen
dc.description.abstractInternet is a global public network. More and more people are getting connected to the Internet every day to take advantage of the Internetwork connectivity. It also brings in a lot of risk on the Internet because there are both harmless and harmful users on the Internet. While an organization makes its information system available to harmless Internet users, at the same time the information is available to the malicious users as well. Most organizations deploy firewalls to protect their private network from the public network. But, no network can be hundred percent secured. This is because; the connectivity requires some kind of access to be granted on the internal systems to Internet users. The firewall provides security by allowing only specific services through it. The firewall implements defined rules to each packet reaching to its network interface. The IDS complements the firewall security by detected if someone tries to break in through the firewall or manages to break in the firewall security and tried to have access on any system in the trusted site and alerted the system administrator in case there is a breach in security. However, at present, IDSs suffer from several limitations. To address these limitations and learn network security threats, it is necessary to perform alert correlation. Alert correlation focuses on discovering various relationships between individual alerts. Intrusion alert correlation techniques correlate alerts into meaningful groups or attack scenarios for ease to understand by human analysts. In order to be sure about the alert correlation working properly, this thesis proposed to use attack scenarios by correlating alerts on the basis of prerequisites and consequences of intrusions. The architecture of the experimental environment based on the prerequisites and consequences of different types of attacks, the proposed approach correlates alerts by matching the consequence of some previous alerts and the prerequisite of some later ones with OS-level logs. As a result, the accuracy of the proposed method and its advantage demonstrated to focus on building IDS alert correlation with OS-level logs in information security systems.en
dc.language.isoenen_US
dc.publisherIzmir Institute of Technologyen_US
dc.rightsinfo:eu-repo/semantics/openAccessen_US
dc.subject.lccTK5105.59 .T67 2009en
dc.subject.lcshComputer networks--Security measures--Softwareen
dc.subject.lcshFirewalls (Computer security)en
dc.titleIntrusion detection system alert correlation with operating system level logsen_US
dc.typeMaster Thesisen_US
dc.institutionauthorToprak, Mustafa-
dc.departmentThesis (Master)--İzmir Institute of Technology, Computer Engineeringen_US
dc.relation.publicationcategoryTezen_US
item.openairecristypehttp://purl.org/coar/resource_type/c_18cf-
item.grantfulltextopen-
item.cerifentitytypePublications-
item.fulltextWith Fulltext-
item.openairetypeMaster Thesis-
item.languageiso639-1en-
Appears in Collections:Master Degree / Yüksek Lisans Tezleri
Sürdürülebilir Yeşil Kampüs Koleksiyonu / Sustainable Green Campus Collection
Files in This Item:
File Description SizeFormat 
T000204.pdfMasterThesis1.36 MBAdobe PDFThumbnail
View/Open
Show simple item record



CORE Recommender

Page view(s)

178
checked on Nov 18, 2024

Download(s)

80
checked on Nov 18, 2024

Google ScholarTM

Check





Items in GCRIS Repository are protected by copyright, with all rights reserved, unless otherwise indicated.