Show simple item record

dc.contributor.advisorAytaç, İsmail Sıtkıen
dc.contributor.authorToprak, Mustafaen
dc.date.accessioned2014-07-22T13:53:01Z
dc.date.available2014-07-22T13:53:01Z
dc.date.issued2009en
dc.identifier.urihttp://hdl.handle.net/11147/4029
dc.descriptionThesis (Master)--Izmir Institute of Technology, Computer Engineering, Izmir, 2009en
dc.descriptionIncludes bibliographical references (leaves: 63-66)en
dc.descriptionText in English; Abstract: Turkish and Englishen
dc.descriptionvii, 67 leavesen
dc.description.abstractInternet is a global public network. More and more people are getting connected to the Internet every day to take advantage of the Internetwork connectivity. It also brings in a lot of risk on the Internet because there are both harmless and harmful users on the Internet. While an organization makes its information system available to harmless Internet users, at the same time the information is available to the malicious users as well. Most organizations deploy firewalls to protect their private network from the public network. But, no network can be hundred percent secured. This is because; the connectivity requires some kind of access to be granted on the internal systems to Internet users. The firewall provides security by allowing only specific services through it. The firewall implements defined rules to each packet reaching to its network interface. The IDS complements the firewall security by detected if someone tries to break in through the firewall or manages to break in the firewall security and tried to have access on any system in the trusted site and alerted the system administrator in case there is a breach in security. However, at present, IDSs suffer from several limitations. To address these limitations and learn network security threats, it is necessary to perform alert correlation. Alert correlation focuses on discovering various relationships between individual alerts. Intrusion alert correlation techniques correlate alerts into meaningful groups or attack scenarios for ease to understand by human analysts. In order to be sure about the alert correlation working properly, this thesis proposed to use attack scenarios by correlating alerts on the basis of prerequisites and consequences of intrusions. The architecture of the experimental environment based on the prerequisites and consequences of different types of attacks, the proposed approach correlates alerts by matching the consequence of some previous alerts and the prerequisite of some later ones with OS-level logs. As a result, the accuracy of the proposed method and its advantage demonstrated to focus on building IDS alert correlation with OS-level logs in information security systems.en
dc.language.isoengen
dc.publisherIzmir Institute of Technologyen
dc.rightsinfo:eu-repo/semantics/openAccessen_US
dc.subject.lccTK5105.59 .T67 2009en
dc.subject.lcshComputer networks--Security measures--Softwareen
dc.subject.lcshFirewalls (Computer security)en
dc.titleIntrusion detection system alert correlation with operating system level logsen
dc.typemasterThesisen
dc.contributor.authorIDTR116264
dc.contributor.departmentIzmir Institute of Technology. Computer Engineeringen
dc.relation.publicationcategoryTezen_US


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record