Analysis and evaluation of network intrusion detection methods to uncover data theft.

Corsini, Julien (2009) Analysis and evaluation of network intrusion detection methods to uncover data theft. MEng thesis, Edinburgh Napier University.

Available under License Creative Commons Attribution Non-commercial.

Download (4MB)


Nowadays, the majority of corporations mainly use signature-based intrusion detection. This trend is partly due to the fact that signature detection is a well-known technology, as opposed to anomaly detection which is one of the hot topics in network security research. A second reason for this fact may be that anomaly detectors are known to generate many alerts, the majority of which being false alarms. Corporations need concrete comparisons between different tools in order to choose which is best suited for their needs. This thesis aims at comparing an anomaly detector with a signature detector in order to establish which is best suited to detect a data theft threat. The second aim of this thesis is to establish the influence of the training period length of an anomaly Intrusion Detection System (IDS) on its detection rate. This thesis presents a Network-based Intrusion Detection System (NIDS) evaluation testbed setup. It shows the setup of two IDSes, the signature detector Snort and the anomaly detector Statistical Packet Anomaly Detection Engine (SPADE). The evaluation testbed also includes the setup of a data theft scenario (reconnaissance, brute force attack on server and data theft). The results from the experiments carried out in this thesis proved inconclusive, mainly due to the fact that the anomaly detector SPADE requires a configuration adapted to the network monitored. Despite the fact that the experimental results proved inconclusive, this thesis could act as documentation for setting up a NIDS evaluation testbed. It could also be considered as documentation for the anomaly detector SPADE. This statement is made from the observation that there is no centralised documentation about SPADE, and not a single research paper documents the setup of an evaluation testbed.

Item Type: Thesis (MEng)
Uncontrolled Keywords: Intrusion detection system; data security; internet security; signature detection; data theft; anomaly; Snort; Statistical Packet Anomaly Detection Engine;
University Divisions/Research Centres: Faculty of Engineering, Computing and Creative Industries > School of Computing
Dewey Decimal Subjects: 000 Computer science, information & general works >
000 Computer science, information & general works > 000 Computer science, knowledge & systems > 005 Computer programming, programs & data > 005.8 Data security
Library of Congress Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Item ID: 4031
Depositing User: Professor Bill Buchanan
Date Deposited: 10 Jan 2011 14:28
Last Modified: 12 Jan 2011 04:57

Actions (login required)

View Item View Item


Downloads per month over past year

View more statistics

Edinburgh Napier University is a registered Scottish charity. Registration number SC018373