Accountable logging and its applications to intrusion detection

Thumbnail Image
Journal Title
Journal ISSN
Volume Title
University of Alabama Libraries

Today's computer and network systems were not originally designed for accountability which plays a crucial role in information assurance systems. To assure accountability, each entity in the system should be held responsible for its own behaviors so that the entity is a part of larger chains of the system's accountability. To achieve accountability, a flow-net methodology that records events as well as relations between events was proposed. The multi-layer feature of computer and network systems brings us the chance to achieve multiple degrees of accountability, which means we are able to acknowledge the system's behaviors at different levels of accountability. In this dissertation, a multi-resolution flow-net is proposed for achieving multi-layer accountability. Moreover, Intrusion Detection Systems that monitor malicious behaviors in computer and network systems play an important role in assuring system security. Flow-net that builds comprehensive logs and helps track events is able to order to record system and user behaviors. In this dissertation, an Intrusion Detection Scheme by Flow-Net Based Fingerprint (IDS-FF) scheme is proposed for detecting fingerprints of malicious behaviors. As an application of the IDS-FF scheme, we use it to detect intrusions in TCP/IP networks. Furthermore, in order to detect the intrusions that disguise themselves as regular behaviors in networks, we apply the IDS-FF scheme with cryptography techniques in TCP/IP networks.

Electronic Thesis or Dissertation
Computer science