Context-Aware Network Security.

Show simple item record Sinha, Sushant en_US 2010-01-07T16:31:10Z NO_RESTRICTION en_US 2010-01-07T16:31:10Z 2009 en_US en_US
dc.description.abstract The rapid growth in malicious Internet activity, due to the rise of threats like automated worms, viruses, and botnets, has driven the development of tools designed to protect host and network resources. One approach that has gained significant popularity is the use of network based security systems. These systems are deployed on the network to detect, characterize and mitigate both new and existing threats. Unfortunately, these systems are developed and deployed in production networks as generic systems and little thought has been paid to customization. Even when it is possible to customize these devices, the approaches for customization are largely manual or ad hoc. Our observation of the production networks suggest that these networks have significant diversity in end-host characteristics, threat landscape, and traffic behavior -- a collection of features that we call the security context of a network. The scale and diversity in security context of production networks make manual or ad hoc customization of security systems difficult. Our thesis is that automated adaptation to the security context can be used to significantly improve the performance and accuracy of network-based security systems. In order to evaluate our thesis, we explore a system from three broad categories of network-based security systems: known threat detection, new threat detection, and reputation-based mitigation. For known threat detection, we examine a signature-based intrusion detection system and show that the system performance improves significantly if it is aware of the signature set and the traffic characteristics of the network. Second, we explore a large collection of honeypots (or honeynet) that are used to detect new threats. We show that operating system and application configurations in the network impact honeynet accuracy and adapting to the surrounding network provides a significantly better view of the network threats. Last, we apply our context-aware approach to a reputation-based system for spam blacklist generation and show how traffic characteristics on the network can be used to significantly improve its accuracy. We conclude with the lessons learned from our experiences adapting to network security context and the future directions for adapting network-based security systems to the security context. en_US
dc.format.extent 896721 bytes
dc.format.extent 1373 bytes
dc.format.mimetype application/octet-stream
dc.format.mimetype text/plain
dc.language.iso en_US en_US
dc.subject Network Security en_US
dc.subject Context-aware en_US
dc.subject IDS, Honeynets, Blacklists en_US
dc.title Context-Aware Network Security. en_US
dc.type Thesis en_US
dc.description.thesisdegreename Ph.D. en_US
dc.description.thesisdegreediscipline Computer Science & Engineering en_US
dc.description.thesisdegreegrantor University of Michigan, Horace H. Rackham School of Graduate Studies en_US
dc.contributor.committeemember Jahanian, Farnam en_US
dc.contributor.committeemember Bailey, Michael Donald en_US
dc.contributor.committeemember Patel, Jignesh M. en_US
dc.contributor.committeemember Sami, Rahul en_US
dc.contributor.committeemember Shin, Kang Geun en_US
dc.subject.hlbsecondlevel Computer Science en_US
dc.subject.hlbtoplevel Engineering en_US
dc.owningcollname Dissertations and Theses (Ph.D. and Master's)
 Show simple item record

This item appears in the following Collection(s)

Search Deep Blue

Advanced Search

Browse by

My Account


Available Now

MLibrary logo