Main Page
Deanship
The Dean
Dean's Word
Curriculum Vitae
Contact the Dean
Vision and Mission
Organizational Structure
Vice- Deanship
Vice- Dean
KAU Graduate Studies
Research Services & Courses
Research Services Unit
Important Research for Society
Deanship's Services
FAQs
Research
Staff Directory
Files
Favorite Websites
Deanship Access Map
Graduate Studies Awards
Deanship's Staff
Staff Directory
Files
Researches
Contact us
عربي
English
About
Admission
Academic
Research and Innovations
University Life
E-Services
Search
Deanship of Graduate Studies
Document Details
Document Type
:
Thesis
Document Title
:
Enhanced Host-based Intrusion Detection System for Cloud Platform
نظام كشف التسلل المحسن للأنظمة المستضافة في المنصات السحابية
Subject
:
Faculty of Computing and Information Technology
Document Language
:
Arabic
Abstract
:
To detect zero-day attacks in modern cloud platforms, several host-based intrusion detection systems are proposed using the newly compiled ADFA-LD dataset. These techniques use the system call traces of the dataset to detect anomalies. The common limitations found in such systems include one or more of the following: low detection rate, high false alarm rate, and long learning time that leads to inflexible response to eventual changes in the normal profile. To overcome these limitations and achieve best combination of high detection rate, low false alarm rate, and small learning time, we propose two host-based intrusion detection systems. The first system utilizes a novel algorithm to extract only distinct short sequences of system calls per normal trace to create a normal profile. Then, a companion classification algorithm is used to detect anomalies. The second one employs frequency-based feature extraction from traces of system calls and uses semi-supervised anomaly detection techniques such as support vector machines, k-nearest neighbors and k-furthest neighbors. We developed two prototypes using Java language for both systems and compared their performance using the ADFA-LD dataset. The experimental results showed that the first system outperformed the second. To the best of our knowledge, the obtained results of the proposed first system are superior to all up-to-date published systems in terms of computational cost and learning time. The obtained detection rate is also much higher than almost all compared systems and is very close to the highest result. In particular, the proposed short-sequence-based intrusion detection system provides the best combination of high detection rate and very small learning time. The developed prototype achieved 90.48% detection rate, 22.5% false alarm rate, and a learning time of about 30 seconds. This provides high capability to detect zero-day attacks and also makes it flexible to cope with any environmental changes since it can learn quickly and incrementally without the need to rebuild the whole classifier from scratch.
Supervisor
:
Prof. Mohamed Ashraf Madkour
Thesis Type
:
Master Thesis
Publishing Year
:
1438 AH
2017 AD
Added Date
:
Thursday, June 1, 2017
Researchers
Researcher Name (Arabic)
Researcher Name (English)
Researcher Type
Dr Grade
Email
يعقوب سيد عبدالله
bdullah, Yaqoob Sayed
Researcher
Master
Files
File Name
Type
Description
40835.pdf
pdf
Back To Researches Page