Thesis

Distress detection

Creator
Rights statement
Awarding institution
  • University of Strathclyde
Date of award
  • 2012
Thesis identifier
  • T13381
Qualification Level
Qualification Name
Department, School or Faculty
Abstract
  • Web attacks pose a prime concern for cybersecurity, and whilst attackers are leveraging modern technologies to launch unpredictable attacks with serious consequences, web attack detectors are still restricted to the classical misuse and anomaly detection methods. As a result, web attack detectors have limited resilience to novel attacks or produce impractical amounts of daily false alerts. Advances in intrusion detection techniques have so far only partly alleviated the problem as they are still tied to existing methods. This thesis proposes Distress Detection (DD), a detection method providing novel web attack resilience while suppressing false alerts. It is partly inspired by the workings of the human immune system, that is capable to respond against previously unseen infections. The premise is that within the scope of an attack objective (the attack's end result), attack HTTP requests are associated with features that are necessary to reach that objective, rendering them suspicious. Their eventual execution must generate system events that are associated with the successful attainment of their objective, called the attack symptoms. Suspicious requests and attack symptoms are modeled on the generic signs of ongoing infections that enable the immune system to respond to novel infections, however they are not exclusive to attacks. The suppression of false alerts is left to an alert correlation process based on the premise that attack requests can be distinguished from the rest through a link that connects their features with their consequent attack symptoms. The provision of novel attack resilience and false alert suppression is demonstrated through three prototype distress detectors, identifying DD as promising for effective web attack detection, despite some concerns about the level of diffculty of their implementation process.
Advisor / supervisor
  • Roper, Marc, 1961-
  • Terzis, Sotirios, 1973-
Resource Type
DOI
EThOS ID
  • uk.bl.ethos.701535
Date Created
  • 2012
Former identifier
  • 999890923402996

Relations

Items