Year

2010

Degree Name

Doctor of Philosophy

Department

School of Computer Science and Software Engineering - Faculty of Informatics

Abstract

Despite many years of effort by the industry as well as the research community, attacks on computer systems via access networks are still a severe threat. In the battle against network attacks, firewalls and Intrusion Detection Systems (IDSs) have played one of the most important roles. However, conventional firewalls and IDSs have technical limitations and as such have difficulties dealing with emerging network applications, a notable example of which being streaming content. Besides, configuring firewall rule tables for large networks with complex security requirements is a difficult and error prone task.

In this thesis, we study the behavior of streaming content applications and look into techniques for enhancing firewalls/IDSs capabilities to cater for this new network application requirement. To assist system administrators to correctly implement organisational policies, we also develop a method of representing a firewall rule table that allows comparison of two tables, and provide an algorithm that determines if two tables are equivalent.

Even enhanced with techniques we provided, conventional firewalls/IDSs themselves still have difficulties dealing with complicated network threats and challenges. A notable example is multi-stage attacks where each stage itself does not violate security policy and is not detected by firewalls/IDSs.

A new mechanism, namely attack graphs, has emerged to model and defend against multi-stage attacks. However like any other new technologies, attack graphs have technical limitations such as sizing or scaling issues. In this thesis, we present our contribution to the area of ranking attack graphs. Our contribution lies in two major areas: accurate ranking of attack graphs, and efficient ranking by an artificial intelligence approach.

02Whole.pdf (2858 kB)

Share

COinS