CCE Theses and Dissertations
Date of Award
2019
Document Type
Dissertation - NSU Access Only
Degree Name
Doctor of Philosophy (PhD)
Department
College of Computing and Engineering
Advisor
James L. Cannady
Committee Member
Glyn T. Gowing
Committee Member
Timothy J. Ellis
Keywords
Computer science, cybersecurity, IDS, information security, information technology, intrusion detection, intrusion response, network security
Abstract
One of the most important security measures in any organization’s Cybersecurity program is its ability to detect and prevent cyberattacks effectively. As cyberattacks continue to present major concerns for modern society, intrusion prevention techniques alone are not enough to successfully combat today’s cyber threats. Intrusion detection techniques need to be continuously enhanced to meet new demands and challenges. They need to process massive data in real-time with great accuracy. The focus of this research was in developing a novel architecture for real-time intrusion detection. Its goal was to address the limited labeled data problem in highly imbalanced data. The proposed Multi- Agent Decentralized Architecture for Intrusion Detection System (MADA4IDS) was designed with the following seven key factors in mind: accuracy, overhead, scalability, resiliency, self-configuration, interoperability, and privacy. The architecture consisted of six key modules: network sensor management and logging, host agent management and logging, offline data storage, policies, intrusion detection, and intrusion response. MADA4IDS has the root node at the top of the hierarchy, which continuously receives aggregated and corelated intrusion detection information from the entire network using a Security Information and Event Management (SIEM). MADA4IDS was deployed and evaluated in a Cybersecurity test lab using two experiments. To demonstrate the efficacy of the proposed architecture in real-world environment, these experiments were performed using real data sources from the operational environment. The first experiment demonstrated that MADA4IDS was able to achieve approximately 99.8% reduction in comparison with Palo Alto Network Firewall and Snort IDS. The second experiment demonstrated its ability to achieve early detection of lateral movement reconnaissance. Overall, the experimentation results demonstrated that MADA4IDS was able to improve the detection accuracy in high-speed network.
NSUWorks Citation
Anh-Hong Nguyen Rucker. 2019. Improving Real-Time Intrusion Detection in Dynamic Networks with Highly Imbalanced Data Using a Multi-Agent Architecture Approach. Doctoral dissertation. Nova Southeastern University. Retrieved from NSUWorks, College of Computing and Engineering. (1102)
https://nsuworks.nova.edu/gscis_etd/1102.