CCE Theses and Dissertations

Date of Award


Document Type

Dissertation - NSU Access Only

Degree Name

Doctor of Philosophy (PhD)


College of Computing and Engineering


James L. Cannady

Committee Member

Glyn T. Gowing

Committee Member

Timothy J. Ellis


Computer science, cybersecurity, IDS, information security, information technology, intrusion detection, intrusion response, network security


One of the most important security measures in any organization’s Cybersecurity program is its ability to detect and prevent cyberattacks effectively. As cyberattacks continue to present major concerns for modern society, intrusion prevention techniques alone are not enough to successfully combat today’s cyber threats. Intrusion detection techniques need to be continuously enhanced to meet new demands and challenges. They need to process massive data in real-time with great accuracy. The focus of this research was in developing a novel architecture for real-time intrusion detection. Its goal was to address the limited labeled data problem in highly imbalanced data. The proposed Multi- Agent Decentralized Architecture for Intrusion Detection System (MADA4IDS) was designed with the following seven key factors in mind: accuracy, overhead, scalability, resiliency, self-configuration, interoperability, and privacy. The architecture consisted of six key modules: network sensor management and logging, host agent management and logging, offline data storage, policies, intrusion detection, and intrusion response. MADA4IDS has the root node at the top of the hierarchy, which continuously receives aggregated and corelated intrusion detection information from the entire network using a Security Information and Event Management (SIEM). MADA4IDS was deployed and evaluated in a Cybersecurity test lab using two experiments. To demonstrate the efficacy of the proposed architecture in real-world environment, these experiments were performed using real data sources from the operational environment. The first experiment demonstrated that MADA4IDS was able to achieve approximately 99.8% reduction in comparison with Palo Alto Network Firewall and Snort IDS. The second experiment demonstrated its ability to achieve early detection of lateral movement reconnaissance. Overall, the experimentation results demonstrated that MADA4IDS was able to improve the detection accuracy in high-speed network.

To access this thesis/dissertation you must have a valid OR email address and create an account for NSUWorks.

Free My Thesis

If you are the author of this work and would like to grant permission to make it openly accessible to all, please click the Free My Thesis button.

  Contact Author