|
|
Type of Document Thesis Author Blackwell, John URN etd-06152004-090809 Title RAMIT - Rule-Based Alert Management Information Tool Degree Master of Science Department Computer Science, Department of Advisory Committee
Advisor Name Title Lois Wright Hawkes Committee Chair Daniel G. Schwartz Committee Member Michael Burmester Committee Member Keywords
- NIDs
- HIDs
- IDs
- Security
- Hackers
- Packet
- System Administration
- Alerts
- Snort
Date of Defense 2004-05-28 Availability unrestricted Abstract The problems inherent to providing security for network systems are relative to the openness and design of network architecture. Typically network security is achieved through the use of monitoring tools based on pattern recognition or behavioral analysis. One of the tools based on pattern recognition is SNORT. SNORT attempts to protect networks by alerting system administrators when network received packets of information match predetermined signatures contained in the SNORT tool. Unfortunately, by the very nature of this design, SNORT operates at the packet data level and has no concept of the specific properties of the network it is trying to protect.This thesis provides the design of an alert management tool which, upon taking SNORT alert signatures as inputs and using a knowledge base of intruders and local Network Systems, attempts to reduce false-positive and negative alerts sent to the system administrator. The major drawback to SNORT is that many false alerts are sent from the SNORT engine, and must then be sifted through and classified by system administrators. This thesis proposes a tool which should lessen this stress and considerably reduce the workload of having to classify alerts by human beings.
Files
Filename Size Approximate Download Time (Hours:Minutes:Seconds)
28.8 Modem 56K Modem ISDN (64 Kb) ISDN (128 Kb) Higher-speed Access BlackwellJThesis.pdf 4.80 Mb 00:22:12 00:11:25 00:09:59 00:04:59 00:00:25