Lossy network compression for distributed network intrusion detection applications

Files

DSP2019Smith_Redacted.pdf (3.67 MB)

Links to Files

https://archives.towson.edu/Documents/Detail/lossy-network-compression-for-distributed-network-intrusion-detection-applications/345212

Permanent Link

http://hdl.handle.net/11603/40130

Collections

Towson University Graduate Theses and Dissertations

Author/Creator

Author/Creator ORCID

Date

2022-12-15

Type of Work

dissertations
Text

Department

Towson University. Department of Computer and Information Sciences

Program

Citation of Original Publication

Rights

There are no restrictions on access to this document. An internet release form signed by the author to display this document online is on file with Towson University Special Collections and Archives.

Subjects

Abstract

In distributed network intrusion detection applications, it is necessary to transmit data from the remote sensors to the central analysis systems. Transmitting all the data captured by the sensor would place an unacceptable demand on the bandwidth available to the site. Most applications address this problem by sending only alerts or summaries; however, these alone do not always provide the analyst with enough information to truly understand what is happening on the network. Lossless compression techniques alone are not suffcient to address the bandwidth demand. This dissertation presents research into lossy compression techniques. It explores several ways in which the maliciousness of network traffc may be rated including entropy, magnitude, fow position, and a combination of N-grams and Bloom flters. These rating methods are combined into a tainted fow rating system. This tainted fow method was used to compress synthetic and competition data sets from 1998 until 2017 to a small percentage of their original size without signifcation loss of Snort alerts.