Date of Award

3-2008

Document Type

Thesis

Degree Name

Master of Science in Computer Engineering

Department

Department of Electrical and Computer Engineering

First Advisor

Barry E. Mullins, PhD

Abstract

This thesis describes the development and evaluation of a novel system called the Network Attack Characterization Tool (NACT). The NACT employs digital signal processing to detect network intrusions, by exploiting the Lomb-Scargle periodogram method to obtain a spectrum for sampled network traffic. The Lomb-Scargle method for generating a periodogram allows for the processing of unevenly sampled network data. This method for determining a periodogram has not yet been used for intrusion detection. The spectrum is examined to determine if features exist above a significance level chosen by the user. These features are considered an attack, triggering an alarm. Two traffic statistics are used to construct the time series over which the periodogram analysis is accomplished. These two statistics are packet inter-arrival time and payload size. The traffic source for this research is the 1999 DARPA intrusion detection data set developed by MIT Lincoln Laboratories. Three specific attacks from this data set are examined; the Processtable attack, the Dictionary attack and the Teardrop attack. Of the three attacks the NACT was able to detect the Processtable attack with an accuracy of 100%. The Dictionary and Teardrop attacks were also detected with 100% and 85% accuracies respectively. This success in detecting these attacks establishes that digital signal processing methods can be a successful technique for network intrusion detection.

AFIT Designator

AFIT-GCE-ENG-08-04

DTIC Accession Number

ADA480262

Share

COinS