Date of Award

3-21-2013

Document Type

Thesis

Degree Name

Master of Science

Department

Department of Electrical and Computer Engineering

First Advisor

Kennard R. Laviers, PhD.

Abstract

Today's computer networks are under constant attack. In order to deal with this constant threat, network administrators rely on intrusion detection and prevention services (IDS) (IPS). Most IDS and IPS implement static rule sets to automatically alert administrators and resolve intrusions. Network administrators face a difficult challenge, identifying attacks against a vast number of benign network transactions. Also after a threat is identified making even the smallest policy change to the security software potentially has far-reaching and unanticipated consequences. Finally, because the administrator is primarily responding to alerts they may lose situational awareness of the network. During this research a MNDI was created that visualized a live network under cyber attack. MNDI allowed test subjects to take actions and make configuration changes in real time on the network. The interface was designed to take advantage of state-of-the-art touch technology engaging the network administrator in the defense of the network. MNDI increased administrator's ability to make time-sensitive decision quickly and accurately on their network. MNDI was tested against a set of open source network administration tool implemented on a desktop system. Both systems used an automated system that polled an ES to resolve zero to 75% of the alerts. The amount of alerts resolved is referred to as level of automation (LOA). During the experiment MNDI outperformed the desktop configuration at all LOAs. The test results showed a statistical difference between the percentage of alerts correctly resolved and the time between actions on MNDI versus desktop test subjects.

AFIT Designator

AFIT-ENG-13-M-21

DTIC Accession Number

ADA582489

Download

Share

COinS