| Summary: | Based on analysis from collected network traces, a decade of literature in the field of intrusion detection, experiences shared by people in the network security domain, and some new heuristics, this thesis explores several directions in which to extend the functionality and performance of existing Intrusion Detection Systems(IDS). We first present a new method for detecting a whole range of TCP attacks, and an extension of that method for detecting Distributed Denial of Service attacks. We then analyze two directions for enhancing performance: using cloud services to flexibly scale to higher IDS throughput; and leveraging hardware functionality in modern network cards for efficient multi-core processing. === Science, Faculty of === Computer Science, Department of === Graduate
|
|---|
