Show simple item record

dc.contributor.authorLavorato, Kyle
dc.contributor.otherQueen's University (Kingston, Ont.). Theses (Queen's University (Kingston, Ont.))en
dc.date.accessioned2019-08-30T01:18:36Z
dc.date.available2019-08-30T01:18:36Z
dc.identifier.urihttp://hdl.handle.net/1974/26500
dc.description.abstractAs technology continues to evolve at a rapid pace, the opportunities for malicious attacks and vulnerabilities grows equally. Constant monitoring of networks is required to prevent attacks, even in networks without any external connections. We often use software known as Intrusion Detection Systems (IDS) to parse, analyze, and constrain data in a network to follow normal traffic patterns. Combined with specifications detailing the form of that traffic and real-time learning, they are effective at detecting attacks. Achieving near-perfect results in intrusion detection is not an easy task. Many of the current top IDS technologies have the analysis infrastructure required of such a task but fall short of the goal. Inefficient algorithms, communication, and architectures cause these systems to process data at a rate slower than their input. Improvements to the parsing and analysis components of any IDS is the key to improving their detection-rate. Current systems attempt to incorporate efficiency into their design such as dedicated parse routines or detect profiles to avoid duplicate traffic. However they are often not general, offering improvement only in certain scenarios, or not impactful enough. In this thesis, we propose several dynamic optimizations for Intrusion Detection Systems as a whole, implementing them in a state-of-the-art test system. We develop parser side optimizations capable of analyzing protocol specifications to decode them more efficiently. A deep grammar analysis investigates conglomerate data structures that should be separated and treated as individual entries. A lookahead process then follows to prevent inefficient backtracking parse algorithms. We additionally investigate the concept of parallelism through a decoupling of the parser and analysis components of the IDS. Using multi-threading synchronization, we are able to dispatch multiple instances of each process. This allows additional data to flow through the system to further reduce the chance of data overflow. Our parallel architecture itself includes multiple optimal algorithms and efficiencies, including memory pools, lock reduction, and intelligent threading. The entire parallel system, including optimizations is dynamically generated from an input set of network protocol descriptions. Therefore allowing parallelism access to any developer who implements the IDS, avoiding the traditional large development cost of parallel programming.en_US
dc.language.isoenen_US
dc.relation.ispartofseriesCanadian thesesen
dc.rightsQueen's University's Thesis/Dissertation Non-Exclusive License for Deposit to QSpace and Library and Archives Canadaen
dc.rightsProQuest PhD and Master's Theses International Dissemination Agreementen
dc.rightsIntellectual Property Guidelines at Queen's Universityen
dc.rightsCopying and Preserving Your Thesisen
dc.rightsThis publication is made available by the authority of the copyright owner solely for the purpose of private study and research and may not be copied or reproduced except as permitted by the copyright laws without written authority from the copyright owner.en
dc.subjectOptimizationen_US
dc.subjectIntrusion Detectionen_US
dc.subjectParallelismen_US
dc.subjectMulti-Threadingen_US
dc.subjectParsingen_US
dc.subjectIDS Generatoren_US
dc.subjectGrammar Analysisen_US
dc.subjectSynchronizationen_US
dc.subjectLookaheaden_US
dc.subjectTXLen_US
dc.subjectNetwork Protocolsen_US
dc.titleOptimization of a Generated Intrusion Detection Systemen_US
dc.typethesisen
dc.description.degreeMaster of Applied Scienceen_US
dc.contributor.supervisorDean, Thomas
dc.contributor.departmentElectrical and Computer Engineeringen_US


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record