dc.contributor.author |
Al-Tamimi, Mustafa Abdul Aziz. |
dc.date.accessioned |
2013-10-02T09:23:37Z |
dc.date.available |
2013-10-02T09:23:37Z |
dc.date.issued |
2013 |
dc.identifier.uri |
http://hdl.handle.net/10938/9656 |
dc.description |
Thesis (M.S.)--American University of Beirut, Department of Computer Science, 2013. |
dc.description |
Advisor : Dr. Wassim El-Hajj, Assistant Professor, Department of Computer Science--Committee Members : Dr. Maha El-Choubassi, Assistant Professor, Department of Computer Science ; Dr. Hazem Hajj, Assistant Professor, Department of Electrical and Computer Engineering. |
dc.description |
Includes bibliographical references (leaves 37-38) |
dc.description.abstract |
Port scanning is one of the most popular reconnaissance techniques that many attackers use to profile running services on a potential target before launching an attack. Many port scanning detection mechanisms have been suggested in literature. To test the proposed detection approaches, researchers use data sets that are available online or simulate their own. However, the available data sets do not provide complete logs and are usually outdated. Furthermore, the simulated datasets provide logs that do not resemble real-life scenarios. These deficiencies in the available data sets highly affect the performance of testing the IDSs and result in poor evaluations. Meanwhile, very little work has been done on generating port scanning benchmarks that researchers can use to test their detection methods. In this work, we suggest a simulation framework using OMNeT++ to generate benchmarks that resemble real-life traffic. We approach the problem by dividing it into three modules: (1) topology creation, (2) good traffic generation, and (3) bad traffic generation, each of which we make realistic, similar to deployed and usable networks. We also test our benchmark on IDSs such as Snort and MalewareAnalysis. We expect that the IDSs will not be able to catch many of the generated port scanning attacks, specifically the slow and distributed ones. We also believe that many false alarms will be produced. Consequently, the proposed framework and the annotated benchmarks will provide an effective way of testing the power of IDSs’ port scanning detection modules. |
dc.format.extent |
xi, 38 leaves : ill. ; 30 cm. |
dc.language.iso |
eng |
dc.relation.ispartof |
Theses, Dissertations, and Projects |
dc.subject.classification |
T:005848 AUBNO |
dc.subject.lcsh |
Computer networks -- Security measures. |
dc.subject.lcsh |
Computer networks -- Simulation methods. |
dc.subject.lcsh |
Computer hackers. |
dc.subject.lcsh |
Computer simulation. |
dc.subject.lcsh |
Computer security. |
dc.title |
Framework for creating realistic port scanning benchmark |
dc.type |
Thesis |
dc.contributor.department |
American University of Beirut. Faculty of Arts and Sciences. Department of Computer Science. |