Intrusion Detection and Protection of Application Servers

Abstract: The protection of application servers using intrusion detection and other related techniques is studied in this thesis. A thorough review is first made of taxonomies for intrusion detection systems (IDSs) and how these can help to understand the basic functionality and problems of intrusion detection. A lightweight IDS with a number of interesting features has been developed and tested in real-life situations. I have also studied the consequences of letting such a tool be integrated into an application server rather than keeping it separate from the monitored application, as is common in traditional host-based or network-based systems. Integration enables several advantages, such as the ability to monitor encrypted transactions, an Achilles' heel in traditional systems. I also studied a number of extensions and further developments to intrusion detection. I have developed an intrusion tolerant architecture that not only detects intrusions but also provides a means to tolerate them with a graceful degradation of the offered service. The intrusion tolerance is achieved by leveraging methods from the fault-tolerant community. Finally, I suggest a method for facilitating the set-up and training of IDSs based on active learning algorithms. Considerable performance improvements can be achieved in this way, as shown in the experiments done in this work.

  This dissertation MIGHT be available in PDF-format. Check this page to see if it is available for download.