Master Degree / Yüksek Lisans Tezleri
Permanent URI for this collectionhttps://hdl.handle.net/11147/3008
Browse
4 results
Search Results
Master Thesis Comparison of Recovery Requirements With Investigation Requirements for Intrusion Management Systems(Izmir Institute of Technology, 2002) Arpaçay Tapucu, Dilek; Tuğlular, TuğkanComputer systems resources and all data contained in the system may need to be protected against the increasing number of unauthorized access, manipulation and malicious intrusions. This thesis is concerned with intrusion management systems and specially with their investigation and recovery subsystems. The goals of these systems are to investigate intrusion attempts and recover from intrusions as fast as possible. In order to achieve these goals me should observe the fact that some of the intrusion attempts will be eventually successful should be accepted and necessary precautions should be taken.After an intrusion has taken place, the focus should be on the assessment:looking at what damage has occurred, how it happened, what changes can be made to prevent such attacks in the future. In this thesis, requirements of investigation and recovery process are determined and related guidelines developed. The similarities and differences between these guidelines are explained.Master Thesis Anomaly Detection Using Network Traffic Characterization(Izmir Institute of Technology, 2009) Yarımtepe, Oğuz; Tuğlular, Tuğkan; Tuğlular, TuğkanDetecting suspicious traffic and anomaly sources are a general tendency about approaching the traffic analyzing. Since the necessity of detecting anomalies, different approaches are developed with their software candidates. Either event based or signature based anomaly detection mechanism can be applied to analyze network traffic. Signature based approaches require the detected signatures of the past anomalies though event based approaches propose a more flexible approach that is defining application level abnormal anomalies is possible. Both approach focus on the implementing and defining abnormal traffic. The problem about anomaly is that there is not a common definition of anomaly for all protocols or malicious attacks. In this thesis it is aimed to define the non-malicious traffic and extract it, so that the rest is marked as suspicious traffic for further traffic. To achieve this approach, a method and its software application to identify IP sessions, based on statistical metrics of the packet flows are presented. An adaptive network flow knowledge-base is derived. The knowledge-base is constructed using calculated flows attributes. A method to define known traffic is displayed by using the derived flow attributes. By using the attributes, analyzed flow is categorized as a known application level protocol. It is also explained a mathematical model to analyze the undefined traffic to display network traffic anomalies. The mathematical model is based on principle component analysis which is applied on the origindestination pair flows. By using metric based traffic characterization and principle component analysis it is observed that network traffic can be analyzed and some anomalies can be detected.Master Thesis Development of a Quality Assurance Prototype for Intrusion Detection Systems(Izmir Institute of Technology, 2002) Yüksel, Ulaş; Tuğlular, TuğkanQuality assurance is an essential activity for any business interacting with consumers. There are considerable number of projects going on to develop intrusion detection systems (IDSs). However, efforts to establish standards and practices to ensure the quality of such systems are comparatively less significant. The quality assurance activities for IDSs should ensure the conformance of explicitly stated functional and performance requirements as well as implicit characteristics that are expected from information security tools. This dissertation establishes guidelines to review, evaluate and possibly to develop an IDS. To establish guidelines, generic IDS and software requirements, software quality factors and design principles are used which are available in related literature and these requirements are presented both on developed generic IDS model and in Common Criteria Protection Profile format. First, the guidelines are developed, then they are implemented on a specific IDS product evaluation.Master Thesis Development of a Static Analysis Tool To Find Securty Vulnerabilities in Java Applications(Izmir Institute of Technology, 2010) Topuz, Bertan; Tuğlular, TuğkanThe scope of this thesis is to enhance a static analysis tool in order to find security limitations in java applications. This will contribute to the removal of some of the existing limitations related with the lack of java source codes. The generally used tools for a static analysis are FindBugs, Jlint, PMD, ESC/Java2, Checkstyle. In this study, it is aimed to utilize PMD static analysis tool which already has been developed to find defects Possible bugs (empty try/catch/finally/switch statements), Dead code (unused local variables, parameters and private methods), Suboptimal code (wasteful String/StringBuffer usage), Overcomplicated expressions (unnecessary if statements for loops that could be while loops), Duplicate code (copied/pasted code means copied/pasted bugs). On the other hand, faults possible unexpected exception, length may be less than zero, division by zero, stream not closed on all paths and should be a static inner class cases were not implemented by PMD static analysis tool. PMD performs syntactic checks and dataflow analysis on program source code.In addition to some detection of clearly erroneous code, many of the .bugs. PMD looks for are stylistic conventions whose violation might be suspicious under some circumstances. For example, having a try statement with an empty catch block might indicate that the caught error is incorrectly discarded. Because PMD includes many detectors for bugs that depend on programming style, PMD includes support for selecting which detectors or groups of detectors should be run. While PMD.s main structure was conserved, boundary overflow vulnerability rules have been implemented to PMD.