Master Degree / Yüksek Lisans Tezleri

Permanent URI for this collectionhttps://hdl.handle.net/11147/3008

Browse

Filters

1999 - 199912000 - 20069

Settings

End date: 2009Subject: search.filters.subject.Computer networks--Security measures

Search Results

Now showing 1 - 10 of 10
  • Master Thesis
    A Firewall Design for Academic Environments
    (Izmir Institute of Technology, 2001) Tok, Metin; Koltuksuz, Ahmet Hasan
    Computer networks in academic environments could have many secUlity problems if there weren't enough precaution. The source of these problems is generally vulnerabilities of TCP/IP protocol and Internet. Vulnerabilities can cause threats. These threats will be analyzed in this thesis. There are many kind of countelmeasures to prevent the assets of the academic networks. Firewalls are a kind of countermeasure against these attacks. In this thesis, these countelmeasures will be also analyzed and a firewall will be designed and proposed for academic environments against these threats.
  • Master Thesis
    An Approch To the Security Problems in the Tcp/Ip Protocol Suite for a Network Security Monitor Design
    (Izmir Institute of Technology, 1999) Mutaf, Pars; Koltuksuz, Ahmet Hasan
    There are a number of security problems in the TCP/IP protocol suite. In this thesis these problems will be analyzed in detail. The problems in several existing prevention methods will be analyzed as well in order to show that security policies based merely on preventive measures are not completely secure and convenient. Therefore, "network security moniJoring" will be proposed as an alternative and supplementary approach against Internet attacks.
  • Master Thesis
    Standards and Practices Necessary To Implement a Successful Security Review Program for Intrusion Management Systems
    (Izmir Institute of Technology, 2002) Doruk, Alpay; Tuğlular, Tuğkan; Tuğlular, Tuğkan
    Intrusion Management Systems are being used to prevent the information systems from successful intrusions and their consequences. They also have detection features. They try to detect intrusions, which have passed the implemented measures. Also the recovery of the system after a successful intrusion is made by the Intrusion Management Systems. The investigation of the intrusion is made by Intrusion Management Systems also. These functions can be existent in an intrusion management system model, which has a four layers architecture. The layers of the model are avoidance, assurance, detection and recovery. At the avoidance layer necessary policies, standards and practices are implemented to prevent the information system from successful intrusions. At the avoidance layer, the effectiveness of implemented measures are measured by some test and reviews. At the detection layer the identification of an intrusion or intrusion attempt is made in the real time. The recovery layer is responsible from restoring the information system after a successful intrusion. It has also functions to investigate the intrusion. Intrusion Management Systems are used to protect information and computer assets from intrusions. An organization aiming to protect its assets must use such a system. After the implementation of the system, continuous reviews must be conducted in order to ensure the effectiveness of the measures taken. Such a review can achieve its goal by using principles and standards. In this thesis, the principles necessary to implement a successful review program for Intrusion Management Systems have been developed in the guidance of Generally Accepted System Security Principles (GASSP). These example principles are developed for tools of each Intrusion Management System layer. These tools are firewalls for avoidance layer, vulnerability scanners for assurance layer, intrusion detection systems for detection layer and integrity checkers for recovery layer of Intrusion Management Systems.
  • Master Thesis
    Analysis of Intrusion Prevention Methods
    (Izmir Institute of Technology, 2004) Semerci, Hakan; Tuğlular, Tuğkan
    Today, the pace of the technological development and improvements has compelled the development of new and more complex applications. The obligatory of application development in a short time to rapidly changing requirements causes skipping of some stages, mostly the testing stage, in the software development cycle thus, leads to the production of applications with defects. These defects are, later, discovered by intruders to be used to penetrate into computer systems. Current security technologies, such as firewalls, intrusion detection systems, honeypots, network-based antivirus systems, are insufficient to protect systems against those, continuously increasing and rapid-spreading attacks. Intrusion Prevention System (IPS) is a new technology developed to block today.s application-specific, data-driven attacks that spread in the speed of communication. IPS is the evolved and integrated state of the existing technologies; it is not a new approach to network security. In this thesis, IPS products of various computer security appliance developer companies have been analyzed in details. At the end of these analyses, the requirements of network-based IPSs have been identified and an architecture that fits those requirements has been proposed. Also, a sample network-based IPS has been developed by modifying the open source application Snort.
  • Master Thesis
    Comparison of Recovery Requirements With Investigation Requirements for Intrusion Management Systems
    (Izmir Institute of Technology, 2002) Arpaçay Tapucu, Dilek; Tuğlular, Tuğkan
    Computer systems resources and all data contained in the system may need to be protected against the increasing number of unauthorized access, manipulation and malicious intrusions. This thesis is concerned with intrusion management systems and specially with their investigation and recovery subsystems. The goals of these systems are to investigate intrusion attempts and recover from intrusions as fast as possible. In order to achieve these goals me should observe the fact that some of the intrusion attempts will be eventually successful should be accepted and necessary precautions should be taken.After an intrusion has taken place, the focus should be on the assessment:looking at what damage has occurred, how it happened, what changes can be made to prevent such attacks in the future. In this thesis, requirements of investigation and recovery process are determined and related guidelines developed. The similarities and differences between these guidelines are explained.
  • Master Thesis
    Development of a Quality Assurance Prototype for Intrusion Detection Systems
    (Izmir Institute of Technology, 2002) Yüksel, Ulaş; Tuğlular, Tuğkan
    Quality assurance is an essential activity for any business interacting with consumers. There are considerable number of projects going on to develop intrusion detection systems (IDSs). However, efforts to establish standards and practices to ensure the quality of such systems are comparatively less significant. The quality assurance activities for IDSs should ensure the conformance of explicitly stated functional and performance requirements as well as implicit characteristics that are expected from information security tools. This dissertation establishes guidelines to review, evaluate and possibly to develop an IDS. To establish guidelines, generic IDS and software requirements, software quality factors and design principles are used which are available in related literature and these requirements are presented both on developed generic IDS model and in Common Criteria Protection Profile format. First, the guidelines are developed, then they are implemented on a specific IDS product evaluation.
  • Master Thesis
    Statistical Methods Used for Intrusion Detection
    (Izmir Institute of Technology, 2006) Özardıç, Onur; Püskülcü, Halis
    Computer networks are being attacked everyday. Intrusion detection systems are used to detect and reduce effects of these attacks. Signature based intrusion detection systems can only identify known attacks and are ineffective against novel and unknown attacks. Intrusion detection using anomaly detection aims to detect unknown attacks and there exist algorithms developed for this goal. In this study, performance of five anomaly detection algorithms and a signature based intrusion detection system is demonstrated on synthetic and real data sets. A portion of attacks are detected using Snort and SPADE algorithms. PHAD and other algorithms could not detect considerable portion of the attacks in tests due to lack of sufficiently long enough training data.
  • Master Thesis
    An Analysis of Key Generation Efficiency of Rsa Cryptosystem in Distributed Environments
    (Izmir Institute of Technology, 2005) Çağrıcı, Gökhan; Koltuksuz, Ahmet; Koltuksuz, Ahmet Hasan
    As the size of the communication through networks and especially through Internet grew, there became a huge need for securing these connections. The symmetric and asymmetric cryptosystems formed a good complementary approach for providing this security. While the asymmetric cryptosystems were a perfect solution for the distribution of the keys used by the communicating parties, they were very slow for the actual encryption and decryption of the data flowing between them. Therefore, the symmetric cryptosystems perfectly filled this space and were used for the encryption and decryption process once the session keys had been exchanged securely. Parallelism is a hot research topic area in many different fields and being used to deal with problems whose solutions take a considerable amount of time. Cryptography is no exception and, computer scientists have discovered that parallelism could certainly be used for making the algorithms for asymmetric cryptosystems go faster and the experimental results have shown a good promise so far. This thesis is based on the parallelization of a famous public-key algorithm, namely RSA.
  • Master Thesis
    Firewall monitoring using intrusion detection systems
    (Izmir Institute of Technology, 2005) Asarcıklı, Şükran; Tuğlular, Tuğkan
    Most organizations have intranet, they know the benefits of connecting their private LAN to the Internet. However, Internet is inherently an insecure network. That makes the security of the computer systems an imported problem. The first step of network security is firewalls. Firewalls are used to protect internal networks from external attacks through restricting network access according to the rules. The firewall must apply previously defined rules to each packet reaching to its network interface. If the application of rules are prohibited due to malfunction or hacking, internal network may be open to attacks and this situation should be recovered as fast as possible. In order to be sure about the firewall working properly, we proposed to use Intrusion Detection Systems (IDS)to monitor firewall operation. The architecture of our experimental environment is composed of a firewall and two IDSs. One IDS is between external network and firewall, while the other is between firewall and private network. Those two IDSs are invisible to the both networks and they send their information to a monitoring server, which decides, based on two observations, whether the firewall is working properly or not.
  • Master Thesis
    Improving Misuse Detection With Neural Networks
    (Izmir Institute of Technology, 2005) Demiray, Sadettin; Tuğlular, Tuğkan
    Misuse Intrusion Detection Systems are rule-based systems that search attack patterns in the data source. Detection ability of misuse detectors is limited to known attack patterns; hence unknown attacks may be missed. In addition, writing new signatures for novel attacks can be troublesome and time consuming. Similarly behavior based IDSs suffered from high rates of false alarms. Artificial neural networks have generalization ability, thus they can be used with intrusion detection system in order to identify normal and attack packets without the need of writing rules. We proposed to use neural networks with network-based IDS. To achieve this, system was trained and tested with both normal and malicious network packets. Backpropagation and Levenberg-Marquardt algorithms were used to train neural networks. For each of these training algorithms a 3-layer and a 4-layer MLP network sets were generated. In addition, self-organizing maps were used to classify attack instances. DARPA 1999 Intrusion Detection Evaluation dataset was used for training and testing, but lack of enough attack patterns in evaluation dataset made us to create a testbed to obtain sufficient malicious traffic. After training was completed, trained neural networks were tested against training dataset and test dataset, which is not part of the training dataset. Results of the experiments showed that, none of the trained backpropagation networks could identify attacks in training and/or testing data sets. But results of the Levenberg-Marquardt networks were more promising as nine of the trained Levenberg-Marquardt networks could identify attack and normal network packets in training and test datasets.