Veuillez utiliser cette adresse pour citer ce document : https://di.univ-blida.dz/jspui/handle/123456789/15892
Affichage complet
Élément Dublin CoreValeurLangue
dc.contributor.authorOuld Bechiry, Abdallah-
dc.date.accessioned2022-05-12T10:18:12Z-
dc.date.available2022-05-12T10:18:12Z-
dc.date.issued2021-
dc.identifier.urihttps://di.univ-blida.dz/jspui/handle/123456789/15892-
dc.descriptionill., Bibliogr.fr_FR
dc.description.abstractIntrusion detection system is a well known security tool, used by companies to protect their resources and the services they provid from the massive amout of computer threats these companies are a potential targets for. In this thesis we try to shed some light on the importance, advantages and disadvantages of IDSs then we will focus on one of these diadvantages which is the rate of false positive alerts in an IDS. We chose to work with an open sorce IDS called snort. The approach we are taking in order to minimize the rate of false positives is to consider the cotext changes on the protected network like trusted devices inside the network, network packet timing, which device initiated the comunication..etc. We desinged our filtering software that takes said context changes inside the network we layed out as a test bed into consideration. We used wireshark to capture network packets and passed them to snort to detect any intrusion that may have happened. Snort then outputs log files containing alerts about any suspicious packets, we then input these files into our software which analyses the IDS logs in order to filter the false alerts. We intentionally attacked our network through a known vulnerability to ensure that some of the packets were malicious and to test that our software does not filter the alerts generated by the IDS conserning the packets related to this attack. we found segnificant diffrence in the number of alerts before and after filtering. The process and results are all mentioned and detailed in the core of this thesis. Keywords IDS, Snort, Network packets, Alert, Context, False positive, Filter, Intrusion, Detection, Attack, Threat.fr_FR
dc.language.isoenfr_FR
dc.publisherUniversité Blida 1fr_FR
dc.subjectIDSfr_FR
dc.subjectSnortfr_FR
dc.subjectNetwork packetsfr_FR
dc.subjectAlertfr_FR
dc.subjectContextfr_FR
dc.subjectFalse positivefr_FR
dc.subjectFilterfr_FR
dc.subjectIntrusionfr_FR
dc.subjectDetectionfr_FR
dc.subjectAttackfr_FR
dc.subjectThreatfr_FR
dc.titleMinimizing the rate of false positives in Intrusion Detection Systems by considering the context changesfr_FR
dc.typeThesisfr_FR
Collection(s) :Mémoires de Master

Fichier(s) constituant ce document :
Fichier Description TailleFormat 
Abdallah Ould Bechiry( Minimizing the rate of false positives in IDS by considering context changes.pdf1,65 MBAdobe PDFVoir/Ouvrir


Tous les documents dans DSpace sont protégés par copyright, avec tous droits réservés.