HybrIDS: Embeddable Hybrid Intrusion Detection System

Abstract

In order to provide preventative security to a homogeneous device network, techniques in addition to static encryption must be implemented to assure network integrity by identifying possible deviant nodes within the collective. This thesis proposes a set of algorithms and techniques for an intrusion detection system, which when combined, provide a two-stage approach that seeks to reduce or eliminate training period requirements, while providing multiple anomaly detection and a degree of self tuning. By utilizing a high level of behavioral abstraction, these intrusion detection techniques can be applied to a broad range of devices, network implementations, and scenarios. Each device node is supplied with an embedded intrusion detection system which allows it to monitor inter-device requests, enabling machine learning techniques for purposes of deviant node analysis. The two principal methods, a maxima detection scheme, and a cross-correlative detection scheme, are combined to create a two-phase detection scheme that can successfully determine deviant node pervasion percentages of up to 22% within the homogeneous device network.