Scalable detection of community cyber incidents utilizing distributed and anonymous security information sharing

dc.contributor.advisorWhite, Gregory
dc.contributor.authorHarrison, Keith
dc.contributor.committeeMemberMaynard, Hugh
dc.contributor.committeeMemberNiu, Jianwei
dc.contributor.committeeMemberRobbins, Kay
dc.contributor.committeeMemberSandhu, Ravi
dc.descriptionThis item is available only to currently enrolled UTSA students, faculty or staff. To download, navigate to Log In in the top right-hand corner of this screen, then select Log in with my UTSA ID.
dc.description.abstractCommunities are experiencing cyber attacks from a multitude of threat agents. These cyber attacks have had severe consequences in the past, and the potential for even more devastating effects will grow as communities become more reliant upon cyberspace. Communities must adopt a defense in depth strategy which includes preventing, detecting, responding to, and recovering from cyber attacks. Previously, our research efforts focused on preventative measures. This dissertation focuses on the detection of a wide variety of community cyber incidents. The detection framework is designed to provide the means to enable a fast and effective response and recovery. A distributed and descriptive information sharing framework is presented, designed around the needs of community cyber incident detection. Although this dissertation focuses on the sharing of Intrusion Detection System (IDS) alerts, the information sharing framework is generic. A fully working implementation was created, and used to conduct simulations. From the analysis of results, new algorithms and techniques are devised to greatly improve the scalability of the information sharing. Additionally, the simulation results are verified using additional relevant real-world data. A community cyber incident detection framework is introduced, which is the only known detection framework tailored to the needs of a community. Spatiotemporal differentiation, a new community cyber incident detection technique, is introduced. Detection capabilities are improved over the related works known as Collaborative Intrusion Detection Systems (CIDSs). Again, overall scalability is improved by analyzing previous results and introducing new, specialized techniques to remove unnecessary reports on potential community cyber incidents. Scalability simulations are performed producing the only known quantifiable data. Furthermore, the usefulness and usability of the community cyber incident detection system is demonstrated through a real-time case study.
dc.description.departmentComputer Science
dc.format.extent170 pages
dc.subjectInformation Sharing
dc.subjectIntrusion Detection
dc.subject.classificationComputer science
dc.titleScalable detection of community cyber incidents utilizing distributed and anonymous security information sharing
dcterms.accessRightspq_closed Science of Texas at San Antonio of Philosophy


Original bundle

Now showing 1 - 1 of 1
No Thumbnail Available
1020.44 KB
Adobe Portable Document Format