Minimization of DDoS false alarm rate in Network Security; Refining fusion through correlation

Intrusion Detection Systems are designed to monitor a network environment and generate alerts whenever abnormal activities are detected. However, the number of these alerts can be very large making their evaluation a difficult task for a security analyst. Alert management techniques reduce alert volume significantly and potentially improve detection performance of an Intrusion Detection System. This thesis work presents a framework to improve the effectiveness and efficiency of an Intrusion Detection System by significantly reducing the false positive alerts and increasing the ability to spot an actual intrusion for Distributed Denial of Service attacks. Proposed sensor fusion technique addresses the issues relating the optimality of decision-making through correlation in multiple sensors framework. The fusion process is based on combining belief through Dempster Shafer rule of combination along with associating belief with each type of alert and combining them by using Subjective Logic based on Jøsang theory. Moreover, the reliability factor for any Intrusion Detection System is also addressed accordingly in order to minimize the chance of false diagnose of the final network state. A considerable number of simulations are conducted in order to determine the optimal performance of the proposed prototype

Atomicity Implementation in E-Commerce Systems

Distributed databases with high performance and availability do not have the traditional ACID properties (Atomicity, Consistency, Isolation and Durability) because long duration locks will reduce the availability and the write performance. The problems of the missing ACID properties may be avoided by using approximated ACID properties, i.e. from an application point of view; the system should function as if all the traditional ACID properties had been implemented. The distributed approximated atomicity property manages the workflow of a transaction in such a way that either all the updates of the global transaction are executed (sooner or later) or all the updates of the global transaction are removed/compensated. In this paper, we will describe a flexible algorithm for implementing distributed approximated atomicity. Frank and Zahle [1] have described how to implement the other global approximated ACID properties. We will illustrate our algorithm with E-commerce examples. If one of the partaking subsystems fails in a system for E-commerce, the approximated atomicity property will ensure that when an order is accepted, the payment and stock levels are managed automatically in the locations of the partaking banks and product stocks. Even logistics and/or production may be managed by using approximated atomicity. We have cooperated with one of the major ERP (Enterprise Resource Planning) software companies in designing a distributed version of the ERP system with local autonomous databases in the different sales and stock locations

Theory of systems of asynchronous parallel processors

Issued as Progress report and Final report, Project no. G-36-63