LIDS: A Learning Intrusion Detection System Electronic Version Approved:

Abstract

(Under the direction of Dr. Walter D. Potter) The detection of attacks against computer networks is becoming a harder problem to solve in the field of network security. The dexterity of the attackers, the developing technologies and the enormous growth of internet traffic have made it difficult for any existing intrusion detection system to offer a reliable service. However, a close examination of the problem shows that there usually exists a behavioral pattern in the attacks that can be learned and can be used to detect intrusions more effectively. Thus, there is a requirement for a system with learning and adapting capabilities for optimal performance. This thesis discusses a Learning Intrusion Detection System called LIDS that includes a blackboard-based architecture with autonomous agents. It has the capability for online learning, which may result in better performance than present systems. This feature enables the system to adapt to changes in the network environment as it assimilates more network data