Ruling the Rules: Quantifying the Evolution of Rulesets, Alerts and Incidents in Network Intrusion Detection

Notwithstanding the predicted demise of signature-based network monitoring, it is still part of the bedrock of security operations. Rulesets are fundamental to the efficacy of Network Intrusion Detection Systems (NIDS). Yet, they have rarely been studied in production environments. We partner with a Managed Security Service Provider (MSSP) to...

Anomaly Detection Beyond the Research Setting: An exploration of the use of statistics and machine learning to detect cyber attacks

In this work we approach the problem of deploying anomaly detection techniques for detecting cyber attacks in an organisational environment. Anomaly detection has been an active research area for almost three decades with promising results. However, few such systems have been successfully im- plemented in an operational environment for improving...

Event correlation for detecting advanced multi-stage cyber-attacks

Rapidly evolving IT infrastructures bring beneficial effects to society and promote information sharing and use. However, vulnerabilities create opportunities for hostile users to perform malicious activities and IT security has gradually turned into a critical research area for organizations and governments. Processes of decision making in...

Designs and algorithms for packet and content inspection

This dissertation deals with essential issues pertaining to high performance processing for network security and deep packet inspection. The proposed solutions keep pace with the increasing number and complexity of known attack descriptions providing multi-Gbps processing rates. We advocate the use of reconfigurable hardware to provide...