Detection of denial of service attacks using database queries

Author

Dmytro Zakhalyavko, New Jersey Institute of Technology

Document Type

Thesis

Date of Award

Summer 8-31-2004

Degree Name

Master of Science in Electrical Engineering - (M.S.)

Department

Electrical and Computer Engineering

First Advisor

Constantine N. Manikopoulos

Second Advisor

Sotirios Ziavras

Third Advisor

George Antoniou

Abstract

In the current intrusion detection world, most intrusion detection systems output data into flat files. This project was conducted in order to improve intrusion detection data and alerts by writing them into a database system and analyzing them with SQL. A database plug-in was developed that helps to transition the data from an intrusion detection system to a database. Storing, analyzing, categorizing, and accessing data are major advantages and reasons for using databases in intrusion detection. Security analysts have to constantly perform the difficult task of sorting through a haystack of attack alerts, many of which turn out to be inaccurate. It is possible to make the job of managing these alerts, analyzing data with high precision, and searching for attacks or intrusions easier by using SQL based analysis. In addition, a statistical analysis was conducted and proved that such a method can be effective in detecting intrusions and increasing the security of the network.

Recommended Citation

Zakhalyavko, Dmytro, "Detection of denial of service attacks using database queries" (2004). Theses. 585.
https://digitalcommons.njit.edu/theses/585