Latency in intrusion detection systems (IDS) and cyber-attacks: A quantitative comparative study

Posted on:2017-02-26

Degree:Ph.D

Type:Thesis

University:Capella University

Candidate:Wahl, Robert S

Full Text:PDF

GTID:2468390014457646

Subject:Information Technology

Abstract/Summary:

Cyber-attacks are attempts to damage or destroy computer systems and networks, and are a concern for organizations as the frequency and complexity of attacks are increasing. In addition, organizations are at different levels of preparedness to detect and defend themselves against cyber-attacks. Defense against cyber-attacks is accomplished in three areas: software, hardware, and people. Two main classifications of cyber-attacks are targeted and non-targeted attacks. Targeted attacks are directed at a particular organization or a particular type of equipment. Non-targeted attacks do not have a specific target but are generic in nature and are opportunistic. As such, non-targeted attacks may result in damage to any organization that does not have the correct defenses in place. One type of hardware defense mechanism is intrusion detection systems. The speed of detection (detection latency) is a key challenge in Intrusion Detection System (IDS) design. If this latency is significant, attackers may have enough time to damage the target system. Faster detection and increased sensitivity in intrusion detection systems is desirable. A research gap exists, as information is lacking to show if damage resulting from cyber-attacks is higher, as a result of current intrusion detection system latency, than if intrusion detection systems with lower latency were available. For this research, the quantitative method using a non-experimental comparative and correlational research design was selected. The null hypothesis for the first research question, that the number of cyber-attacks does not statistically significantly differ based on the type of intrusion detection system used (e.g. network-based or host-based) for organizations in the United States, which was rejected. The null hypothesis for the second research question was that the number of cyber-attacks does not significantly differ based on the model of intrusion detection system used, knowledge-based (signature-based) and behavior-based (anomaly-based), for organizations in the United States, which failed to be rejected. The null hypothesis for the third research question was that there is no relationship between the intrusion detection latency period and the number of cyber-attacks, for organizations in the United States, which was rejected.

Keywords/Search Tags:

Intrusion detection, Cyber-attacks, Latency, Organizations, United states, Damage

Related items

1	Researches On Effective Defensive Strategies For Deception Attacks In The Cyber-Physical Systems
2	Evolution Of U.S. Cyber-security Policies And Its Implications For China
3	Detection And Description Of Multiple Actuator And Sensor Cyber-Attacks For Cyber-Physical Systems
4	Cyber Security Between The United States Of America And The People’s Republic Of China: Establishing Positive Norms In Cyberspace
5	Threat assessment of cyber attacks on retail and financial organizations
6	Statistical Methods for Detection and Mitigation of the Effect of Different Types of Cyber-Attacks and Inconsistencies in Electrical Design Parameters in a Real World Distribution System
7	The Research Of The United States Information Services In China
8	Intrusion Detection System (ids): Simulation And Analysis Of Denial Of Service Attacks
9	Analyzing cyber-attacks using feature similarity: A flow based detection approach
10	The File Information Security In China、the United States And Canada