Intrusion Detection Using Heterogeneous Data Sources
| dc.contributor.advisor | Ghaderi, Majid | |
| dc.contributor.author | Abhari, Bardia | |
| dc.contributor.committeemember | Henry, Ryan Douglas | |
| dc.contributor.committeemember | Hudson, Jonathan Wiliam | |
| dc.date.accessioned | 2024-01-19T21:55:51Z | |
| dc.date.available | 2024-01-19T21:55:51Z | |
| dc.date.issued | 2024-01-18 | |
| dc.description.abstract | Amidst the growing sophistication of cyber-attacks and malware, conventional Intrusion Detection Systems (IDS) often fall short, primarily due to their reliance on single data sources, such as Network-based (NIDS) or Host-based Intrusion Detection Systems (HIDS). These systems tend to miss a comprehensive view of network activities, as highlighted in existing literature. Recent research efforts have attempted to integrate multiple heterogeneous data sources, yet often treat each data source in isolation, thereby overlooking the complex interrelations that exist among various data sources within the same network. This thesis introduces IMD-IDS, which stands apart by its ability to fuse multiple heterogeneous data sources effectively for anomaly detection. The centrepiece of IMD-IDS is a machine learning (ML) based detection engine trained concurrently on all available data sources, whether heterogeneous or not. This approach enables IMD-IDS to uncover and understand the intricate relationships between different data sources. To achiece this, a novel fusion algorithm is presented, leveraging BERT encoders to convert textual host data into numerical vectors. These vectors are then integrated with feature vectors derived from network data, forming a rich, combined dataset. The XGBoost model, employed within IMD-IDS, utilizes this unified dataset to enhance anomaly detection accuracy, benefiting from simultaneous access to diverse data sources. Through experimental validation, this thesis demonstrates that IMD-IDS achieves superior performance compared to previous multi-datasource IDS approaches, particularly in detecting both known and zero-day attacks. The results show an average performance improvement of 12\% and 10\%, respectively, for these attack types. | |
| dc.identifier.citation | Abhari, B. (2024). Intrusion detection using heterogeneous data sources (Master's thesis, University of Calgary, Calgary, Canada). Retrieved from https://prism.ucalgary.ca. | |
| dc.identifier.uri | https://hdl.handle.net/1880/118009 | |
| dc.identifier.uri | https://doi.org/10.11575/PRISM/42853 | |
| dc.language.iso | en | |
| dc.publisher.faculty | Arts | |
| dc.publisher.institution | University of Calgary | |
| dc.rights | University of Calgary graduate students retain copyright ownership and moral rights for their thesis. You may use this material in any way that is permitted by the Copyright Act or through licensing that has been assigned to the document. For uses that are not allowable under copyright legislation or licensing, you are required to seek permission. | |
| dc.subject | Network Security | |
| dc.subject | Intrusion Detection | |
| dc.subject | Word Embedding | |
| dc.subject | Applied Machine Learning | |
| dc.subject | Multi Data Source | |
| dc.subject.classification | Education--Sciences | |
| dc.title | Intrusion Detection Using Heterogeneous Data Sources | |
| dc.type | master thesis | |
| thesis.degree.discipline | Computer Science | |
| thesis.degree.grantor | University of Calgary | |
| thesis.degree.name | Master of Science (MSc) | |
| ucalgary.thesis.accesssetbystudent | I do not require a thesis withhold – my thesis will have open access and can be viewed and downloaded publicly as soon as possible. |