Πλοήγηση ανά Συγγραφέας "Kostopoulos, Stamatios"
Τώρα δείχνει 1 - 1 of 1
Αποτελέσματα ανά σελίδα
Επιλογές ταξινόμησης
Τεκμήριο Machine learning-based near real time intrusion detection and prevention system using eBPF.(ΕΛ.ΜΕ.ΠΑ., ΣΧΟΛΗ ΜΗΧΑΝΙΚΩΝ (ΣΜΗΧ), Τμήμα Ηλεκτρολόγων Μηχανικών και Μηχανικών Υπολογιστών, 2024-02-12) Kostopoulos, Stamatios; Κωστόπουλος, ΣταμάτιοςAs technology evolves rapidly, more and more critical infrastructures are going online. Malicious individuals are trying to exploit such infrastructures, thus cyber-attacks have become a major issue for users and businesses. Various network security software applications are developed to prevent or mitigate cyber-attacks; however, with a low success rate [1], as more than three billion zero-day [2] attacks were reported in a calendar year in the USA and Australia according to Symantec Internet Security Threat Report . Current software applications struggle to confront the more sophisticated malware that cybercriminals use. Additionally, network security software applications, which utilize network packets for detecting cyber-attacks, consume a great amount of power and system resources, such as Random Access Memory (RAM), Disk, Central Processing Unit (CPU), etc. After researching and reviewing multiple technologies that can be employed to implement optimal security systems, this thesis proposes a cyber-security software application named eIDPs. The proposed solution employs novel technologies for detecting, analyzing, and preventing various network attacks, while utilizing minimum computer resources, namely: the Extended Berkeley Packet Filter (eBPF), which can run virtualized functions directly in the kernel, and Machine Learning (ML) for detecting, analyzing, and preventing various network attacks, while utilizing minimum computer resources. The use of novel technologies resulted in a better, efficient attack detection and prevention system compared to the current state-of-art network intrusion detection and prevention systems, such as Snort . A comparison was conducted between the solution proposed in this thesis and the Snort software, in a closed test environment. Slight modifications were performed on the Snort detection schema for utilizing the same ML model internally, in order to perform equal measurements between the proposed solution and the Snort software. The evaluation results showcased that eIDPS are vastly more lightweight and efficient in detecting and preventing malicious activities.