Jason Kistner

Abstract

Cyber crime is an increasingly prominent threat to all aspects of society including businesses, government, banks, transportation, and individuals. The security of computer networks is dependent on the ability to recognize and defend against malicious cyber attacks. The goal of this thesis is to utilize operation research techniques to create tools that will significantly contribute to cyber security. A simulation framework and template is developed to efficiently represent computer networks and cyber security intrusion detection systems. The simulation is capable of generating complex cyber attacks based on the computer network configuration and the capabilities of the attacker. The simulation results in alert messages corresponding to attack actions and ordinary network behavior which are typically used by situational awareness tools or systems administrators to identify and take action against the attack. Through verification, validation, and an experimental performance evaluation, the simulation model is shown to be an effective tool to enable testing of situational awareness tools and for determining network vulnerabilities. In addition, this thesis extends the highly effective information fusion methods of situational awareness and threat assessment by introducing a method of adaptive process refinement for cyber security. The adaptive process refinement model utilizes integer programming optimization to improve the success of cyber attack detection, tracking, and identification. The process refinement model is designed to dynamically provide recommendations for optimal allocation of network detection resources subject to processing capacity, current attack activity, and network vulnerabilities. The cyber attack simulation methodology is utilized to create a set of attack scenarios on computer networks that are used conduct an experimental performance evaluation of the adaptive process refinement model to determine its capabilities and limitations. The simulation and process refinement methods provide operations research tools that will help to advance the field of cyber security.

Library of Congress Subject Headings

Computer crimes--Computer simulation; Computer crimes--Prevention; Cyberterrorism--Computer simulation; Cyberterrorism--Prevention; Computer networks--Security measures

Publication Date

7-2006

Document Type

Thesis

Department, Program, or Center

Industrial and Systems Engineering (KGCOE)

Advisor

Michael E. Kuhl

Advisor/Committee Member

Moises Sudit

Comments

Physical copy available from RIT's Wallace Library at HV6773 .K47 2006

Campus

RIT – Main Campus

Download

Share

COinS