Skip to Main content Skip to Navigation
Theses

Approche algorithmique pour l’amélioration des performances du système de détection d’intrusions PIGA

Abstract : PIGA is a tool for detecting malicious behaviour by analysing system activity. This tool uses signatures representing illegal behaviours that violate security properties defined in the policy. The signatures are generated from graphs modelling the operation between different system entities and stored in the memory during the intrusion detection. The signature base can take up several MB (Megabytes). This will reduce system performance when the intrusion detection is running. During this thesis, we set up two methods to reduce the memory used to store the signatures while also preserving their quality. The first method is based on the modular decomposition of graphs. We used this notion of graph theory to reduce the size of the graph and lower the number and length of signatures. Applied to confidentiality properties on a gateway system, this method divides by 20 the number of generated signature. The second method reduces directly the signature base by deleting useless signatures when PIGA is used as an IPS. Applied to the same properties, this method divides by 5 the number of generated signatures. Using both methods together, the number of signatures is divided by more than 50. Next, we adapted the detection mechanism to use the new generated signatures. The experiments show that the new mechanism detects the same illegal behaviours detected by the previous one. Furthermore, we reduced the response time of PIGA.
Document type :
Theses
Complete list of metadatas

Cited literature [25 references]  Display  Hide  Download

https://tel.archives-ouvertes.fr/tel-01080541
Contributor : Abes Star :  Contact
Submitted on : Wednesday, November 5, 2014 - 3:12:00 PM
Last modification on : Wednesday, November 20, 2019 - 1:42:37 AM
Long-term archiving on: : Friday, February 6, 2015 - 10:36:20 AM

File

pierre.clairet_3622_vm.pdf
Version validated by the jury (STAR)

Identifiers

  • HAL Id : tel-01080541, version 1

Citation

Pierre Clairet. Approche algorithmique pour l’amélioration des performances du système de détection d’intrusions PIGA. Autre [cs.OH]. Université d'Orléans, 2014. Français. ⟨NNT : 2014ORLE2016⟩. ⟨tel-01080541⟩

Share

Metrics

Record views

537

Files downloads

512