Description: In this research, a security architecture based on the feedback control theory has been proposed. The first loop has been designed, developed and tested. The architecture proposes a feedback model with many controllers located at different stages of network. The controller at each stage gives feedback to the one at higher level and a decision about network security is taken. The first loop implemented in this thesis detects one important anomaly of virus attack, rate of outgoing connection. Though there are other anomalies of a virus attack, rate of outgoing connection is an important one to contain the spread. Based on the feedback model, this symptom is fed back and a state model using queuing theory is developed to delay the connections and slow down the rate of outgoing connections. Upon implementation of this model, whenever an infected machine tries to make connections at a speed not considered safe, the controller kicks in and sends those connections to a delay queue. Because of delaying connections, rate of outgoing connections decrease. Also because of delaying, many connections timeout and get dropped, reducing the spread. PID controller is implemented to decide the number of connections going to safe or suspected queue. Multiple controllers can be implemented to control the parameters like delay and timeout. Control theory analysis is performed on the system to test for stability, controllability, observability. Sensitivity analysis is done to find out the sensitivity of the controller to the delay parameter. The first loop implemented gives feedback to the architecture proposed about symptoms of an attack at the node level. A controller needs to be developed to receive information from different controllers and decision about quarantining needs to be made. This research gives the basic information needed for the controller about what is going on at individual nodes of ...
Date: December 2004
Creator: Yelimeli Guruprasad, Arun
Partner: UNT Libraries