Detecting malicious VBscripts using anomaly host based IDS based on principal component analysis (PCA)

Author

Racha El Sokkary, The American University in Cairo AUC

Abstract

Intrusion detection research over the last twenty years has focused on the threat of individuals illegally hacking into systems. Nowadays, intrusion threat to computer systems has changed radically. Instead of dealing with hackers, most current works focus on defending the system against code-driven attacks. Today’s web script codes such as VBScript are receiving increasing focus as a backdoor for attacking many computers through e-mail attachments or infected web sites. The nature of these malicious codes is that they can spread widely causing serious damages to many applications. Moreover, the majority of anti-virus tools used today are able to detect known attacks but are unable to detect new and unknown attacks. The work in this thesis presents an Anomaly host based Intrusion Detection System (IDS) that provides protection against web attacks from malicious VBScripts. The core of the system treats anomalies as outliers and this IDS model uses a Multivariate Statistical technique, Principal Component Analysis (PCA) to reduce the dimensionality of the problem while keeping the major principal components of benign instances. Hence, the system can easily filter malicious scripts that deviate from normal behavior and allow for normal scripts to bypass; so any future or unknown VBScript attacks are effectively captured while maintaining a low rate of false alarms.

Department

Computer Science & Engineering Department

Degree Name

MS in Computer Science

Date of Award

6-1-2005

Online Submission Date

2-27-2013

First Advisor

El Kassas, Sherif

Committee Member 1

El Kassas, Sherif

Committee Member 2

Goneid, Amr

Document Type

Thesis

Extent

160 p.

Rights

The American University in Cairo grants authors of theses and dissertations a maximum embargo period of two years from the date of submission, upon request. After the embargo elapses, these documents are made available publicly. If you are the author of this thesis or dissertation, and would like to request an exceptional extension of the embargo period, please write to thesisadmin@aucegypt.edu

IRB

Not necessary for this item

Recommended Citation

APA Citation

El Sokkary, R. (2005).Detecting malicious VBscripts using anomaly host based IDS based on principal component analysis (PCA) [Thesis, the American University in Cairo]. AUC Knowledge Fountain.
https://fount.aucegypt.edu/retro_etds/2333

MLA Citation

El Sokkary, Racha. Detecting malicious VBscripts using anomaly host based IDS based on principal component analysis (PCA). 2005. American University in Cairo, Thesis. AUC Knowledge Fountain.
https://fount.aucegypt.edu/retro_etds/2333