Intrusion detection research over the last twenty years has focused on the threat of individuals illegally hacking into systems. Nowadays, intrusion threat to computer systems has changed radically. Instead of dealing with hackers, most current works focus on defending the system against code-driven attacks. Today’s web script codes such as VBScript are receiving increasing focus as a backdoor for attacking many computers through e-mail attachments or infected web sites. The nature of these malicious codes is that they can spread widely causing serious damages to many applications. Moreover, the majority of anti-virus tools used today are able to detect known attacks but are unable to detect new and unknown attacks. The work in this thesis presents an Anomaly host based Intrusion Detection System (IDS) that provides protection against web attacks from malicious VBScripts. The core of the system treats anomalies as outliers and this IDS model uses a Multivariate Statistical technique, Principal Component Analysis (PCA) to reduce the dimensionality of the problem while keeping the major principal components of benign instances. Hence, the system can easily filter malicious scripts that deviate from normal behavior and allow for normal scripts to bypass; so any future or unknown VBScript attacks are effectively captured while maintaining a low rate of false alarms.
Computer Science & Engineering Department
MS in Computer Science
Date of Award
Online Submission Date
El Kassas, Sherif
Committee Member 1
El Kassas, Sherif
Committee Member 2
The American University in Cairo grants authors of theses and dissertations a maximum embargo period of two years from the date of submission, upon request. After the embargo elapses, these documents are made available publicly. If you are the author of this thesis or dissertation, and would like to request an exceptional extension of the embargo period, please write to email@example.com
Not necessary for this item
El Sokkary, R.
(2005).Detecting malicious VBscripts using anomaly host based IDS based on principal component analysis (PCA) [Thesis, the American University in Cairo]. AUC Knowledge Fountain.
El Sokkary, Racha. Detecting malicious VBscripts using anomaly host based IDS based on principal component analysis (PCA). 2005. American University in Cairo, Thesis. AUC Knowledge Fountain.