Intrusion detection research over the last twenty years has focused on the threat of individuals illegally hacking into systems. Nowadays, intrusion threat to computer systems has changed radically. Instead of dealing with hackers, most current works focus on defending the system against code-driven attacks. Today’s web script codes such as VBScript are receiving increasing focus as a backdoor for attacking many computers through e-mail attachments or infected web sites. The nature of these malicious codes is that they can spread widely causing serious damages to many applications. Moreover, the majority of anti-virus tools used today are able to detect known attacks but are unable to detect new and unknown attacks. The work in this thesis presents an Anomaly host based Intrusion Detection System (IDS) that provides protection against web attacks from malicious VBScripts. The core of the system treats anomalies as outliers and this IDS model uses a Multivariate Statistical technique, Principal Component Analysis (PCA) to reduce the dimensionality of the problem while keeping the major principal components of benign instances. Hence, the system can easily filter malicious scripts that deviate from normal behavior and allow for normal scripts to bypass; so any future or unknown VBScript attacks are effectively captured while maintaining a low rate of false alarms.


Computer Science & Engineering Department

Degree Name

MS in Computer Science

Date of Award


Online Submission Date


First Advisor

El Kassas, Sherif

Committee Member 1

El Kassas, Sherif

Committee Member 2

Goneid, Amr

Document Type



160 p.


The American University in Cairo grants authors of theses and dissertations a maximum embargo period of two years from the date of submission, upon request. After the embargo elapses, these documents are made available publicly. If you are the author of this thesis or dissertation, and would like to request an exceptional extension of the embargo period, please write to thesisadmin@aucegypt.edu


Not necessary for this item