IDS Analysis Tech Report
I worked with Dr. John Musacchio and Ning Bao on a game-theoretic model for understanding potential courses of action a network administrator could take when knowledge of an intrusion has occured. Does one try to place an intruder in a virtual environment for observation? Are honeynets the best means of deterring attention from critical network locations? Is it best to just kick out attackers whenever they are found? My goal was to investigate metrics that can be used to analyze the knowledge a network administrator has access to in a “perfect” environment—i.e. an environment with an array of intrusion detection systems, firewalls, and endless more technologies galore.