Service interruption on Monday 11 July from 12:30 to 13:00: all the sites of the CCSD (HAL, Epiciences, SciencesConf, AureHAL) will be inaccessible (network hardware connection).
Skip to Main content Skip to Navigation

Approche algorithmique pour l’amélioration des performances du système de détection d’intrusions PIGA

Abstract : PIGA is a tool for detecting malicious behaviour by analysing system activity. This tool uses signatures representing illegal behaviours that violate security properties defined in the policy. The signatures are generated from graphs modelling the operation between different system entities and stored in the memory during the intrusion detection. The signature base can take up several MB (Megabytes). This will reduce system performance when the intrusion detection is running. During this thesis, we set up two methods to reduce the memory used to store the signatures while also preserving their quality. The first method is based on the modular decomposition of graphs. We used this notion of graph theory to reduce the size of the graph and lower the number and length of signatures. Applied to confidentiality properties on a gateway system, this method divides by 20 the number of generated signature. The second method reduces directly the signature base by deleting useless signatures when PIGA is used as an IPS. Applied to the same properties, this method divides by 5 the number of generated signatures. Using both methods together, the number of signatures is divided by more than 50. Next, we adapted the detection mechanism to use the new generated signatures. The experiments show that the new mechanism detects the same illegal behaviours detected by the previous one. Furthermore, we reduced the response time of PIGA.
Document type :
Complete list of metadata

Cited literature [25 references]  Display  Hide  Download
Contributor : ABES STAR :  Contact
Submitted on : Wednesday, November 5, 2014 - 3:12:00 PM
Last modification on : Thursday, May 5, 2022 - 3:36:45 PM
Long-term archiving on: : Friday, February 6, 2015 - 10:36:20 AM


Version validated by the jury (STAR)


  • HAL Id : tel-01080541, version 1


Pierre Clairet. Approche algorithmique pour l’amélioration des performances du système de détection d’intrusions PIGA. Autre [cs.OH]. Université d'Orléans, 2014. Français. ⟨NNT : 2014ORLE2016⟩. ⟨tel-01080541⟩



Record views


Files downloads