COMING SOON! PQDT Open is getting a new home!

ProQuest Open Access Dissertations & Theses will remain freely available as part of a new and enhanced search experience at

Questions? Please refer to this FAQ.

Dissertation/Thesis Abstract

The Role of Protocol Analysis in Cybersecurity: Closing the Gap on Undetected Data Breaches
by Garringer, James, M.S., Utica College, 2018, 73; 10974156
Abstract (Summary)

Organizations of all sizes are targets for a cyberattack. Undetected data breaches result in the catastrophic loss of personally identifiable information (PII) causing considerable financial and reputation harm to organizations, while also imposing a risk of identity fraud to consumers. The purpose of this study was to consider the impact that undetected data breaches have on organizations with an additional focus on shortening the gap between the time of data breach and the time of detection through manual protocol analysis and intrusion detection system (IDS) solutions. This research reviewed the available literature detailing the effects of undetected data breaches on organizations as well as the advanced exploitation of protocols and anomaly detection through manual protocol analysis and IDS.

Manual protocol analysis provides situational anomaly detection when compared to baseline network traffic, but implies privacy concerns and does not allow timely detection of most cyberattacks. Automated IDS stream-based flows allow quicker detection of cyberattacks. Network flow-based IDS misses hidden attacks due to lack of a data payload requiring manual analysis instead, while host-based IDS adversely affects the performance of the host computer, but successfully identifies anomalies based on known signatures. This study recommended a complementary defense-in-depth solution which employs manual protocol analysis and both host-based and network-based IDS solutions as a viable strategy for reducing the time between data breach and time of detection. This study additionally recommended that security operation center personnel and IT departments should receive protocol analysis training to support manual detection against a known network traffic baseline.

Indexing (document details)
Advisor: Wendt, Donnie
Commitee: Givens, Austen
School: Utica College
Department: Cybersecurity
School Location: United States -- New York
Source: MAI 58/03M(E), Masters Abstracts International
Subjects: Information Technology, Information science, Artificial intelligence, Computer science
Keywords: Cybersecurity, Machine learning, Mosaic effect, Self-similarity, Wendt, Donnie, Wireshark
Publication Number: 10974156
ISBN: 978-0-438-72381-8
Copyright © 2021 ProQuest LLC. All rights reserved. Terms and Conditions Privacy Policy Cookie Policy