Attack Fingerprints based on the Activity and Event Network(AEN) Model

Nie, Chenyang

UVicSpace Home
→
Faculty of Engineering
→
Department of Electrical and Computer Engineering
→
Graduate Projects (Electrical and Computer Engineering)
→
View Item

dc.contributor.author	Nie, Chenyang
dc.date.accessioned	2020-08-12T22:47:18Z
dc.date.available	2020-08-12T22:47:18Z
dc.date.copyright	2020	en_US
dc.date.issued	2020-08-12
dc.identifier.uri	http://hdl.handle.net/1828/11986
dc.description.abstract	The Activity and Event (AEN) graph is a new framework that enables capturing ongoing security-relevant activity and events occurring at a given organization using a large random time-varying graph model. The graph is generated by processing various network security logs, such as network packets, system logs, and intrusion detection alerts. In this report, we show how known attack methods can be captured generically using attack fingerprints based on the AEN graph. The fingerprints are constructed by identifying attack idiosyncrasies under the form of subgraphs that represent indicators of compromise (IOCs), and then encoded using PGQL queries. Among the many attack types, three main categories are implemented in our model: Probing, Denial of Service(DoS), and authentication breaches; Each category contains its common variations. The experimental evaluation of the fingerprints was carried using a combination of intrusion detection datasets and yielded very encouraging results.	en_US
dc.language.iso	en	en_US
dc.rights	Available to the World Wide Web	en_US
dc.subject	Network Attack	en_US
dc.subject	Intrusion Detection	en_US
dc.subject	Port Scan	en_US
dc.subject	Graph Database	en_US
dc.subject	DDoS	en_US
dc.title	Attack Fingerprints based on the Activity and Event Network(AEN) Model	en_US
dc.type	project	en_US
dc.degree.department	Department of Electrical and Computer Engineering	en_US
dc.degree.level	Master of Engineering M.Eng.	en_US
dc.description.scholarlevel	Graduate	en_US