Attack Fingerprints based on the Activity and Event Network(AEN) Model

Show simple item record

dc.contributor.author Nie, Chenyang
dc.date.accessioned 2020-08-12T22:47:18Z
dc.date.available 2020-08-12T22:47:18Z
dc.date.copyright 2020 en_US
dc.date.issued 2020-08-12
dc.identifier.uri http://hdl.handle.net/1828/11986
dc.description.abstract The Activity and Event (AEN) graph is a new framework that enables capturing ongoing security-relevant activity and events occurring at a given organization using a large random time-varying graph model. The graph is generated by processing various network security logs, such as network packets, system logs, and intrusion detection alerts. In this report, we show how known attack methods can be captured generically using attack fingerprints based on the AEN graph. The fingerprints are constructed by identifying attack idiosyncrasies under the form of subgraphs that represent indicators of compromise (IOCs), and then encoded using PGQL queries. Among the many attack types, three main categories are implemented in our model: Probing, Denial of Service(DoS), and authentication breaches; Each category contains its common variations. The experimental evaluation of the fingerprints was carried using a combination of intrusion detection datasets and yielded very encouraging results. en_US
dc.language.iso en en_US
dc.rights Available to the World Wide Web en_US
dc.subject Network Attack en_US
dc.subject Intrusion Detection en_US
dc.subject Port Scan en_US
dc.subject Graph Database en_US
dc.subject DDoS en_US
dc.title Attack Fingerprints based on the Activity and Event Network(AEN) Model en_US
dc.type project en_US
dc.degree.department Department of Electrical and Computer Engineering en_US
dc.degree.level Master of Engineering M.Eng. en_US
dc.description.scholarlevel Graduate en_US

Files in this item

This item appears in the following Collection(s)

Show simple item record

Search UVicSpace


My Account