Attack Fingerprints based on the Activity and Event Network(AEN) Model
| dc.contributor.author | Nie, Chenyang | |
| dc.date.accessioned | 2020-08-12T22:47:18Z | |
| dc.date.available | 2020-08-12T22:47:18Z | |
| dc.date.copyright | 2020 | en_US |
| dc.date.issued | 2020-08-12 | |
| dc.degree.department | Department of Electrical and Computer Engineering | |
| dc.degree.level | Master of Engineering M.Eng. | en_US |
| dc.description.abstract | The Activity and Event (AEN) graph is a new framework that enables capturing ongoing security-relevant activity and events occurring at a given organization using a large random time-varying graph model. The graph is generated by processing various network security logs, such as network packets, system logs, and intrusion detection alerts. In this report, we show how known attack methods can be captured generically using attack fingerprints based on the AEN graph. The fingerprints are constructed by identifying attack idiosyncrasies under the form of subgraphs that represent indicators of compromise (IOCs), and then encoded using PGQL queries. Among the many attack types, three main categories are implemented in our model: Probing, Denial of Service(DoS), and authentication breaches; Each category contains its common variations. The experimental evaluation of the fingerprints was carried using a combination of intrusion detection datasets and yielded very encouraging results. | en_US |
| dc.description.scholarlevel | Graduate | en_US |
| dc.identifier.uri | http://hdl.handle.net/1828/11986 | |
| dc.language.iso | en | en_US |
| dc.rights | Available to the World Wide Web | en_US |
| dc.subject | Network Attack | en_US |
| dc.subject | Intrusion Detection | en_US |
| dc.subject | Port Scan | en_US |
| dc.subject | Graph Database | en_US |
| dc.subject | DDoS | en_US |
| dc.title | Attack Fingerprints based on the Activity and Event Network(AEN) Model | en_US |
| dc.type | project | en_US |