Loading...

Detection of Confidentiality Violation by Short Term Advanced Persistent Threats based on Data Stream Correlation

Javadi, Heydar | 2018

1599 Viewed
  1. Type of Document: M.Sc. Thesis
  2. Language: Farsi
  3. Document No: 51537 (19)
  4. University: Sharif University of Technology
  5. Department: Computer Engineering
  6. Advisor(s): Amini, Morteza
  7. Abstract:
  8. Advanced Persistent Threats (APTs) by multi step , low-level and sometimes slowmoving behaviors try to hiding malicious behaviors. These attacks are complex, costly and the attacker violates the security policy explicitly or implicitly by distributing his or her behavior to multi agents and infiltrate trusted subjects. One of the challenges is the discovery of these attacks in the early stages of the attack and before the complete violation of confidentiality. the lack of deep intercepting of events, content with intrusion detection systems warnings, the lack of simultaneous tracking of host and network-level events and the lack of real-time processing is limitations of existing detection methods. In order to detect the existence of APTs, we must track the behaviors with more details and alongside each other. Because relying on warnings of public security systems and correlating them, due to the loss of event information and the non-consideration of some relationships,may not reveal malformed behavior. This requires direct correlation of events and leads to the production of massive events and the relationships between them. Due to high-speed stream, fast responding correlation methods are considered. In this research, after recording the hosts and network events together by using real time processing techniques, we provide a solution to track momentay of explicit and implicit access by subjects involved in the organization as result, real time detection of explicit or implicit violations of the organization’s confidentiality policies by APTs that runs attack vector in short time. evaluation of the proposed approach with various scenarios of confidentiality violation by APTs and a collection of data collected from real environment, demonstrates the effectiveness of the proposed approach in realtime detection of confidentiality violations by APTs
  9. Keywords:
  10. Correlation ; Advanced Persistent Treats ; Real-Time Processing ; Big Data Stream ; Confidentiality

 Digital Object List

 Bookmark

...see more