NDLTD Global ETD Search
  • Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 1
  • Tagged with
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.

Search results

Showing 1 to 1 of 1 (0.061 seconds)

Spelling suggestions: "subject:"advanced persistent threats"" "subject:"advanced persisitent threats""

1

ARCA - Alerts root cause analysis framework

Melo, Daniel Araújo 08 September 2014 (has links)
Submitted by Luiza Maria Pereira de Oliveira (luiza.oliveira@ufpe.br) on 2015-05-15T14:58:14Z No. of bitstreams: 2 license_rdf: 1232 bytes, checksum: 66e71c371cc565284e70f40736c94386 (MD5) DISSERTAÇÃO Daniel Araújo Melo.pdf: 2348702 bytes, checksum: cdf9ac0421311267960355f9d6ca4479 (MD5) / Made available in DSpace on 2015-05-15T14:58:14Z (GMT). No. of bitstreams: 2 license_rdf: 1232 bytes, checksum: 66e71c371cc565284e70f40736c94386 (MD5) DISSERTAÇÃO Daniel Araújo Melo.pdf: 2348702 bytes, checksum: cdf9ac0421311267960355f9d6ca4479 (MD5) Previous issue date: 2014-09-08 / Modern virtual plagues, or malwares, have focused on internal host infection and em-ploy evasive techniques to conceal itself from antivirus systems and users. Traditional network security mechanisms, such as Firewalls, IDS (Intrusion Detection Systems) and Antivirus Systems, have lost efficiency when fighting malware propagation. Recent researches present alternatives to detect malicious traffic and malware propagation through traffic analysis, however, the presented results are based on experiments with biased artificial traffic or traffic too specific to generalize, do not consider the existence of background traffic related with local network services or demands previous knowledge of networks infrastructure. Specifically don’t consider a well-known intru-sion detection systems problem, the high false positive rate which may be responsible for 99% of total alerts. This dissertation proposes a framework (ARCA – Alerts Root Cause Analysis) capable of guide a security engineer, or system administrator, to iden-tify alerts root causes, malicious or not, and allow the identification of malicious traffic and false positives. Moreover, describes modern malwares propagation mechanisms, presents methods to detect malwares through analysis of IDS alerts and false positives reduction. ARCA combines an aggregation method based on Relative Uncertainty with Apriori, a frequent itemset mining algorithm. Tests with 2 real datasets show an 88% reduction in the amount of alerts to be analyzed without previous knowledge of network infrastructure.
Intrusion detection
Malware
Alerts correlation
Advanced persis-tent threats

Page generated in 0.0642 seconds