Existing endpoint security monitors use agents that must be installed on every
computing host or endpoint. However, as the number of monitored hosts increases,
agents installation, con figuration and maintenance become arduous and requires more
efforts. Moreover, installed agents can increase the security threat footprint and
several companies impose restrictions on using agents on every computing system.
This work provides a generic agentless endpoint framework for security monitoring of
computing systems. The computing hosts are accessed by the monitoring framework
running on a central server. Since the monitoring framework is separate from the
computing hosts for which the monitoring is being performed, the various security
models of the framework can perform data retrieval and analysis without utilizing
agents executing within the computing hosts. The monitoring framework retrieves
transparently raw data from the monitored computing hosts that are then fed to the
security modules integrated with the framework. These modules analyze the received
data to perform security monitoring of the target computing hosts. As a use case, a
real-time intrusion detection model has been implemented to detect abnormal behaviors on computing hosts based on the data collected using the introduced framework. / Graduate
Identifer | oai:union.ndltd.org:uvic.ca/oai:dspace.library.uvic.ca:1828/10904 |
Date | 28 May 2019 |
Creators | Ghaleb, Asem |
Contributors | Traore, Issa |
Source Sets | University of Victoria |
Language | English, English |
Detected Language | English |
Type | Thesis |
Format | application/pdf |
Rights | Available to the World Wide Web |
Page generated in 0.0017 seconds