Return to search

Understanding the behaviour of  IOCs during their lifecycle

An indicator of compromise is a digital artefact that detects data compromise. They sense the compromise happening, trace the intrusion and collect data. This data includes breached data and the address. All indicators have a limited period of a lifetime, in which these work the best time in their peak. Once the indicator starts decaying, then its performance of it deteriorates. Meaning there is an increase in false alarms of compromise. The most influential parameters in the performance of an IOC are related pulse, alerts, file score and IDS. These parameters influence both the working and decay of an indicator. But the relation between these is unknown; therefore, this thesis investigates the nature of the correlation between these parameters. Evaluating an IOC and its performance or decay is essential as these determine the quality of an indicator known as confidence in cybersecurity. In cybersecurity management, confidence (quality) is crucial in preventing or detecting threats. By understanding IOC's performance and decay, we can determine its confidence level. There has been a model generated to find confidence levels, and this thesis aims to improve those models. Here, the thesis proposes a case study to find the relation between parameters and use the findings in making an improved model finding confidence level.

Identiferoai:union.ndltd.org:UPSALLA1/oai:DiVA.org:bth-24127
Date January 2022
CreatorsGodavarti, Navya sree, Modali, Sivani
PublisherBlekinge Tekniska Högskola, Institutionen för datavetenskap
Source SetsDiVA Archive at Upsalla University
LanguageEnglish
Detected LanguageEnglish
TypeStudent thesis, info:eu-repo/semantics/bachelorThesis, text
Formatapplication/pdf
Rightsinfo:eu-repo/semantics/openAccess

Page generated in 0.002 seconds