This research explores an innovative approach to managing extensive rulesets in Host Intrusion Detection Systems (HIDS) through segmentation and dynamic expansion. Drawing upon the MITRE ATT&CK framework, the methodology categorizes rulesets into initial detection, choke point detection, and advanced detection, streamlines threat detection, and optimizes resource utilization. The segmentation allows for targeted detection of potential threats, while dynamic expansion enables the addition of advanced detection rules based on attacker actions. The study evaluates the effectiveness of this approach in reducing performance overhead and improving threat detection capabilities. Test cases validate the approach for detecting multi-stage attacks and optimizing system performance. Results indicate that while the segmentation and dynamic expansion technique offers structured threat detection, challenges such as missed detections and complexity in rule management exist. Future research directions include refining segmentation processes and enhancing rule categorization logic. Overall, this research contributes to the advancement of HIDS methodologies and underscores the importance of ongoing refinement and validation in cybersecurity strategies.
Identifer | oai:union.ndltd.org:UPSALLA1/oai:DiVA.org:his-23959 |
Date | January 2024 |
Creators | Bannikere Eshwarappa, Theertharaja |
Publisher | Högskolan i Skövde, Institutionen för informationsteknologi |
Source Sets | DiVA Archive at Upsalla University |
Language | English |
Detected Language | English |
Type | Student thesis, info:eu-repo/semantics/bachelorThesis, text |
Format | application/pdf |
Rights | info:eu-repo/semantics/openAccess |
Page generated in 0.0018 seconds