Return to search

A hadoop based framework for analyzing intrusion activities of advanced persistent threats

Intruders often remain persistent and stealthy in order to regularly exfilterate the continuously evolving critical information of their target organization. This compels them to rapidly discover new and advanced techniques for exploiting the target environment in order to trespass the security mechanisms. Such adversaries are known as Advanced Persistent Threats (APT). APTs heavily use their target system';s unknown vulnerabilities. Therefore, even with highly monitored networks, defenders are able to detect their footprints only in later phases of the intrusion. Moreover, highly monitoring the hosts and networks of any midsized organization generates huge amount of log data. Analysis of such log data which is generally text heavy and semi structured, collected during multiple years becomes a Big Data problem. This dissertation provides a well defined modular framework based on Big Data Technologies, such as Apache Hadoop and its related projects, towards efficient collection, management and processing of huge amounts of log data acquired from multiple hosts and network monitoring sources. Additionally, on the top of the analysis framework, it adopts Intrusion Kill Chain model for identifying and plotting phases of intrusion activities performed by APTs. Hence, it equips security administrators with the necessary agility and tools for analysis of intrusions and brings situational awareness in order to defend against the adversaries. Our primary experiments on this framework provided promising results and motivation for many future works.

Identiferoai:union.ndltd.org:IBICT/oai:agregador.ibict.br.BDTD_ITA:oai:ita.br:2831
Date18 December 2013
CreatorsParth Bhatt
ContributorsEdgar Toshiro Yano
PublisherInstituto Tecnológico de Aeronáutica
Source SetsIBICT Brazilian ETDs
LanguageEnglish
Detected LanguageEnglish
Typeinfo:eu-repo/semantics/publishedVersion, info:eu-repo/semantics/masterThesis
Formatapplication/pdf
Sourcereponame:Biblioteca Digital de Teses e Dissertações do ITA, instname:Instituto Tecnológico de Aeronáutica, instacron:ITA
Rightsinfo:eu-repo/semantics/openAccess

Page generated in 0.0022 seconds