Intruders often remain persistent and stealthy in order to regularly exfilterate the continuously evolving critical information of their target organization. This compels them to rapidly discover new and advanced techniques for exploiting the target environment in order to trespass the security mechanisms. Such adversaries are known as Advanced Persistent Threats (APT). APTs heavily use their target system';s unknown vulnerabilities. Therefore, even with highly monitored networks, defenders are able to detect their footprints only in later phases of the intrusion. Moreover, highly monitoring the hosts and networks of any midsized organization generates huge amount of log data. Analysis of such log data which is generally text heavy and semi structured, collected during multiple years becomes a Big Data problem. This dissertation provides a well defined modular framework based on Big Data Technologies, such as Apache Hadoop and its related projects, towards efficient collection, management and processing of huge amounts of log data acquired from multiple hosts and network monitoring sources. Additionally, on the top of the analysis framework, it adopts Intrusion Kill Chain model for identifying and plotting phases of intrusion activities performed by APTs. Hence, it equips security administrators with the necessary agility and tools for analysis of intrusions and brings situational awareness in order to defend against the adversaries. Our primary experiments on this framework provided promising results and motivation for many future works.
Identifer | oai:union.ndltd.org:IBICT/oai:agregador.ibict.br.BDTD_ITA:oai:ita.br:2831 |
Date | 18 December 2013 |
Creators | Parth Bhatt |
Contributors | Edgar Toshiro Yano |
Publisher | Instituto Tecnológico de Aeronáutica |
Source Sets | IBICT Brazilian ETDs |
Language | English |
Detected Language | English |
Type | info:eu-repo/semantics/publishedVersion, info:eu-repo/semantics/masterThesis |
Format | application/pdf |
Source | reponame:Biblioteca Digital de Teses e Dissertações do ITA, instname:Instituto Tecnológico de Aeronáutica, instacron:ITA |
Rights | info:eu-repo/semantics/openAccess |
Page generated in 0.008 seconds