The thesis investigates APT attacks, which are professional targeted attacks that are characterised by long-term duration and use of advanced techniques. The thesis summarises current knowledge about APT attacks and suggests seven symptoms that can be used to check, whether an organization is under an APT attack. Thesis suggests a system for detection of APT attacks based on interaction of those symptoms. This system is elaborated further for detection of attacks in computer networks, where it uses user behaviour modelling for anomaly detection. The detector uses k-nearest neighbors (k-NN) method. The APT attack recognition ability in network environment is verified by implementing and testing this detector.
Identifer | oai:union.ndltd.org:nusl.cz/oai:invenio.nusl.cz:255485 |
Date | January 2016 |
Creators | Hujňák, Ondřej |
Contributors | Kačic, Matej, Barabas, Maroš |
Publisher | Vysoké učení technické v Brně. Fakulta informačních technologií |
Source Sets | Czech ETDs |
Language | Czech |
Detected Language | English |
Type | info:eu-repo/semantics/masterThesis |
Rights | info:eu-repo/semantics/restrictedAccess |
Page generated in 0.002 seconds