Return to search

Agentless endpoint security monitoring framework

Existing endpoint security monitors use agents that must be installed on every
computing host or endpoint. However, as the number of monitored hosts increases,
agents installation, con figuration and maintenance become arduous and requires more
efforts. Moreover, installed agents can increase the security threat footprint and
several companies impose restrictions on using agents on every computing system.
This work provides a generic agentless endpoint framework for security monitoring of
computing systems. The computing hosts are accessed by the monitoring framework
running on a central server. Since the monitoring framework is separate from the
computing hosts for which the monitoring is being performed, the various security
models of the framework can perform data retrieval and analysis without utilizing
agents executing within the computing hosts. The monitoring framework retrieves
transparently raw data from the monitored computing hosts that are then fed to the
security modules integrated with the framework. These modules analyze the received
data to perform security monitoring of the target computing hosts. As a use case, a
real-time intrusion detection model has been implemented to detect abnormal behaviors on computing hosts based on the data collected using the introduced framework. / Graduate

Identiferoai:union.ndltd.org:uvic.ca/oai:dspace.library.uvic.ca:1828/10904
Date28 May 2019
CreatorsGhaleb, Asem
ContributorsTraore, Issa
Source SetsUniversity of Victoria
LanguageEnglish, English
Detected LanguageEnglish
TypeThesis
Formatapplication/pdf
RightsAvailable to the World Wide Web

Page generated in 0.2795 seconds