Login | Register

Semantic Mapping of Security Events to Known Attack Patterns

Title:

Semantic Mapping of Security Events to Known Attack Patterns

Ma, Xiao (2018) Semantic Mapping of Security Events to Known Attack Patterns. Masters thesis, Concordia University.

[thumbnail of Ma_MCompSc_F2018.pdf]
Preview
Text (application/pdf)
Ma_MCompSc_F2018.pdf - Accepted Version
3MB

Abstract

In order to provide cyber environment security, analysts need to analyze a large number of security events on a daily basis and take proper actions to alert their clients of potential threats. The increasing cyber traffic drives a need for a system to assist security analysts to relate security events to known attack patterns. This thesis describes the enhancement of an existing Intrusion Detection System (IDS) with the automatic mapping of snort alert messages to known attack patterns. Our system relies on three approaches: supplementing snort messages by adding related Common Vulnerabilities and Exposures (CVE) entities, pre-clustering similar snort messages before mapping them to attack patterns in Common Attack Pattern Enumeration and Classification (CAPEC) and using Latent Semantic Analysis (LSA) to reduce the dimension of the feature space. The module has been deployed in our partner company and when evaluated against the recommendations of two security analysts, it improved the F-measure of their system from 51.81% to 64.84%.

Divisions:Concordia University > Gina Cody School of Engineering and Computer Science > Computer Science and Software Engineering
Item Type:Thesis (Masters)
Authors:Ma, Xiao
Institution:Concordia University
Degree Name:M. Comp. Sc.
Program:Computer Science
Date:August 2018
Thesis Supervisor(s):Kosseim, Leila
ID Code:984114
Deposited By: XIAO MA
Deposited On:16 Nov 2018 16:38
Last Modified:16 Nov 2018 16:38
All items in Spectrum are protected by copyright, with all rights reserved. The use of items is governed by Spectrum's terms of access.

Repository Staff Only: item control page

Downloads per month over past year

Research related to the current document (at the CORE website)
- Research related to the current document (at the CORE website)
Back to top Back to top