Ma, Xiao (2018) Semantic Mapping of Security Events to Known Attack Patterns. Masters thesis, Concordia University.
Preview |
Text (application/pdf)
3MBMa_MCompSc_F2018.pdf - Accepted Version |
Abstract
In order to provide cyber environment security, analysts need to analyze a large number of security events on a daily basis and take proper actions to alert their clients of potential threats. The increasing cyber traffic drives a need for a system to assist security analysts to relate security events to known attack patterns. This thesis describes the enhancement of an existing Intrusion Detection System (IDS) with the automatic mapping of snort alert messages to known attack patterns. Our system relies on three approaches: supplementing snort messages by adding related Common Vulnerabilities and Exposures (CVE) entities, pre-clustering similar snort messages before mapping them to attack patterns in Common Attack Pattern Enumeration and Classification (CAPEC) and using Latent Semantic Analysis (LSA) to reduce the dimension of the feature space. The module has been deployed in our partner company and when evaluated against the recommendations of two security analysts, it improved the F-measure of their system from 51.81% to 64.84%.
Divisions: | Concordia University > Gina Cody School of Engineering and Computer Science > Computer Science and Software Engineering |
---|---|
Item Type: | Thesis (Masters) |
Authors: | Ma, Xiao |
Institution: | Concordia University |
Degree Name: | M. Comp. Sc. |
Program: | Computer Science |
Date: | August 2018 |
Thesis Supervisor(s): | Kosseim, Leila |
ID Code: | 984114 |
Deposited By: | XIAO MA |
Deposited On: | 16 Nov 2018 16:38 |
Last Modified: | 16 Nov 2018 16:38 |
Repository Staff Only: item control page