Exploring Intruder Key Trace based on Complicated System Call Graph by Recursive Dominator Mechanism
碩士 === 國立臺灣科技大學 === 資訊工程系 === 107 === The existing security equipment detects attack by applying host-based intrusion detection system(HIDS), User and Entity Behavior Analytics(UEBA) and anti-virus software. Unfortunately, huge amounts of logs are generated by the equipment, and correlating all of t...
Main Authors: | , |
---|---|
Other Authors: | |
Format: | Others |
Language: | en_US |
Published: |
2018
|
Online Access: | http://ndltd.ncl.edu.tw/handle/4f28m3 |
id |
ndltd-TW-107NTUS5392001 |
---|---|
record_format |
oai_dc |
spelling |
ndltd-TW-107NTUS53920012019-05-16T00:59:41Z http://ndltd.ncl.edu.tw/handle/4f28m3 Exploring Intruder Key Trace based on Complicated System Call Graph by Recursive Dominator Mechanism 透過遞迴支配機制從複雜系統呼叫圖搜尋入侵者關鍵軌跡 Chi-Yuan Hsieh 謝奇元 碩士 國立臺灣科技大學 資訊工程系 107 The existing security equipment detects attack by applying host-based intrusion detection system(HIDS), User and Entity Behavior Analytics(UEBA) and anti-virus software. Unfortunately, huge amounts of logs are generated by the equipment, and correlating all of the logs is a very time-consuming task. In the end, only fragments of information are obtained, such as unusual system login behaviors, suspicious Command-and-control(C&C) servers and malware, which are unable to describe the attack scenarios. As a result, forensics experts need to manually investigate the key intrusion of the attacks. In this study, our purpose is to reduce the costs of manual attack intrusion investigation. We propose a method that explores the intruder key trace by examining dominators of system-level logs and design a recursive dominator mechanism to identify whether the events are related to the attacks. The main contributions of the study are as follows: (1) Filtering 98.94% of normal behaviors; (2) Recovering the key trace of the attack with a 92.85% recall rate; (3) Constructing the attack chain with information fragments. Hahn-Ming Lee 李漢銘 2018 學位論文 ; thesis 54 en_US |
collection |
NDLTD |
language |
en_US |
format |
Others
|
sources |
NDLTD |
description |
碩士 === 國立臺灣科技大學 === 資訊工程系 === 107 === The existing security equipment detects attack by applying host-based intrusion detection system(HIDS), User and Entity Behavior Analytics(UEBA) and anti-virus software. Unfortunately, huge amounts of logs are generated by the equipment, and correlating all of the logs is a very time-consuming task. In the end, only fragments of information are obtained, such as unusual system login behaviors, suspicious Command-and-control(C&C) servers and malware, which are unable to describe the attack scenarios. As a result, forensics experts need to manually investigate the key intrusion of the attacks. In this study, our purpose is to reduce the costs of manual attack intrusion investigation.
We propose a method that explores the intruder key trace by examining dominators of system-level logs and design a recursive dominator mechanism to identify whether the events are related to the attacks. The main contributions of the study are as follows: (1) Filtering 98.94% of normal behaviors; (2) Recovering the key trace of the attack with a 92.85% recall rate; (3) Constructing the attack chain with information fragments.
|
author2 |
Hahn-Ming Lee |
author_facet |
Hahn-Ming Lee Chi-Yuan Hsieh 謝奇元 |
author |
Chi-Yuan Hsieh 謝奇元 |
spellingShingle |
Chi-Yuan Hsieh 謝奇元 Exploring Intruder Key Trace based on Complicated System Call Graph by Recursive Dominator Mechanism |
author_sort |
Chi-Yuan Hsieh |
title |
Exploring Intruder Key Trace based on Complicated System Call Graph by Recursive Dominator Mechanism |
title_short |
Exploring Intruder Key Trace based on Complicated System Call Graph by Recursive Dominator Mechanism |
title_full |
Exploring Intruder Key Trace based on Complicated System Call Graph by Recursive Dominator Mechanism |
title_fullStr |
Exploring Intruder Key Trace based on Complicated System Call Graph by Recursive Dominator Mechanism |
title_full_unstemmed |
Exploring Intruder Key Trace based on Complicated System Call Graph by Recursive Dominator Mechanism |
title_sort |
exploring intruder key trace based on complicated system call graph by recursive dominator mechanism |
publishDate |
2018 |
url |
http://ndltd.ncl.edu.tw/handle/4f28m3 |
work_keys_str_mv |
AT chiyuanhsieh exploringintruderkeytracebasedoncomplicatedsystemcallgraphbyrecursivedominatormechanism AT xièqíyuán exploringintruderkeytracebasedoncomplicatedsystemcallgraphbyrecursivedominatormechanism AT chiyuanhsieh tòuguòdìhuízhīpèijīzhìcóngfùzáxìtǒnghūjiàotúsōuxúnrùqīnzhěguānjiànguǐjī AT xièqíyuán tòuguòdìhuízhīpèijīzhìcóngfùzáxìtǒnghūjiàotúsōuxúnrùqīnzhěguānjiànguǐjī |
_version_ |
1719173310600708096 |