پديد آورنده :
قاسمي كيا، اميرحسين
عنوان :
تحليل هشدارها و رويدادهاي امنيتي در مقياس داده بزرگ با استفاده از فناوري پردازش رويداد پيچيده
مقطع تحصيلي :
كارشناسي ارشد
گرايش تحصيلي :
معماري كامپيوتر
محل تحصيل :
اصفهان: دانشگاه صنعتي اصفهان، دانشكده برق و كامپيوتر
صفحه شمار :
نه، [78]ص.: مصور، جدول، نمودار
يادداشت :
ص.ع. به فارسي و انگليسي
استاد راهنما :
مهدي برنجكوب
توصيفگر ها :
تشخيص نفوذ , تحليل رويداد , همبسته سازي هشدار , خوشه بندي
استاد داور :
علي فانيان، محمد حسين منشي
تاريخ ورود اطلاعات :
1395/08/10
دانشكده :
مهندسي برق و كامپيوتر
چكيده انگليسي :
79 Analysis of security alerts and events in big data scale using complex event processing technology Amirhossein Ghasemi kia Amir ghasemi@ec iut ac ir Date of Submission 2016 06 13 Department of Electrical and Computer Engineering Isfahan University of Technology Isfahan 84156 83111 Iran Degree M Sc Language FarsiSupervisor Mehdi Berenjkoub brnjkb@cc iut ac irAbstract Intrusion Detection Systems have been developed and extended in order to examine suspected activities bymonitoring and reviewing the raw traffic of the network and reporting the necessary alarm by issuing amessage if an attack is diagnosed Furthermore alerts of firewall honeypot and other security sensors areavailable also that face us with a huge volume of security alerts in addition to the alerts produced by the Intrusion Detection Systems Therefore understanding the security conditions of the protected network is very difficult for the networkmanager or the responsive system against the breach Next to the useful alerts among the huge amount of thereports there are a large number of useless reports that cause the recognition of the security situation of thesystem to become almost impossible by the network manager Therefore analyzing and correlation of thealert is used The goal of this work is offering a solution for a real time extraction of the required informationfrom the incoming data flow for the network manager and elucidating a model for correlation and analyzingof the extracted data Complex event processing provides capability of high speed extracting information inreal time stream processing Our proposed model grants accessing useful and analyzable information to theexpert Results show that the model is so faster than the other event correlation models Also they show thatthe proposed model is more efficient in event correlation s parameters such as false negative and number ofclusters Keywords Intrusion Detection Event Analysis Alert Correlation Complex Event Processing Clustering
استاد راهنما :
مهدي برنجكوب
استاد داور :
علي فانيان، محمد حسين منشي
