پديد آورنده :
نوروزي، احمدرضا
عنوان :
تحليل و همبسته سازي هشدارها و گزارش هاي امنيتي با استفاده از داده كاوي
مقطع تحصيلي :
كارشناسي ارشد
گرايش تحصيلي :
معماري كامپيوتر
محل تحصيل :
اصفهان: دانشگاه صنعتي اصفهان، دانشكده برق و كامپيوتر
صفحه شمار :
ده،87ص.: مصور،جدول،نمودار
يادداشت :
ص.ع.به فارسي و انگليسي
استاد راهنما :
مهدي برنجكوب
استاد مشاور :
محمد حسين سرايي
توصيفگر ها :
تشخيص نفوذ , سناريوي حمله , هشدار مثبت كاذب
تاريخ نمايه سازي :
9/9/90
دانشكده :
مهندسي برق و كامپيوتر
چكيده فارسي :
به فارسي و انگليسي: قابل رويت در نسخه ديجيتالي
چكيده انگليسي :
Correlation and Analysis of Security Alerts and Reports Using Data Mining Ahmad Reza Norouzi a norouzi@ec iut ac ir 2011 06 07 Department of Electric and Computer Engineering Isfahan University of Technology Isfahan 84156 83111 IranDegreee M Sc Language FarsiMehdi Brenjkoub brnjkb@cc iut ac irAbstractAs a result of increasing rate of information technology success the total number of services using thistechnology is added every day These services are accessible everywhere thus being exploited byunauthorized people is possible Access control mechanism is one way to protect them However it is notsufficient enough because of the vulnerabilities in softwares and protocols which help the malicious peoplemake the access control system useless Today scanning the users activities and avoiding the maliciousactions is introduced as a solution for having continues service delivery For achieving this goal the intrusiondetection systems have been created These systems work as a sensor and inspect row network traffic toreport events suspected to be an attack The produced reports are investigated by the network administratorswho do the necessary actions However the intrusion detection systems produce flooding and false alertswhich could confuse the networks administrators Therefore alerts should be analyzed and evaluated as areasonable approach for decreasing and delete the unwanted and false alerts Proposing a model for analyzingand correlating alerts and reports coming from security and network sensors is the main idea of this thesis Inthis research we investigate the requirements and problems of the different approach provided in the contextof correlation whereas the data mining approaches are specially considered We stated that the knowledgebased methods used in attack scenario produced in the workrooms are not efficient enough for a dynamicenvironment with large variety of sensors such as security operation centers The learning based methods alsohave the high time complexity and their analysis logic is not clear enough for users In the proposed method the clustering technique and association rule mining have been used to propose a model for analyzing alertsand security reports We have decreased the false positive alerts by analyzing the reasons of an event whichleads to detraction of the produced alerts andreporting the main events The experimental results on DARPAtest data set show the success of our model Keywords Intrusion Detection Attack Scenario Alert Correlation Security Events False Positive Alert Data Mining
استاد راهنما :
مهدي برنجكوب
استاد مشاور :
محمد حسين سرايي
