پديد آورنده :
صديق اورعي، محمد
عنوان :
بهبود همبسته سازي هشدارهاي امنيتي بر مبناي يك بازنمايي كارآمد از الگوهاي حملات محتمل در سطح سازمان
مقطع تحصيلي :
كارشناسي ارشد
گرايش تحصيلي :
مهندسي كامپيوتر
محل تحصيل :
اصفهان: دانشگاه صنعتي اصفهان، دانشكده برق و كامپيوتر
صفحه شمار :
ده،128ص.: مصور،جدول،نمودار
يادداشت :
ص.ع.به فارسي و انگليسي
استاد راهنما :
مهدي برنجكوب
استاد مشاور :
مسعودرضا هاشمي
توصيفگر ها :
سيستم تشخيص نفوذ , آسيب پذيري , گراف نوعي حملات , سناريوي حمله
تاريخ نمايه سازي :
28/3/90
دانشكده :
مهندسي برق و كامپيوتر
چكيده فارسي :
به فارسي و انگليسي: قابل رويت در نسخه ديجيتالي
چكيده انگليسي :
Improvement of Security Alert Correlation Based on an Efficient Enterprise Level Representation of Probable Attack Patterns Seyed Mohamad Sedigh Oraei s so@ec iut ac ir Date of Submission 2010 6 29 Department of Electrical and Computer Engineering Isfahan University of Technology Isfahan 84156 83111 Iran Degree M Sc Language Farsi Supervisor Mehdi Berenjkoub brnjkb@cc iut ac ir Abstract Intrusion detection systems IDS are used to detect attacks in computer networks Network administrators are often overwhelmed by large volumes of IDS alerts This has motivated for automatic IDS alert analysis The goal of automatic alert analysis is to respond IDSes challenges Including large volumes of alerts large amount of false positive alerts low level situational awareness and alerts no correlated with others Ideally alert correlation should help to distinguish coordinated multi step attacks from isolated events Appropriate time complexity is very essential for online alert correlation Enterprise vulnerability correlation is one of the newest methods for correlation At first in these methods network vulnerabilities are analysed and attack graph is extracted then alerts are correlated based on cerated attack graph An attacker typically breaks into a network by means a series of exploits such that each exploit satisfies the pre condition for subsequent exploit and makes a causal relationship among them Such a series of exploits is called attack path and the set of all possible attack paths form an attack graph In proposed model in this thesis exploits are extracted from an enterprise network and then are saved as insecurity signatures Causal relationships among insecurity signatures are studied and all relations between them are extracted and results are saved in a graph This graph is named attack type graph All possible attack paths are extracted from attack type graph and each attack path is saved as a probable attack pattern Then each alert produced by IDS is mapped to one node of type graph and probable attack patterns are used to correlate alerts and to discover the related probable attack scenarios Probable attack patterns are cerated in non real and the process must be repeated just whenever a sort of change occures in the network Then they are used to correlate alerts as an online process Usage of these patterns is not limited to correlate alerts These patterns are used in different parts of network security management One of these applications is to assess network resistance against attacks Keywords Intrusion Detection System Vulnerability Alert Correlation Attacks Type Graph Attack Scenario Probable Attack Pattern
استاد راهنما :
مهدي برنجكوب
استاد مشاور :
مسعودرضا هاشمي
