Provenance graph generation for intrusion detection
Provenance is defined as the origin or the earliest known history of a thing. In the aspect of data provenance, it defines the origin of a data and how it was created, and actions performed on the data. These data could be used for forensics and security. This project aims to capture whole syst...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
Nanyang Technological University
2022
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/162932 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| Summary: | Provenance is defined as the origin or the earliest known history of a thing. In the
aspect of data provenance, it defines the origin of a data and how it was created,
and actions performed on the data. These data could be used for forensics and
security. This project aims to capture whole system provenance to detect any
intrusion. There are multiple systems to capture the provenance such as Provenance
Aware Storage System(PASS), Hi-Fi, Linux Provenance Module (LPM), CamFlow.
This project focuses on setting up CamFlow, a whole-system provenance capture
mechanism. The data captured from various intrusion scenarios using the CamFlow
system would be streamed to Flurry. Flurry is a web server based; end-to-end data
pipeline connected to CamFlow to generate provenance graphs. This project shows
how CamFlow, and Flurry can be integrated to analyse for any intrusion in systems. |
|---|