Provenance-based intrusion detection
An Intrusion Detection System (IDS) detects threats based on patterns of known exploits, malicious behaviors, and attack techniques. Provenance graphs are directed graphs that record the detailed history of data, including how they are generated, and every action performed on them. They provide a ho...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
Nanyang Technological University
2023
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/166065 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-166065 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1660652023-04-21T15:38:32Z Provenance-based intrusion detection Lim, Qian Hui Ke Yiping, Kelly School of Computer Science and Engineering ypke@ntu.edu.sg Engineering::Computer science and engineering::Data::Data structures An Intrusion Detection System (IDS) detects threats based on patterns of known exploits, malicious behaviors, and attack techniques. Provenance graphs are directed graphs that record the detailed history of data, including how they are generated, and every action performed on them. They provide a holistic and structured view of what is going on in the system and record footprints that include those of both legitimate users and attackers. By capturing the detailed information flow in system executions and system objects, they serve as an apt data source for intrusion detection. Cyberattacks such as Advanced Persistent Threats (APT) are becoming increasingly sophisticated and common. Traditional IDS are unable to cope due to their high false-positive rate and the required effort of security experts to validate them. As such, incidents can remain undetected for up to several months and enterprises then suffer severe damages financially or through loss of data [1]. The potential of provenance graphs for intrusion detection has been demonstrated in recent studies [2]. It is shown that provenance-based methods can attain higher detection accuracy, performance, and lower false alarm rates than traditional system-call-based methods [3]. In this project, I will leverage provenance graphs as the data source for intrusion detection. This project aims to collect and generate provenance graphs of both benign and malicious cases to analyze graph mining algorithms for modern IDS. Bachelor of Engineering (Computer Science) 2023-04-18T12:10:33Z 2023-04-18T12:10:33Z 2023 Final Year Project (FYP) Lim, Q. H. (2023). Provenance-based intrusion detection. Final Year Project (FYP), Nanyang Technological University, Singapore. https://hdl.handle.net/10356/166065 https://hdl.handle.net/10356/166065 en application/pdf Nanyang Technological University |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
Engineering::Computer science and engineering::Data::Data structures |
| spellingShingle |
Engineering::Computer science and engineering::Data::Data structures Lim, Qian Hui Provenance-based intrusion detection |
| description |
An Intrusion Detection System (IDS) detects threats based on patterns of known exploits, malicious behaviors, and attack techniques. Provenance graphs are directed graphs that record the detailed history of data, including how they are generated, and every action performed on them. They provide a holistic and structured view of what is going on in the system and record footprints that include those of both legitimate users and attackers. By capturing the detailed information flow in system executions and system objects, they serve as an apt data source for intrusion detection.
Cyberattacks such as Advanced Persistent Threats (APT) are becoming increasingly sophisticated and common. Traditional IDS are unable to cope due to their high false-positive rate and the required effort of security experts to validate them. As such, incidents can remain undetected for up to several months and enterprises then suffer severe damages financially or through loss of data [1]. The potential of provenance graphs for intrusion detection has been demonstrated in recent studies [2]. It is shown that provenance-based methods can attain higher detection accuracy, performance, and lower false alarm rates than traditional system-call-based methods [3].
In this project, I will leverage provenance graphs as the data source for intrusion detection. This project aims to collect and generate provenance graphs of both benign and malicious cases to analyze graph mining algorithms for modern IDS. |
| author2 |
Ke Yiping, Kelly |
| author_facet |
Ke Yiping, Kelly Lim, Qian Hui |
| format |
Final Year Project |
| author |
Lim, Qian Hui |
| author_sort |
Lim, Qian Hui |
| title |
Provenance-based intrusion detection |
| title_short |
Provenance-based intrusion detection |
| title_full |
Provenance-based intrusion detection |
| title_fullStr |
Provenance-based intrusion detection |
| title_full_unstemmed |
Provenance-based intrusion detection |
| title_sort |
provenance-based intrusion detection |
| publisher |
Nanyang Technological University |
| publishDate |
2023 |
| url |
https://hdl.handle.net/10356/166065 |
| _version_ |
1764208157181083648 |