Provenance graph generation for intrusion detection
Intrusion Detection System (IDS) is a monitoring system that passively listens to a network, detecting and generating alerts for suspicious activities. However, detection of such activities has become increasingly challenging due to sophisticated evasion techniques deployed by present-day malware...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
Nanyang Technological University
2023
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/171978 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| Summary: | Intrusion Detection System (IDS) is a monitoring system that passively listens to a
network, detecting and generating alerts for suspicious activities. However, detection
of such activities has become increasingly challenging due to sophisticated evasion
techniques deployed by present-day malware and Advanced Persistent Threats
(APTs). Consequently, commercial IDSs may fail to detect intrusions for extended
periods, leading to substantial financial losses and data breaches for organizations.
Provenance graphs are directed graphs that documents the lineage and history of
data, and their associated activities. In a host system, provenance graph delivers a
forensic aspect to intrusion detection, capturing the descendants and activities from a
single malicious entity. By capturing intricate data flows and system objects,
provenance graphs have the potential to better protect systems from emerging cyber
threats.
This project embarks on the exploration of provenance graphs to enhance intrusion
detection capabilities. It will also generate provenance datasets from benign and
malicious activities, and proposing graph analysis algorithms for intrusion detection. |
|---|