Provenance graph generation for intrusion detection

Provenance graph generation for intrusion detection

In today’s rapidly evolving threat landscape, the demand for robust defense mechanisms against zero-day attacks and other unforeseeable threats is escalating. As threat actors continually innovate, traditional security approaches struggle to keep pace, necessitating the exploration of novel strategi...

Full description

Saved in:
Bibliographic Details
Main Author: Lim, Janesse Ziyi
Other Authors: Ke Yiping, Kelly
Format: Final Year Project
Language:English
Published: Nanyang Technological University 2024
Subjects:
Computer and Information Science
Provenance graph
Intrusion detection
Online Access:https://hdl.handle.net/10356/175398
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Nanyang Technological University
Language: English
id sg-ntu-dr.10356-175398
record_format dspace
spelling sg-ntu-dr.10356-1753982024-04-26T15:45:12Z Provenance graph generation for intrusion detection Lim, Janesse Ziyi Ke Yiping, Kelly School of Computer Science and Engineering ypke@ntu.edu.sg Computer and Information Science Provenance graph Intrusion detection In today’s rapidly evolving threat landscape, the demand for robust defense mechanisms against zero-day attacks and other unforeseeable threats is escalating. As threat actors continually innovate, traditional security approaches struggle to keep pace, necessitating the exploration of novel strategies. Recent studies have highlighted the potential of provenance graphs in intrusion detection, showcasing their ability to achieve higher detection accuracy and lower false alarm rates compared to conventional system-call based methods. In this study, we aim to validate these findings by generating our own benign and malicious user scenarios. Leveraging the CamFlow provenance capture system, we will set up security-critical applications, design diverse intrusion scenarios, and simulate attacks. Subsequently, we will generate authentic provenance data for both benign and malicious cases, using them to evaluate state-of-the-art graph-based models. Performance assessment metrics such as detection rate, false alarm rate, detection time, and storage overhead will be employed to gauge the quality of the models. Through this investigation, we seek to contribute to the advancement of intrusion detection methodologies and enhance our understanding of provenance-based defense mechanisms. Bachelor's degree 2024-04-24T01:47:02Z 2024-04-24T01:47:02Z 2024 Final Year Project (FYP) Lim, J. Z. (2024). Provenance graph generation for intrusion detection. Final Year Project (FYP), Nanyang Technological University, Singapore. https://hdl.handle.net/10356/175398 https://hdl.handle.net/10356/175398 en SCSE23-0398 application/pdf Nanyang Technological University
institution Nanyang Technological University
building NTU Library
continent Asia
country Singapore
Singapore
content_provider NTU Library
collection DR-NTU
language English
topic Computer and Information Science
Provenance graph
Intrusion detection
spellingShingle Computer and Information Science
Provenance graph
Intrusion detection
Lim, Janesse Ziyi
Provenance graph generation for intrusion detection
description In today’s rapidly evolving threat landscape, the demand for robust defense mechanisms against zero-day attacks and other unforeseeable threats is escalating. As threat actors continually innovate, traditional security approaches struggle to keep pace, necessitating the exploration of novel strategies. Recent studies have highlighted the potential of provenance graphs in intrusion detection, showcasing their ability to achieve higher detection accuracy and lower false alarm rates compared to conventional system-call based methods. In this study, we aim to validate these findings by generating our own benign and malicious user scenarios. Leveraging the CamFlow provenance capture system, we will set up security-critical applications, design diverse intrusion scenarios, and simulate attacks. Subsequently, we will generate authentic provenance data for both benign and malicious cases, using them to evaluate state-of-the-art graph-based models. Performance assessment metrics such as detection rate, false alarm rate, detection time, and storage overhead will be employed to gauge the quality of the models. Through this investigation, we seek to contribute to the advancement of intrusion detection methodologies and enhance our understanding of provenance-based defense mechanisms.
author2 Ke Yiping, Kelly
author_facet Ke Yiping, Kelly
Lim, Janesse Ziyi
format Final Year Project
author Lim, Janesse Ziyi
author_sort Lim, Janesse Ziyi
title Provenance graph generation for intrusion detection
title_short Provenance graph generation for intrusion detection
title_full Provenance graph generation for intrusion detection
title_fullStr Provenance graph generation for intrusion detection
title_full_unstemmed Provenance graph generation for intrusion detection
title_sort provenance graph generation for intrusion detection
publisher Nanyang Technological University
publishDate 2024
url https://hdl.handle.net/10356/175398
_version_ 1814047395731734528

Similar Items